Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - DR M

Pages: 1 ... 109 110 [111] 112 113
1651
I think that autorun was enable before... Now it is disable because of the MCShield tool or the update? And something else: Disable autorun prevents a bad file from the stick run in the computer. Does this also prevent a bad file in the computer run in the stick?

SOS!

My computer problems became a serial...

Today, when I turn it on, a message ''Operating system not found'' appeared... I immediately turn it off, and then on again, and no message appeared...

Corrine, I don't know what to do... I need my computer these days, but I cannot work on it if I know there is a problem... I am in a panic...

1652
See if this helps ...

http://www.howtogeek.com/howto/windows/disable-autoplay-of-audio-cds-and-usb-drives/

Thanks, but it does not help, because is the same thing I have already done. Under Administrative Templates I only have Windows Components and nothing else.

Meanwhile, I installed the update Corrine suggested and I made a restart. Now? What happens next?

1653
According to the article the following path should lead to the disable autoran action:

Run, gpedit.msc, computer configuration, administrative templates, system, turn off autorun.

In my computer, after administrative tools there is no system option.

Anyway, I have download the update you told me and I will be back again.

1654
Just to ensure that autorun/autoplay is disabled on your computer, you may not have installed I suggest you check for either Update 953252 or Update 967715, described at How to disable the Autorun functionality in Windows.  If not installed, download and install the update from  here:  Download Details - Microsoft Download Center - Update for Windows XP (KB967715)

Thank You, for the Greek Microsoft's link!  :smiley:

I try to see if the autorun is disabled, but after administrator tamplates I cannot see the word system. So, I cannot go forward...

1655
I suspect it has to do with the change for autostart.  However, have you scanned the memory stick with Panda Global yet, as I suggested earlier?

Yes, I scanned my stick and it was clean. The stick I insert today was not mine (I had to transfer a folder to that) and MCShield found something and deleted it.

1656
Thank You All, about Your replies.

Another question about my infected computer, that now seems to be clean:

Today I insert a memory stick, and MCShield found something and cleaned it. Almost at the same time, a pop up appeared:

System Settings Change

Windows has finished installing new devices. The software that supports your device requires that you restart your computer, You must restart your computer before the new settings will take effect.

YES  NO

WHY? HAS TO DO WITH THE VIRUSES?

1657
Thanks for the info! I am getting wiser!  :hallo:

The total physical memory of my ex infected computer is 15 MB, available memory is 9 and and system cache memory is 4. Is it physical? 9+4<15...

1658
To the antivirus programs I used, add also BIT DEFENDER RESQUE DISK... It found out that the computer was clean!!!!! And it had a ROOTKIT!!!!

1659
Ok, I just made a scan with Panda, and the stick is clean.

Another question:  Why before, when my computer was infected, all the antivirus and antispyware programs showed that it was cleaned? (PANDA, KASPERSKY VIRUS REMOVAL, MBAM, SUPER ANTISPYWARE)

This means that we are so exposed to that malware? And what if all these antivirus programs show that a pc is clean, but actually is not? If I could have access to the internet, I wouldn't understand that I was infected! What are the symptoms of an infected computer? And why ESSET found the threats? Should we all buy ESSET and forget all the others?


(About the other computer: I will try to convice its owner to make a format... I hope she will not kill me... )

1660
Thank you, Corrine. I understand. So, when I insert the stick in the usb port, automatically the auto run serviced had been disabled by the tool. I just wondered if I can rely on it, because of the few seconds of the scan procedure. But it seems that the time does not matter.

I appreciate the fact that you tell me you are not 100% guarantee that both, pc and memory stick, are clean now. Although, I will trust you. Thus, if you tell me that I should better format the computer, I will do so.

Something to say about the other topic: Yes, the computer is not mine. It belongs to a friend, and I don't know the way she finds the software she needs. Although, I was the last person working on it, and it is almost obvious that the infection was my fault... You see, I tried to download the same thing I run in my computer... So I am responsible for the whole mess, I am very sorry about this, and I don't know what to do and what to say to her... You have right about cracks, torrents and stolen software. I didn't thought that this action is so severe and dangerous till now. I have taken my lesson with the hard way... Thank you about your honestly, advice and interest...

1661
The tool would have disabled autorun.  Thus, should there be any infected files on memory stick, they will not be able to run automatically.  You can certainly remove any files no longer needed or format the stick.  However, occasionally, formatting a memory stick will render it unreadable.

I didn't understand how these answer to my questions above... I am really sorry! (You must be patient with me... ) :winchesty73:

1662
Analysis and Malware Removal / Re: INFECTED PC NO2
« on: October 24, 2011, 05:36:57 PM »
Hi, DR M.

I will take a closer look at your logs later as I will be going out for a while.  In the meantime, please uninstall Java 2 Runtime Environment, SE v1.4.2_01.  If you need Java on this computer like the other, download and install Java SE Runtime Environment 6u27.   

Note:  UNCHECK any pre-checked toolbar and/or software options presented with the update.  They are not part of the software update and are completely optional.   

Also, what antivirus software/firewall were you using on this machine?




This pc, unfortunately is not mine, so I cannot work on it now. Tomorrow morning I will uninstall java. The pc has no antivirus. Only Super antispyware, which cannot run, because of the viruses, I guess...

1663
Thank you, once more.

I install the tool for cleaning my memory stick. I put it in and the scan started automatically. It is clean!  :dance:

I was surprised because the scan took only a few seconds. I can rely on it, right?

1664
Analysis and Malware Removal / Re: INFECTED PC NO2
« on: October 24, 2011, 07:59:12 AM »
I have made a combofix scan. The first time, it asked me about recovery console and I installed it. It then made a restart, but combofix did not started and no log was pop up. So I run combofix again, and after the restart the following log pop up:

COMBOFIX LOG REPORT:

ComboFix 11-10-21.05 - Administrator 10/24/2011   8:09.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1253.30.1033.18.1527.1135 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\PriceGong
c:\documents and settings\Administrator\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Administrator\Local Settings\Application Data\b706ff6c
c:\documents and settings\Administrator\Local Settings\Application Data\b706ff6c\@
c:\documents and settings\Administrator\Local Settings\Application Data\b706ff6c\U\80000000.@
c:\documents and settings\Administrator\Local Settings\Application Data\b706ff6c\U\800000cb.@
c:\documents and settings\Administrator\Local Settings\Application Data\b706ff6c\X
c:\documents and settings\Administrator\Local Settings\Application Data\promo.exe
c:\documents and settings\Administrator\Local Settings\Application Data\Setup.exe
c:\program files\messenger\msmsgsin.exe
c:\program files\msn\msncorefiles\custdial.dll
c:\program files\msn\msncorefiles\logonmgr.dll
c:\windows\
c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\system32\
c:\windows\system32\drivers\fad.sys
c:\windows\tsoc.log
.
Infected copy of c:\windows\system32\drivers\usbport.sys was found and disinfected
Restored copy from - The cat found it :)
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_b706ff6c
.
.
(((((((((((((((((((((((((   Files Created from 2011-09-24 to 2011-10-24  )))))))))))))))))))))))))))))))
.
.
2011-10-19 07:29 . 2011-10-19 07:29   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Babylon
2011-10-19 07:29 . 2011-10-19 07:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\Babylon
2011-10-19 07:29 . 2011-10-19 07:29   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Babylon
2011-10-12 07:25 . 2011-10-21 08:12   8192   ----a-w-   c:\windows\system32\srvany.exe
2011-10-12 07:25 . 2011-10-21 07:44   155648   ----a-w-   c:\windows\KMService.exe
2011-10-12 07:19 . 2011-10-12 07:19   --------   d-----w-   c:\program files\Microsoft Synchronization Services
2011-10-12 07:19 . 2011-10-12 07:19   --------   d-----w-   c:\program files\Microsoft.NET
2011-10-12 07:19 . 2011-10-12 07:19   --------   d-----w-   c:\program files\Microsoft SQL Server Compact Edition
2011-10-11 10:27 . 2011-10-11 10:27   --------   d-----w-   c:\program files\Microsoft Visual Studio 8
2011-10-10 10:16 . 2011-10-10 10:16   --------   d-----w-   c:\windows\system32\LogFiles
2011-10-07 06:14 . 2011-10-07 06:14   --------   d-----w-   C:\45715f4ec0da17e208362f20e593
2011-10-05 09:24 . 2011-10-05 09:24   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft_Research
2011-10-05 09:24 . 2011-10-05 09:24   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Plogue
2011-10-05 09:24 . 2011-10-05 09:24   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Songsmith
2011-10-05 09:19 . 2011-10-05 09:22   --------   d-----w-   c:\program files\Songsmith
2011-10-05 09:08 . 2011-10-07 06:14   --------   d-----w-   c:\windows\system32\XPSViewer
2011-10-05 09:07 . 2011-10-05 09:07   --------   d-----w-   c:\program files\Reference Assemblies
2011-10-05 09:07 . 2008-07-06 12:06   89088   ----a-w-   c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-10-05 09:07 . 2006-06-29 10:07   14048   ------w-   c:\windows\system32\spmsg2.dll
2011-10-04 09:31 . 2011-10-04 09:31   --------   d-----w-   c:\program files\uTorrent
2011-10-04 09:31 . 2011-10-05 08:58   --------   d-----w-   c:\documents and settings\Administrator\Application Data\uTorrent
2011-10-04 09:31 . 2011-10-04 09:31   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\uTorrent
2011-09-30 07:41 . 2011-09-30 07:41   --------   d-----w-   c:\program files\Κρεμάλα
2011-09-30 07:41 . 2011-09-30 07:41   --------   d-----w-   c:\windows\Κρεμάλα
2011-09-29 10:26 . 2011-09-30 10:27   --------   d-----w-   c:\program files\Hewlett-Packard
2011-09-29 10:25 . 2006-04-25 03:07   69120   ----a-w-   c:\windows\system32\Spool\prtprocs\w32x86\hpzpp43e.DLL
2011-09-29 10:25 . 2006-05-31 10:03   323584   ----a-r-   c:\windows\system32\hpbicoin.dll
2011-09-29 10:25 . 2011-09-29 10:25   --------   dc----w-   c:\windows\system32\DRVSTORE
2011-09-28 07:46 . 2011-09-28 07:46   --------   d-----w-   c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2011-09-26 10:13 . 2011-09-26 10:14   --------   d-----w-   c:\program files\Common Files\Adobe
2011-09-26 10:13 . 2011-09-26 10:15   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2011-09-26 09:26 . 2011-09-26 09:26   --------   d-----w-   c:\program files\Intelore
2011-09-26 08:41 . 2011-09-26 08:41   220160   ------w-   c:\windows\system32\dllcache\oleacc.dll
2011-09-26 08:41 . 2011-09-26 08:41   20480   ------w-   c:\windows\system32\dllcache\oleaccrc.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 08:41 . 2008-07-29 16:59   611328   ----a-w-   c:\windows\system32\uiautomationcore.dll
2011-09-26 08:41 . 2001-08-18 05:36   220160   ----a-w-   c:\windows\system32\oleacc.dll
2011-09-26 08:41 . 2001-08-18 05:35   20480   ----a-w-   c:\windows\system32\oleaccrc.dll
2011-09-16 09:48 . 2011-05-26 08:51   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12 . 2002-08-29 10:40   599040   ----a-w-   c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2002-08-29 09:14   1858944   ----a-w-   c:\windows\system32\win32k.sys
2011-09-05 13:56 . 2002-08-29 10:41   667136   ----a-w-   c:\windows\system32\wininet.dll
2011-09-05 13:56 . 2001-08-18 05:35   61952   ----a-w-   c:\windows\system32\tdc.ocx
2011-09-05 13:56 . 2011-01-21 06:10   81920   ------w-   c:\windows\system32\ieencode.dll
2011-09-05 12:35 . 2011-01-21 06:10   369664   ------w-   c:\windows\system32\html.iec
2011-08-17 13:49 . 2002-08-29 09:01   138496   ----a-w-   c:\windows\system32\drivers\afd.sys
2011-08-12 10:51 . 2011-01-21 06:05   26488   ----a-w-   c:\windows\system32\spupdsvc.exe
2011-09-03 06:01 . 2011-09-16 09:40   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-01-17 13:54   175912   ----a-w-   c:\program files\Freecorder\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 13:54   175912   ----a-w-   c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-03-11 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-03-11 114688]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_01\bin\jusched.exe" [2003-08-20 32873]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2002-05-28 69632]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2002-08-07 485376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 11:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:42   1695232   ----a-w-   c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 12:02   15141768   ----a-r-   c:\program files\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10w_Plugin.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Program Files\\Complitly\\InstTracker.exe"=
"c:\\Program Files\\Freecorder\\FCVideo.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 7:27 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/13/2011 12:55 AM 74480]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/22/2011 12:35 PM 136176]
S2 KMService;KMService;c:\windows\system32\srvany.exe [10/12/2011 10:25 AM 8192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/22/2011 12:35 PM 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 10:25 AM 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc790c11e5e7f0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-22 09:35]
.
2011-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-22 09:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933
mStart Page = hxxp://go.compaq.com/1Q00CDT/0409/bl7.asp
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.10.254
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\966rmx99.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-24 08:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(652)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
.
- - - - - - - > 'explorer.exe'(3000)
c:\documents and settings\Administrator\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-10-24  08:21:02 - machine was rebooted
ComboFix-quarantined-files.txt  2011-10-24 05:21
.
Pre-Run: 22,636,158,976 bytes free
Post-Run: 22,728,814,592 bytes free
.
- - End Of File - - 75A26516E01A25DD13899536F467D6CA


And then an ESSET online scan:


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=47965acecdd8514aa4219bfa3070086d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-24 07:03:01
# local_time=2011-10-24 10:03:01 (+0200, GTB Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 195 195 0 0
# scanned=67769
# found=26
# cleaned=0
# scan_time=3072
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\promo.exe.vir   Win32/TrojanDownloader.Adload.NIU trojan (unable to clean)   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\b706ff6c\X.vir   Win32/Sirefef.DD trojan (unable to clean)   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\ .vir   a variant of Win32/HackKMS.A application (unable to clean)   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\assembly\GAC_MSIL\desktop.ini.vir   a variant of Win32/Sirefef.CH trojan (unable to clean)   00000000000000000000000000000000   I
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP73\A0025735.exe   a variant of Win32/HackKMS.A application (unable to clean)   00000000000000000000000000000000   I
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP73\A0026570.exe   a variant of Win32/HackKMS.A application (unable to clean)   00000000000000000000000000000000   I
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP79\A0027088.exe   Win32/TrojanDownloader.Adload.NIW trojan (unable to clean)   00000000000000000000000000000000   I
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP79\A0027097.exe   a variant of Win32/HackKMS.A application (unable to clean)   00000000000000000000000000000000   I
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP79\A0029104.sys   a variant of Win32/Rootkit.Kryptik.EL trojan (unable to clean)   00000000000000000000000000000000   I
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP79\A0029105.ini   a variant of Win32/Sirefef.CH trojan (unable to clean)   00000000000000000000000000000000   I
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP80\A0030147.sys   a variant of Win32/Rootkit.Kryptik.EL trojan (unable to clean)   00000000000000000000000000000000   I
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP80\A0030148.ini   a variant of Win32/Sirefef.CH trojan (unable to clean)   00000000000000000000000000000000   I
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP80\A0031167.sys   a variant of Win32/Rootkit.Kryptik.EL trojan (unable to clean)   00000000000000000000000000000000   I
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP80\A0031168.ini   a variant of Win32/Sirefef.CH trojan (unable to clean)   00000000000000000000000000000000   I
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP80\A0031188.sys   a variant of Win32/Rootkit.Kryptik.EL trojan (unable to clean)   00000000000000000000000000000000   I
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP80\A0031189.ini   a variant of Win32/Sirefef.CH trojan (unable to clean)   00000000000000000000000000000000   I
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP80\A0032206.sys   a variant of Win32/Rootkit.Kryptik.EL trojan (unable to clean)   00000000000000000000000000000000   I
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP80\A0032207.ini   a variant of Win32/Sirefef.CH trojan (unable to clean)   00000000000000000000000000000000   I
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP80\A0032234.exe   a variant of Win32/Injector.BBZ trojan (unable to clean)   00000000000000000000000000000000   I
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP80\A0032239.exe   a variant of Win32/Injector.BBZ trojan (unable to clean)   00000000000000000000000000000000   I
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP80\A0032244.exe   a variant of Win32/Injector.BBZ trojan (unable to clean)   00000000000000000000000000000000   I
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP80\A0032245.exe   a variant of Win32/Injector.BBZ trojan (unable to clean)   00000000000000000000000000000000   I
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP80\A0033234.sys   a variant of Win32/Rootkit.Kryptik.EL trojan (unable to clean)   00000000000000000000000000000000   I
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP80\A0033235.ini   a variant of Win32/Sirefef.CH trojan (unable to clean)   00000000000000000000000000000000   I
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP81\A0034340.exe   Win32/TrojanDownloader.Adload.NIU trojan (unable to clean)   00000000000000000000000000000000   I
C:\WINDOWS\system32\drivers\netbt.sys   a variant of Win32/Rootkit.Kryptik.EL trojan (unable to clean)   00000000000000000000000000000000   I


I AM WAITING FOR YOUR REPLY!

1665
Analysis and Malware Removal / INFECTED PC NO2
« on: October 24, 2011, 07:53:30 AM »
Good morning, to All of You!

I think that similar viruses with those in my computer mentioned in my other topic, also got inside another computer I used.

HERE ARE THE LOG REPORTS:

A. SECURITY CHECK:

 Results of screen317's Security Check version 0.99.24 
 Windows XP Service Pack 3 x86   
 Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

 SUPERAntiSpyware Professional   
 Java 2 Runtime Environment, SE v1.4.2_01
  Adobe Flash Player (   10.3.183.7) Flash Player Out of Date! 
 Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check: 
objlist.exe by Laurent

``````````End of Log````````````


B. DDS 1

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 6.0.2900.5512
Run by Administrator at 7:50:35 on 2011-10-24
Microsoft Windows XP Professional  5.1.2600.3.1253.30.1033.18.1527.1248 [GMT 3:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\1828652727:1224278163.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933
uSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
mStart Page = hxxp://go.compaq.com/1Q00CDT/0409/bl7.asp
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll
uWinlogon: Shell=c:\documents and settings\administrator\local settings\application data\b706ff6c\X
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Complitly: {d27fc31c-6e3d-4305-8d53-acdaefa5f862} - c:\documents and settings\administrator\application data\complitly\Complitly.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_01\bin\jusched.exe
mRun: [DrvLsnr] c:\program files\analog devices\soundmax\DrvLsnr.exe
mRun: [srmclean] c:\cpqs\scom\srmclean.exe
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
TCP: DhcpNameServer = 192.168.10.254
TCP: Interfaces\{F9E43B5C-D8CC-4758-AB5D-574AAC721C8C} : DhcpNameServer = 192.168.10.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
LSA: Authentication Packages = msv1_0 nwprovau
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\966rmx99.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 74480]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-22 136176]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2011-10-12 8192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-22 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
.
=============== Created Last 30 ================
.
2011-10-19 07:29:53   --------   d-----w-   c:\documents and settings\administrator\local settings\application data\Babylon
2011-10-19 07:29:52   --------   d-----w-   c:\documents and settings\all users\application data\Babylon
2011-10-19 07:29:52   --------   d-----w-   c:\documents and settings\administrator\application data\Babylon
2011-10-19 07:28:10   --------   d-sh--w-   c:\documents and settings\administrator\local settings\application data\b706ff6c
2011-10-13 09:54:44   2167024   ----a-w-   c:\documents and settings\administrator\local settings\application data\setup.exe
2011-10-13 09:54:21   459088   ----a-w-   c:\documents and settings\administrator\local settings\application data\promo.exe
2011-10-12 07:25:09   8192   ----a-w-   c:\windows\system32\srvany.exe
2011-10-12 07:25:09   155648   ----a-w-   c:\windows\KMService.exe
2011-10-12 07:19:28   --------   d-----w-   c:\program files\Microsoft Synchronization Services
2011-10-12 07:19:08   --------   d-----w-   c:\program files\Microsoft SQL Server Compact Edition
2011-10-11 10:27:43   --------   d-----w-   c:\program files\Microsoft Visual Studio 8
2011-10-10 10:16:33   --------   d-----w-   c:\windows\system32\LogFiles
2011-10-07 06:14:05   --------   d-----w-   C:\45715f4ec0da17e208362f20e593
2011-10-05 09:24:16   --------   d-----w-   c:\documents and settings\administrator\local settings\application data\Microsoft_Research
2011-10-05 09:24:09   --------   d-----w-   c:\documents and settings\administrator\application data\Plogue
2011-10-05 09:24:00   --------   d-----w-   c:\documents and settings\administrator\local settings\application data\Songsmith
2011-10-05 09:19:17   --------   d-----w-   c:\program files\Songsmith
2011-10-05 09:08:30   --------   d-----w-   c:\windows\system32\XPSViewer
2011-10-05 09:07:47   89088   ----a-w-   c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-10-05 09:07:29   14048   ------w-   c:\windows\system32\spmsg2.dll
2011-10-04 09:31:41   --------   d-----w-   c:\program files\uTorrent
2011-10-04 09:31:11   --------   d-----w-   c:\documents and settings\administrator\local settings\application data\uTorrent
2011-10-04 09:31:11   --------   d-----w-   c:\documents and settings\administrator\application data\uTorrent
2011-10-03 09:37:35   --------   d-----w-   c:\documents and settings\administrator\application data\PriceGong
2011-09-30 07:41:21   --------   d-----w-   c:\windows\Κρεμάλα
2011-09-30 07:41:21   --------   d-----w-   c:\program files\Κρεμάλα
2011-09-29 10:25:37   69120   ----a-w-   c:\windows\system32\spool\prtprocs\w32x86\hpzpp43e.DLL
2011-09-29 10:25:36   323584   ----a-r-   c:\windows\system32\hpbicoin.dll
2011-09-26 10:13:15   --------   d-----w-   c:\documents and settings\administrator\local settings\application data\Adobe
2011-09-26 09:26:37   --------   d-----w-   c:\program files\Intelore
2011-09-26 08:41:20   220160   ------w-   c:\windows\system32\dllcache\oleacc.dll
2011-09-26 08:41:14   20480   ------w-   c:\windows\system32\dllcache\oleaccrc.dll
.
==================== Find3M  ====================
.
2011-09-26 08:41:20   611328   ----a-w-   c:\windows\system32\uiautomationcore.dll
2011-09-26 08:41:20   220160   ----a-w-   c:\windows\system32\oleacc.dll
2011-09-26 08:41:14   20480   ----a-w-   c:\windows\system32\oleaccrc.dll
2011-09-16 09:48:37   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12:13   599040   ----a-w-   c:\windows\system32\crypt32.dll
2011-09-06 13:20:51   1858944   ----a-w-   c:\windows\system32\win32k.sys
2011-09-05 13:56:22   667136   ----a-w-   c:\windows\system32\wininet.dll
2011-09-05 13:56:22   61952   ----a-w-   c:\windows\system32\tdc.ocx
2011-09-05 13:56:21   81920   ------w-   c:\windows\system32\ieencode.dll
2011-09-05 12:35:09   369664   ------w-   c:\windows\system32\html.iec
2011-08-17 13:49:54   138496   ----a-w-   c:\windows\system32\drivers\afd.sys
2011-08-12 10:51:26   26488   ----a-w-   c:\windows\system32\spupdsvc.exe
.
============= FINISH:  7:51:17.81 ===============


C. DDS 2

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/22/2010 1:27:25 PM
System Uptime: 10/24/2011 7:43:21 AM (0 hours ago)
.
Motherboard: Hewlett-Packard |  | 085Ch
Processor:               Intel(R) Pentium(R) 4 CPU 2.80GHz | XU1 PROCESSOR | 2793/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 22.712 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP45: 9/16/2011 9:24:24 AM - System Checkpoint
RP46: 9/19/2011 9:52:20 AM - Software Distribution Service 3.0
RP47: 9/20/2011 11:04:43 AM - System Checkpoint
RP48: 9/21/2011 8:04:16 AM - Software Distribution Service 3.0
RP49: 9/22/2011 12:10:34 PM - System Checkpoint
RP50: 9/26/2011 8:07:20 AM - System Checkpoint
RP51: 9/26/2011 1:13:48 PM - Installed Adobe Reader 9.4.0.
RP52: 9/28/2011 11:01:28 AM - System Checkpoint
RP53: 9/29/2011 11:54:44 AM - System Checkpoint
RP54: 9/29/2011 1:25:12 PM - Installed HP Standard Port Monitor
RP55: 9/29/2011 1:29:55 PM - Installed HP Standard Port Monitor
RP56: 9/29/2011 1:31:46 PM - Installed HP Standard Port Monitor
RP57: 9/30/2011 1:07:12 PM - Installed HP Standard Port Monitor
RP58: 9/30/2011 1:26:22 PM - Installed HP Standard Port Monitor
RP59: 9/30/2011 1:27:18 PM - Installed User Guide
RP60: 9/30/2011 1:27:25 PM - Installed Install Notes
RP61: 10/3/2011 9:51:19 AM - System Checkpoint
RP62: 10/4/2011 11:21:44 AM - System Checkpoint
RP63: 10/5/2011 12:07:29 PM - Installed %1 %2.
RP64: 10/5/2011 12:07:35 PM - Printer Driver Microsoft XPS Document Writer Installed
RP65: 10/5/2011 12:19:15 PM - Installed Songsmith
RP66: 10/7/2011 9:10:30 AM - Software Distribution Service 3.0
RP67: 10/10/2011 7:52:16 AM - Printer Driver Microsoft XPS Document Writer Installed
RP68: 10/10/2011 1:08:13 PM - Software Distribution Service 3.0
RP69: 10/11/2011 7:55:34 AM - Software Distribution Service 3.0
RP70: 10/11/2011 1:26:12 PM - Installed Microsoft Office Language Pack 2010 - Greek/Ελληνικά
RP71: 10/11/2011 1:32:08 PM - Printer Driver Send To Microsoft OneNote 2010 Driver Installed
RP72: 10/12/2011 10:14:12 AM - Uninstalled with Total Uninstall "Microsoft .NET Framework 3.0 Service Pack 2"
RP73: 10/12/2011 10:15:17 AM - Installed Microsoft Office Professional Plus 2010
RP74: 10/12/2011 10:40:30 AM - Uninstalled with Total Uninstall "Babylon toolbar on IE"
RP75: 10/12/2011 10:42:02 AM - Uninstalled with Total Uninstall "EasyDownloads - fastest downloads in two clicks!"
RP76: 10/13/2011 7:51:05 AM - Software Distribution Service 3.0
RP77: 10/13/2011 12:57:47 PM - Installed Windows XP KB942288-v3.
RP78: 10/13/2011 1:03:02 PM - Uninstalled with Total Uninstall "DownVision"
RP79: 10/19/2011 10:33:55 AM - Uninstalled with Total Uninstall "EasyDownloads - fastest downloads in two clicks!"
RP80: 10/20/2011 11:22:38 AM - Restore Operation
.
==== Installed Programs ======================
.
µTorrent
Κρεμάλα
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Audacity 1.2.6
Broadcom Management Programs
Click to Call with Skype
Complitly
Conduit Engine
Finale 2009
Finale 2011
Freecorder 5
Freecorder Toolbar
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
HP Color LaserJet CP4005
HP LaserJet Fonts
Install Notes
Intel(R) Extreme Graphics Driver
InterVideo WinDVD
Java 2 Runtime Environment, SE v1.4.2_01
Kidspiration 3 IE
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2010
Microsoft Office Access MUI (Greek) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Excel MUI (Greek) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office Groove MUI (Greek) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office InfoPath MUI (Greek) 2010
Microsoft Office Language Pack 2010 - Greek/Ελληνικά
Microsoft Office O MUI (Greek) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office OneNote MUI (Greek) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office Outlook MUI (Greek) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint MUI (Greek) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Greek) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing (Greek) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Publisher MUI (Greek) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared MUI (Greek) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer MUI (Greek) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office Word MUI (Greek) 2010
Microsoft Office X MUI (Greek) 2010
Microsoft Software Update for Web Folders  (English) 14
Microsoft Software Update for Web Folders  (Greek) 14
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox 6.0.2 (x86 en-US)
MSXML 6.0 Parser (KB925673)
RAR Password Recovery v1.1 RC16 (remove only)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Skype™ 5.3
Software Setup
Songsmith
SoundMAX
SUPERAntiSpyware Professional
Text to Speech XP
Total Uninstall 5.2.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2616676)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Guide
VLC media player 1.1.0
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
10/21/2011 1:43:13 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the KMService service to connect.
10/21/2011 1:43:13 PM, error: Service Control Manager [7000]  - The SoundMAX Agent Service service failed to start due to the following error:  Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
10/21/2011 1:43:13 PM, error: Service Control Manager [7000]  - The Pml Driver HPZ12 service failed to start due to the following error:  Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
10/21/2011 1:43:13 PM, error: Service Control Manager [7000]  - The KMService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/20/2011 8:11:18 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
10/20/2011 8:11:18 AM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error:  A device attached to the system is not functioning.
10/20/2011 8:11:18 AM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
10/20/2011 8:11:18 AM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
10/20/2011 8:11:18 AM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
10/20/2011 8:11:15 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/20/2011 8:11:15 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/20/2011 7:49:56 AM, error: Service Control Manager [7023]  - The Network Location Awareness (NLA) service terminated with the following error:  The specified procedure could not be found.
10/20/2011 7:49:48 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Altiris Client Service service to connect.
10/20/2011 7:49:48 AM, error: Service Control Manager [7000]  - The Altiris Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/20/2011 7:49:19 AM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'netbt.sys' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
10/20/2011 11:59:57 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Fips intelppm SASDIFSV SASKUTIL
10/20/2011 11:17:41 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
.
==== End Of File ===========================



Pages: 1 ... 109 110 [111] 112 113