BleepingComputer.com: firewall got error code no ox80070424

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

firewall got error code no ox80070424 cant open firewall at all

#1 User is offline   M.H 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 09-January 12

Posted 10 January 2012 - 06:03 AM

hi guys

i got error code no ox80070424 in firewall

so i cant open it at all. i guess that i infected with some kind of spy or viures... plz need u help

this is the report that i got it from Combofix after run it and finished :

ComboFix 12-01-09.07 - User 10/01/2012 14:09:18.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1256.20.1033.18.1974.1103 [GMT 8:00]
Running from: c:\users\User\Documents\Downloads\Programs\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\plugins\npuuseep.dll
c:\program files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
c:\users\Administrator\AppData\Roaming\IDM\idmmzcc3
c:\users\Administrator\AppData\Roaming\IDM\idmmzcc3\chrome.manifest
c:\users\Administrator\AppData\Roaming\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\users\Administrator\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
c:\users\Administrator\AppData\Roaming\IDM\idmmzcc3\components\iIDMMzCC.xpt
c:\users\Administrator\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper.js
c:\users\Administrator\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper2.js
c:\users\Administrator\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc.dll
c:\users\Administrator\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper.xpt
c:\users\Administrator\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper2.xpt
c:\users\Administrator\AppData\Roaming\IDM\idmmzcc3\components2\iIDMMzCC.xpt
c:\users\Administrator\AppData\Roaming\IDM\idmmzcc3\install.js
c:\users\Administrator\AppData\Roaming\IDM\idmmzcc3\install.rdf
c:\users\Administrator\AppData\Roaming\IDM\idmmzcc3\META-INF\manifest.mf
c:\users\Administrator\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\users\Administrator\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.sf
c:\users\User\AppData\Local\assembly\tmp
c:\users\User\AppData\Roaming\.#
c:\users\User\AppData\Roaming\.#\MBX@26F8@1E91F58.###
c:\users\User\AppData\Roaming\.#\MBX@26F8@1E91F68.###
c:\users\User\AppData\Roaming\.#\MBX@26F8@1E91F78.###
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wjk8cltn.default\searchplugins\SearchquWebSearch.xml
c:\users\User\rundll32.exe
c:\windows\$NtUninstallKB48587$
c:\windows\$NtUninstallKB48587$\572721561
c:\windows\iun6002.exe
c:\windows\ST6UNST.000
c:\windows\struct~.ini
c:\windows\system32\1.txt
c:\windows\system32\gtapi_signed.dll
c:\windows\system32\nsis_loader.dll
c:\windows\XSxS
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.afd
.
.
((((((((((((((((((((((((( Files Created from 2011-12-10 to 2012-01-10 )))))))))))))))))))))))))))))))
.
.
2012-01-10 06:21 . 2012-01-10 06:21 77824 ----a-w- c:\windows\Keygen.exe
2012-01-10 06:20 . 2012-01-10 06:22 -------- d-----w- c:\users\User\AppData\Local\temp
2012-01-10 06:20 . 2012-01-10 06:20 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-01-10 06:20 . 2012-01-10 06:20 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-01-10 06:20 . 2012-01-10 06:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-10 06:20 . 2012-01-10 06:20 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-01-10 06:07 . 2012-01-10 06:21 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7612C1A5-FEE6-4B8D-B222-B45294A3C751}\offreg.dll
2012-01-10 05:37 . 2011-12-12 10:13 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\users\User\AppData\Roaming\RealNetworks
2012-01-08 23:41 . 2011-11-20 18:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7612C1A5-FEE6-4B8D-B222-B45294A3C751}\mpengine.dll
2011-12-28 02:07 . 2011-12-28 02:07 -------- d-----w- c:\users\User\AppData\Local\DDMSettings
2011-12-28 02:04 . 2011-12-28 02:04 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-12-28 01:46 . 2011-12-28 02:04 -------- d-----w- c:\program files\DivX
2011-12-28 01:43 . 2011-12-28 02:04 -------- d-----w- c:\programdata\DivX
2011-12-27 00:42 . 2011-11-20 18:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-26 06:32 . 2011-12-26 06:32 472576 ----a-w- c:\windows\AutoKMS.exe
2011-12-26 06:26 . 2011-12-26 06:26 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-12-26 06:25 . 2011-12-26 06:25 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-12-26 06:24 . 2011-12-26 06:24 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-12-26 06:24 . 2011-12-26 06:27 -------- d-----w- c:\windows\SHELLNEW
2011-12-25 15:32 . 2011-12-25 15:46 -------- d-----w- c:\users\User\AppData\Local\Facebook
2011-12-25 00:59 . 2011-12-25 00:59 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF04AD16-196B-41B3-91C4-FEDDBFE2DAEA}\gapaengine.dll
2011-12-25 00:30 . 2011-12-25 00:31 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-24 23:34 . 2011-12-24 23:34 -------- d-----w- c:\program files\ESET
2011-12-24 10:57 . 2011-12-24 10:57 -------- d-----w- c:\programdata\SUPERSetup
2011-12-24 10:32 . 2011-12-24 10:32 -------- d-----w- c:\users\User\AppData\Roaming\SUPERAntiSpyware.com
2011-12-24 10:32 . 2011-12-24 10:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-24 10:32 . 2011-12-24 10:32 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-23 10:20 . 2011-12-23 10:20 388096 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-23 10:20 . 2011-12-23 10:20 -------- d-----w- c:\program files\Trend Micro
2011-12-19 23:11 . 2011-12-19 23:11 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2011-12-19 23:11 . 2011-12-19 23:11 -------- d-----w- c:\program files\Common Files\xing shared
2011-12-19 23:10 . 2011-12-19 23:10 150696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2011-12-19 23:10 . 2011-12-19 23:10 108544 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2011-12-18 07:23 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-18 07:23 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-18 07:23 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-18 07:23 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-18 07:23 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-18 07:23 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-17 19:22 . 2011-12-17 19:22 -------- d-----w- c:\program files\Babylon
2011-12-15 06:14 . 2011-12-15 06:14 45056 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe
2011-12-13 15:30 . 2011-12-13 15:30 -------- d-----w- c:\users\User\AppData\Local\Macromedia
2011-12-13 15:25 . 2011-12-13 15:29 -------- d-----w- c:\users\User\AppData\Roaming\iSpring Solutions
2011-12-13 05:56 . 2011-12-13 05:56 -------- d-----w- c:\program files\Opera
2011-12-12 10:25 . 2011-12-25 02:26 -------- d-----w- c:\programdata\AVAST Software
2011-12-12 10:25 . 2011-12-12 10:25 -------- d-----w- c:\program files\AVAST Software
2011-12-12 08:15 . 2011-12-13 05:57 -------- d-sh--w- c:\users\User\AppData\Local\38787a4c
2011-12-12 07:02 . 2011-12-18 13:56 -------- d-----w- c:\users\User\AppData\Roaming\iMapBuilder
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-10 06:21 . 2011-11-01 14:01 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2011-12-19 23:10 . 2011-12-05 23:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-19 23:10 . 2011-12-05 23:52 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-12-17 01:13 . 2011-05-18 03:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 17:09 . 2011-11-25 17:17 89888 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2011-11-20 15:01 . 2011-11-20 14:59 28569 ----a-w- c:\programdata\1321795367.6060.bin
2011-11-20 15:01 . 2011-11-20 13:22 8623 ----a-w- c:\programdata\1321795367.5620.bin
2011-11-20 14:59 . 2011-11-20 13:22 291111 ----a-w- c:\programdata\1321795367.5420.bin
2011-11-20 14:59 . 2011-11-20 13:22 48826 ----a-w- c:\programdata\1321795367.5580.bin
2011-11-20 14:59 . 2011-11-20 13:24 35633 ----a-w- c:\programdata\1321795367.1252.bin
2011-11-20 14:00 . 2011-11-20 13:23 5072 ----a-w- c:\programdata\1321795367.5824.bin
2011-11-20 13:59 . 2011-11-20 13:26 1670 ----a-w- c:\programdata\1321795367.5584.bin
2011-11-20 13:26 . 2011-11-20 13:23 1698 ----a-w- c:\programdata\1321795367.2420.bin
2011-11-20 13:24 . 2011-11-20 13:24 4467 ----a-w- c:\programdata\1321795367.1272.bin
2011-11-20 13:23 . 2011-11-20 13:23 9323 ----a-w- c:\programdata\1321795367.5688.bin
2011-10-27 00:06 . 2011-10-27 00:10 8192 ----a-w- c:\windows\system32\srvany.exe
2011-11-21 04:04 . 2011-03-23 09:42 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Active Desktop Calendar"="c:\program files\XemiComputers\Active Desktop Calendar\ADC.exe" [2010-06-15 5730304]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-19 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-10-16 2363392]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-6 24242056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"= 0 (0x0)
"HideLogonScripts"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"PreventItemCreationInUsersFilesFolder"= 0 (0x0)
"NoReadingPane"= 0 (0x0)
"NoPreviewPane"= 0 (0x0)
"DontSetAutoplayCheckbox"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"DisableThumbnails"= 0 (0x0)
"DisableThumbnailsOnNetworkFolders"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"AlwaysShowClassicMenu"= 0 (0x0)
"ClearRecentProgForNewUserInStartMenu"= 0 (0x0)
"NoUserFolderInStartMenu"= 0 (0x0)
"NoSearchComputerLinkInStartMenu"= 0 (0x0)
"NoSearchProgramsInStartMenu"= 0 (0x0)
"NoSearchInternetInStartMenu"= 0 (0x0)
"NoSearchFilesInStartMenu"= 0 (0x0)
"NoSearchCommInStartMenu"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoStartMenuMyGames"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
"TaskbarNoNotification"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"TaskbarNoThumbnail"= 0 (0x0)
"TaskbarLockAll"= 0 (0x0)
"TaskbarNoResize"= 0 (0x0)
"TaskbarNoAddRemoveToolbar"= 0 (0x0)
"TaskbarNoDragToolbar"= 0 (0x0)
"TaskbarNoRedock"= 0 (0x0)
"RestrictWelcomeCenter"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoInplaceSharing"= 0 (0x0)
"UseFoldersInStartMenu"= 0 (0x0)
"TurnOffSPIAnimations"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThemesTab"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"DisallowRun"= 0 (0x0)
"NoRecycleFiles"= 0 (0x0)
"PreventItemCreationInUsersFilesFolder"= 0 (0x0)
"NoReadingPane"= 0 (0x0)
"NoPreviewPane"= 0 (0x0)
"DontSetAutoplayCheckbox"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"DisableThumbnails"= 0 (0x0)
"DisableThumbnailsOnNetworkFolders"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"AlwaysShowClassicMenu"= 0 (0x0)
"ClearRecentProgForNewUserInStartMenu"= 0 (0x0)
"NoUserFolderInStartMenu"= 0 (0x0)
"NoSearchComputerLinkInStartMenu"= 0 (0x0)
"NoSearchProgramsInStartMenu"= 0 (0x0)
"NoSearchInternetInStartMenu"= 0 (0x0)
"NoSearchFilesInStartMenu"= 0 (0x0)
"NoSearchCommInStartMenu"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoStartMenuMyGames"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideClock"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
"TaskbarNoNotification"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"TaskbarNoThumbnail"= 0 (0x0)
"TaskbarLockAll"= 0 (0x0)
"TaskbarNoResize"= 0 (0x0)
"TaskbarNoAddRemoveToolbar"= 0 (0x0)
"TaskbarNoDragToolbar"= 0 (0x0)
"TaskbarNoRedock"= 0 (0x0)
"RestrictWelcomeCenter"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoInplaceSharing"= 0 (0x0)
"UseFoldersInStartMenu"= 0 (0x0)
"TurnOffSPIAnimations"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 06:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-12-25 11:51 136176 ----atw- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\users\User\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-10-16 19:51 2363392 ------w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
2010-09-21 08:34 5360232 ------w- c:\program files\Realtek\Audio\HDA\RtkNGUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtkOSD]
2009-10-13 18:33 907264 ------w- c:\program files\Realtek\Audio\OSD\RtVOsd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-19 20:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2011-01-26 09:41 336384 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-05-27 14:31 1721640 ------w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]
2009-07-23 19:04 498744 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
"Google Update"="c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" -autorun
"00saskda"="c:\program files\PC Security Tweaker\newlock.exe" saskda
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
R1 MpKsl042a0d73;MpKsl042a0d73;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E61F5EBC-635A-496F-AF75-2FE0714ED85C}\MpKsl042a0d73.sys [x]
R1 MpKsl0ea1a573;MpKsl0ea1a573;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{25D4536E-C1D1-4014-9ED5-B5F48BA11323}\MpKsl0ea1a573.sys [x]
R1 MpKsl1a70529e;MpKsl1a70529e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B83B4FEB-4EDC-495E-9B2B-B8C3DB85053D}\MpKsl1a70529e.sys [x]
R1 MpKsl345ff89d;MpKsl345ff89d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{886DD63E-D195-4E84-976F-A24BFB3E90D1}\MpKsl345ff89d.sys [x]
R1 MpKsl43899752;MpKsl43899752;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{886DD63E-D195-4E84-976F-A24BFB3E90D1}\MpKsl43899752.sys [x]
R1 MpKsl4a8ec23b;MpKsl4a8ec23b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{886DD63E-D195-4E84-976F-A24BFB3E90D1}\MpKsl4a8ec23b.sys [x]
R1 MpKsl5970a414;MpKsl5970a414;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D5B6B6A-B584-465E-ACCA-2A5A9BBE258E}\MpKsl5970a414.sys [x]
R1 MpKsl607de73f;MpKsl607de73f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1EAA1983-1D00-4577-A711-8ECF1E8F155E}\MpKsl607de73f.sys [x]
R1 MpKsl60ddeaec;MpKsl60ddeaec;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E25BF4E5-F1A5-4443-A93E-AE7664DC8990}\MpKsl60ddeaec.sys [x]
R1 MpKsl6661e9cd;MpKsl6661e9cd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B140094-AE8C-44F4-8451-1AA23B17F346}\MpKsl6661e9cd.sys [x]
R1 MpKsl687ac184;MpKsl687ac184;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{238E4DFF-4C04-48BE-B47A-A2AB1F8625C6}\MpKsl687ac184.sys [x]
R1 MpKsl6e866b1a;MpKsl6e866b1a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E25BF4E5-F1A5-4443-A93E-AE7664DC8990}\MpKsl6e866b1a.sys [x]
R1 MpKsl88df4caa;MpKsl88df4caa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{251BC24C-E587-4269-8073-B7DD52FFACB7}\MpKsl88df4caa.sys [x]
R1 MpKsl8d9c778a;MpKsl8d9c778a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{286E863C-B7A1-43ED-BCB8-4DE91091D946}\MpKsl8d9c778a.sys [x]
R1 MpKsl9567116f;MpKsl9567116f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31FB6887-778C-4ED9-8497-77576E75C104}\MpKsl9567116f.sys [x]
R1 MpKsl9b901d22;MpKsl9b901d22;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B44C605-59D2-41DF-A7DC-F6FA70FADE00}\MpKsl9b901d22.sys [x]
R1 MpKsla7b51090;MpKsla7b51090;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E25BF4E5-F1A5-4443-A93E-AE7664DC8990}\MpKsla7b51090.sys [x]
R1 MpKslabab3215;MpKslabab3215;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1AE5E6F-18E4-409B-8F90-CB7BF9A60305}\MpKslabab3215.sys [x]
R1 MpKslb582f02f;MpKslb582f02f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFBBA462-5903-496D-BE39-DFB231A3590B}\MpKslb582f02f.sys [x]
R1 MpKslb7cfdd55;MpKslb7cfdd55;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{295D1F51-B3A9-42BA-BF48-FAD6131F73D7}\MpKslb7cfdd55.sys [x]
R1 MpKslbcdc4c83;MpKslbcdc4c83;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B83B4FEB-4EDC-495E-9B2B-B8C3DB85053D}\MpKslbcdc4c83.sys [x]
R1 MpKslbefbf21f;MpKslbefbf21f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E25BF4E5-F1A5-4443-A93E-AE7664DC8990}\MpKslbefbf21f.sys [x]
R1 MpKsld2abd823;MpKsld2abd823;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1FD448F7-BA44-4924-A22E-021C51895DB7}\MpKsld2abd823.sys [x]
R1 MpKsld62d777d;MpKsld62d777d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{295D1F51-B3A9-42BA-BF48-FAD6131F73D7}\MpKsld62d777d.sys [x]
R1 MpKsld64e2ccc;MpKsld64e2ccc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFBBA462-5903-496D-BE39-DFB231A3590B}\MpKsld64e2ccc.sys [x]
R1 MpKsle1d1e714;MpKsle1d1e714;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7612C1A5-FEE6-4B8D-B222-B45294A3C751}\MpKsle1d1e714.sys [x]
R1 MpKslf1182d05;MpKslf1182d05;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7612C1A5-FEE6-4B8D-B222-B45294A3C751}\MpKslf1182d05.sys [x]
R1 MpKslff73897f;MpKslff73897f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B44C605-59D2-41DF-A7DC-F6FA70FADE00}\MpKslff73897f.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-30 136176]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2011-10-27 8192]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-22 29472]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-30 136176]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-04-09 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-04-09 11104]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 174592]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-06 375808]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-19 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\BatteryCare\WinRing0.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-11-17 87968]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 176128]
R4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\g10\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [x]
R4 OracleServiceXE;OracleServiceXE;c:\g10\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [x]
R4 OracleXETNSListener;OracleXETNSListener;c:\g10\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-01 204800]
R4 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
R4 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 CronService;Cron Service for Prey;c:\program files\Prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 DeskSaverService;DeskSaverService;c:\program files\PC Security Tweaker\newlock.exe [2010-12-03 1459424]
S2 Firefox Service;Firefox Service;c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wjk8cltn.default\extensions\startup.service@mozilla.com\svc.exe [2011-03-10 83456]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-11-25 89888]
S2 SZASSIST;SecretZone Assist Service;c:\program files\Clarus\Samsung SecretZone\SZAssistSVC.exe [2010-08-30 90112]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-03-30 1523008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 7566848]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 238592]
S3 mdf16;mdf16;c:\program files\Clarus\Samsung SecretZone\mdf16.sys [2010-08-11 18288]
S3 mvd22;mvd22;c:\program files\Clarus\Samsung SecretZone\mvd22.sys [2010-08-11 70512]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-09 394856]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-02-10 10064]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IDMWFP
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 19:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-30 08:43]
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-30 08:43]
.
2012-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3631552745-2103473267-2274662419-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-25 11:51]
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3631552745-2103473267-2274662419-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-25 11:51]
.
2011-12-19 c:\windows\Tasks\HPCeeScheduleForUser.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
2012-01-05 c:\windows\Tasks\One-Click Tweak.job
- c:\program files\Advanced PC Tweaker\OneClick.exe [2011-04-21 10:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://startsear.ch/?aff=1&cf=e13ac9ee-dc7b-11e0-be4a-c80aa923d2da
mStart Page = hxxp://startsear.ch/?aff=1&cf=e13ac9ee-dc7b-11e0-be4a-c80aa923d2da
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download FLV videos with IDM from 10 last requested - c:\program files\Internet Download Manager\IEGetVL2.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.172 10.1.2.196
TCP: Interfaces\{95AACCE9-77AF-4500-A91F-340E59B42365}: NameServer = 10.101.150.11,10.101.150.15,10.1.2.11,10.2.1.252,10.2.1.156
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wjk8cltn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=1&cf=e13ac9ee-dc7b-11e0-be4a-c80aa923d2da
FF - prefs.js: keyword.URL - hxxps://encrypted.google.com/webhp?ie=UTF-8&oe=UTF-8
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
MSConfigStartUp-BatteryCare - c:\program files\BatteryCare\BatteryCare.exe
MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
AddRemove-المكتبة الشاملة - c:\windows\iun6002.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\User\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0055C089-8582-441B-A0BF-17B458C2A3A8}"=hex:51,66,7a,6c,4c,1d,38,12,e7,c3,46,
04,b0,cb,75,01,df,a9,54,f4,5d,9c,e7,bc
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,3b,1b,8f,83,90,
1c,e1,9e,33,02,a3,72,3f,0b,7f,29,a5,ac
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,3b,1b,a4,27,33,
43,e5,b1,93,0f,ba,a7,28,e9,ce,e3,c3,33
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2c,91,
68,f3,66,48,02,ac,f6,4c,fc,1f,7a,e6,61
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,dc,
c1,73,f2,31,0c,a7,7b,db,65,c3,87,cd,b6
"{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}"=hex:51,66,7a,6c,4c,1d,3b,1b,fb,b9,16,
c7,cb,1c,0a,02,82,d7,a1,3f,94,0e,ed,0c
"{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}"=hex:51,66,7a,6c,4c,1d,3b,1b,d0,90,4e,
fb,20,d3,cb,0d,9a,e5,9b,d4,ee,58,8a,0f
"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,3b,1b,12,eb,28,
f9,73,8f,70,09,98,ff,c6,df,74,e3,dc,e7
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=hex:51,66,7a,6c,4c,1d,3b,1b,ff,59,ee,
3b,5b,61,39,02,80,00,cd,c9,d1,60,d5,77
"{EE9A4208-64EC-11DE-8440-204256D89593}"=hex:51,66,7a,6c,4c,1d,3b,1b,18,5f,8e,
f4,da,32,b4,5e,9f,4f,67,02,54,9a,d0,8c
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c3,fe,
a7,53,94,ba,5e,a7,e2,47,e0,cb,48,f0,10
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,07,40,
30,c0,0d,0f,09,b3,ac,88,e9,65,6c,07,8e
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,83,11,
e5,6c,9a,44,01,a4,34,d1,a9,2b,94,10,1c
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"=hex:51,66,7a,6c,4c,1d,38,12,55,e2,d0,
7e,f8,75,36,04,cc,26,b5,2d,be,5d,85,a1
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a9,5d,2f,b1,a7,a7,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e5,a8,03,3b,99,3e,e8,44,a9,4d,68,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e5,a8,03,3b,99,3e,e8,44,a9,4d,68,\
.
[HKEY_USERS\S-1-5-21-3631552745-2103473267-2274662419-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):31,ad,75,ac,99,82,c5,cf,7c,36,88,06,a5,4c,30,bf,23,b7,b3,4f,ec,
56,37,01,59,ee,bd,c3,f5,fa,cc,33,5e,3e,23,3f,71,33,f2,36,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2624)
c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Live\Family Safety\fsssvc.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-01-10 14:26:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-10 06:26
.
Pre-Run: 26,976,198,656 bytes free
Post-Run: 26,771,030,016 bytes free
.
- - End Of File - - 3965680A085C06B8106C2EFEA5068CE0

This post has been edited by hamluis: 10 January 2012 - 02:15 PM
Reason for edit: Moved from Am I Infected to Malware Removal Logs.

#2 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,524
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 11 January 2012 - 12:00 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK

    Do not re-enable these drivers until otherwise instructed.


Download DDS:

    Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt

    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply


information and logs:

    In your next post I need the following

    • .logs from DDS
    • let me know of any problems you may have had


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#3 User is offline   M.H 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 09-January 12

Posted 11 January 2012 - 08:34 AM

thanks Gringo for your helping me & others

this is attach.txt output :

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 18/5/2010 1:38:30 PM
System Uptime: 11/1/2012 5:47:13 PM (4 hours ago)
.
Motherboard: Hewlett-Packard | | 1426
Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz | CPU | 2133/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 156 GiB total, 23.681 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.887 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.091 GiB free.
F: is CDROM ()
G: is FIXED (NTFS) - 130 GiB total, 3.39 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslbefbf21f
Device ID: ROOT\LEGACY_MPKSLBEFBF21F\0000
Manufacturer:
Name: MpKslbefbf21f
PNP Device ID: ROOT\LEGACY_MPKSLBEFBF21F\0000
Service: MpKslbefbf21f
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl60ddeaec
Device ID: ROOT\LEGACY_MPKSL60DDEAEC\0000
Manufacturer:
Name: MpKsl60ddeaec
PNP Device ID: ROOT\LEGACY_MPKSL60DDEAEC\0000
Service: MpKsl60ddeaec
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsld2abd823
Device ID: ROOT\LEGACY_MPKSLD2ABD823\0000
Manufacturer:
Name: MpKsld2abd823
PNP Device ID: ROOT\LEGACY_MPKSLD2ABD823\0000
Service: MpKsld2abd823
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl6661e9cd
Device ID: ROOT\LEGACY_MPKSL6661E9CD\0000
Manufacturer:
Name: MpKsl6661e9cd
PNP Device ID: ROOT\LEGACY_MPKSL6661E9CD\0000
Service: MpKsl6661e9cd
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl042a0d73
Device ID: ROOT\LEGACY_MPKSL042A0D73\0000
Manufacturer:
Name: MpKsl042a0d73
PNP Device ID: ROOT\LEGACY_MPKSL042A0D73\0000
Service: MpKsl042a0d73
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsld62d777d
Device ID: ROOT\LEGACY_MPKSLD62D777D\0000
Manufacturer:
Name: MpKsld62d777d
PNP Device ID: ROOT\LEGACY_MPKSLD62D777D\0000
Service: MpKsld62d777d
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl687ac184
Device ID: ROOT\LEGACY_MPKSL687AC184\0000
Manufacturer:
Name: MpKsl687ac184
PNP Device ID: ROOT\LEGACY_MPKSL687AC184\0000
Service: MpKsl687ac184
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsld64e2ccc
Device ID: ROOT\LEGACY_MPKSLD64E2CCC\0000
Manufacturer:
Name: MpKsld64e2ccc
PNP Device ID: ROOT\LEGACY_MPKSLD64E2CCC\0000
Service: MpKsld64e2ccc
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl6e866b1a
Device ID: ROOT\LEGACY_MPKSL6E866B1A\0000
Manufacturer:
Name: MpKsl6e866b1a
PNP Device ID: ROOT\LEGACY_MPKSL6E866B1A\0000
Service: MpKsl6e866b1a
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl0ea1a573
Device ID: ROOT\LEGACY_MPKSL0EA1A573\0000
Manufacturer:
Name: MpKsl0ea1a573
PNP Device ID: ROOT\LEGACY_MPKSL0EA1A573\0000
Service: MpKsl0ea1a573
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsle1d1e714
Device ID: ROOT\LEGACY_MPKSLE1D1E714\0000
Manufacturer:
Name: MpKsle1d1e714
PNP Device ID: ROOT\LEGACY_MPKSLE1D1E714\0000
Service: MpKsle1d1e714
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl88df4caa
Device ID: ROOT\LEGACY_MPKSL88DF4CAA\0000
Manufacturer:
Name: MpKsl88df4caa
PNP Device ID: ROOT\LEGACY_MPKSL88DF4CAA\0000
Service: MpKsl88df4caa
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslf1182d05
Device ID: ROOT\LEGACY_MPKSLF1182D05\0000
Manufacturer:
Name: MpKslf1182d05
PNP Device ID: ROOT\LEGACY_MPKSLF1182D05\0000
Service: MpKslf1182d05
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl8d9c778a
Device ID: ROOT\LEGACY_MPKSL8D9C778A\0000
Manufacturer:
Name: MpKsl8d9c778a
PNP Device ID: ROOT\LEGACY_MPKSL8D9C778A\0000
Service: MpKsl8d9c778a
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl1a70529e
Device ID: ROOT\LEGACY_MPKSL1A70529E\0000
Manufacturer:
Name: MpKsl1a70529e
PNP Device ID: ROOT\LEGACY_MPKSL1A70529E\0000
Service: MpKsl1a70529e
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslff73897f
Device ID: ROOT\LEGACY_MPKSLFF73897F\0000
Manufacturer:
Name: MpKslff73897f
PNP Device ID: ROOT\LEGACY_MPKSLFF73897F\0000
Service: MpKslff73897f
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl9567116f
Device ID: ROOT\LEGACY_MPKSL9567116F\0000
Manufacturer:
Name: MpKsl9567116f
PNP Device ID: ROOT\LEGACY_MPKSL9567116F\0000
Service: MpKsl9567116f
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl9b901d22
Device ID: ROOT\LEGACY_MPKSL9B901D22\0000
Manufacturer:
Name: MpKsl9b901d22
PNP Device ID: ROOT\LEGACY_MPKSL9B901D22\0000
Service: MpKsl9b901d22
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl345ff89d
Device ID: ROOT\LEGACY_MPKSL345FF89D\0000
Manufacturer:
Name: MpKsl345ff89d
PNP Device ID: ROOT\LEGACY_MPKSL345FF89D\0000
Service: MpKsl345ff89d
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslabab3215
Device ID: ROOT\LEGACY_MPKSLABAB3215\0000
Manufacturer:
Name: MpKslabab3215
PNP Device ID: ROOT\LEGACY_MPKSLABAB3215\0000
Service: MpKslabab3215
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl43899752
Device ID: ROOT\LEGACY_MPKSL43899752\0000
Manufacturer:
Name: MpKsl43899752
PNP Device ID: ROOT\LEGACY_MPKSL43899752\0000
Service: MpKsl43899752
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslb0002297
Device ID: ROOT\LEGACY_MPKSLB0002297\0000
Manufacturer:
Name: MpKslb0002297
PNP Device ID: ROOT\LEGACY_MPKSLB0002297\0000
Service: MpKslb0002297
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl4a8ec23b
Device ID: ROOT\LEGACY_MPKSL4A8EC23B\0000
Manufacturer:
Name: MpKsl4a8ec23b
PNP Device ID: ROOT\LEGACY_MPKSL4A8EC23B\0000
Service: MpKsl4a8ec23b
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslb582f02f
Device ID: ROOT\LEGACY_MPKSLB582F02F\0000
Manufacturer:
Name: MpKslb582f02f
PNP Device ID: ROOT\LEGACY_MPKSLB582F02F\0000
Service: MpKslb582f02f
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl5970a414
Device ID: ROOT\LEGACY_MPKSL5970A414\0000
Manufacturer:
Name: MpKsl5970a414
PNP Device ID: ROOT\LEGACY_MPKSL5970A414\0000
Service: MpKsl5970a414
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslb7cfdd55
Device ID: ROOT\LEGACY_MPKSLB7CFDD55\0000
Manufacturer:
Name: MpKslb7cfdd55
PNP Device ID: ROOT\LEGACY_MPKSLB7CFDD55\0000
Service: MpKslb7cfdd55
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslbcdc4c83
Device ID: ROOT\LEGACY_MPKSLBCDC4C83\0000
Manufacturer:
Name: MpKslbcdc4c83
PNP Device ID: ROOT\LEGACY_MPKSLBCDC4C83\0000
Service: MpKslbcdc4c83
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl607de73f
Device ID: ROOT\LEGACY_MPKSL607DE73F\0000
Manufacturer:
Name: MpKsl607de73f
PNP Device ID: ROOT\LEGACY_MPKSL607DE73F\0000
Service: MpKsl607de73f
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
المكتبة الشاملة
7-Zip 9.13 beta
Active Desktop Calendar 7.93
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color Video Profiles CS CS4
Adobe Community Help
Adobe CSI CS4
Adobe Default Language CS4
Adobe Download Assistant
Adobe ExtendScript Toolkit CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4 Support
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Widget Browser
Adobe WinSoft Linguistics Plugin
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced SystemCare 3
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
ATI Catalyst Install Manager
ATI Stream SDK v2 Developer
Broadcom 2070 Bluetooth 2.1 + EDR
Cambridge Advanced Learner's Dictionary
CamStudio
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner (remove only)
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 8
CyberLink YouCam
D3DX10
DivX Setup
Dropbox
EAP-GTC
ESET Online Scanner v3
ESU for Microsoft Windows 7
Fences
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 5.2.0603
Foxit Reader 5.1
Game Booster
GOM Player
Google Chrome
Google Earth Plug-in
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
Hard Disk Low Level Format Tool 2.36 build 1181
HDDlife Pro 3.1
HiJackThis
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
HP Advisor
HP Customer Experience Enhancements
HP Quick Launch Buttons
HP Setup
HP Support Assistant
HP Update
HP User Guides 0179
HP Wireless Assistant
HPAsset component for HP Active Support Library
Intel® Management Engine Components
Intel® Turbo Boost Technology Driver
Intel® Matrix Storage Manager
Internet Download Manager
ISO Recorder
Java Auto Updater
Java™ 7 Update
Java™ SE Development Kit 7
Junk Mail filter update
kuler
LabelPrint
LightScribe System Software
Macromedia Extension Manager
Macromedia Flash Player 8
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Browser
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Move Media Player
Mozilla Firefox 8.0.1 (x86 en-US)
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
Notepad++
NSS (remove only)
Oracle Data Provider for .NET Help
Oracle Database 10g Express Edition
PC Connectivity Solution
PC Security Tweaker
PDF Settings CS4
Photoshop Camera Raw
phpDesigner 7 version 7.2.5
Power2Go
PowerDirector
Presentation 3D version 11.04.19
Pro Evolution Soccer 2012
Pure Codec
QLBCASL
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Recovery Manager
Revo Uninstaller 1.91
RtVOsd
Samsung SecretZone
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
SES Driver
Skype™ 5.5
SoftStylus
Suite Shared Configuration CS4
Sunplus Spca536
SUPERAntiSpyware
Synaptics Pointing Device Driver
The KMPlayer (remove only)
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-GB)
TuneUp Utilities Language Pack (en-US)
TypingMaster Pro
Ubuntu
Unlocker 1.9.0
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VBA (2627.01)
VC80CRTRedist - 8.0.50727.6195
Veetle TV
VLC media player 1.0.5
vShare.tv plugin 1.3
WebEx Support Manager for Internet Explorer
Window Washer
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
WMV9/VC-1 Video Playback
WordFlood 1.2 (remove only)
XAMPP 1.7.7
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
9/1/2012 7:50:04 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/1/2012 7:41:41 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
9/1/2012 5:54:41 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
8/1/2012 8:12:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2261.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
8/1/2012 11:53:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2261.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
8/1/2012 11:44:17 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
8/1/2012 10:56:04 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2261.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
8/1/2012 10:56:04 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2261.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
8/1/2012 10:13:58 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
7/1/2012 7:55:58 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
7/1/2012 7:40:55 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2261.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/1/2012 7:40:55 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2261.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/1/2012 6:58:35 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2261.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/1/2012 6:58:35 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2261.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/1/2012 5:42:57 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2261.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
7/1/2012 5:33:21 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
7/1/2012 5:09:23 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
7/1/2012 11:32:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2261.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/1/2012 11:32:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2261.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/1/2012 10:57:28 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
6/1/2012 9:35:42 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2261.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
6/1/2012 9:35:42 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2261.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
6/1/2012 9:08:40 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
6/1/2012 7:08:22 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2261.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
6/1/2012 7:08:22 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2261.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
6/1/2012 6:33:29 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
6/1/2012 5:57:05 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
6/1/2012 12:41:57 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2261.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
6/1/2012 12:41:57 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2261.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
6/1/2012 12:29:45 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
6/1/2012 12:06:34 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
6/1/2012 11:06:44 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
6/1/2012 11:05:23 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2261.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
6/1/2012 11:05:23 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2261.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
6/1/2012 10:46:56 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/1/2012 9:26:39 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/1/2012 8:37:35 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
5/1/2012 8:23:15 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/1/2012 11:44:47 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/1/2012 11:05:32 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/1/2012 6:55:07 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
4/1/2012 6:39:02 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/1/2012 12:24:58 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/1/2012 1:31:34 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2082.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/1/2012 1:22:03 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
11/1/2012 9:59:00 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2482.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80096001 Error description: A system-level error occurred while verifying trust.
11/1/2012 9:16:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2482.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80096001 Error description: A system-level error occurred while verifying trust.
11/1/2012 9:05:56 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
11/1/2012 9:05:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SZASSIST service.
11/1/2012 7:32:40 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
11/1/2012 7:32:39 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume H:.
11/1/2012 7:32:39 AM, Error: Ntfs [137] - The default transaction resource manager on volume H: encountered a non-retryable error and could not start. The data contains the error code.
11/1/2012 7:09:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2482.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80096001 Error description: A system-level error occurred while verifying trust.
11/1/2012 5:57:46 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2482.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80096001 Error description: A system-level error occurred while verifying trust.
11/1/2012 5:47:24 PM, Error: volmgr [46] - Crash dump initialization failed!
11/1/2012 3:57:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2482.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80096001 Error description: A system-level error occurred while verifying trust.
11/1/2012 12:19:40 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.
11/1/2012 12:19:39 AM, Error: Ntfs [137] - The default transaction resource manager on volume \Device\HarddiskVolume9 encountered a non-retryable error and could not start. The data contains the error code.
11/1/2012 1:18:40 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2482.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80096001 Error description: A system-level error occurred while verifying trust.
10/1/2012 9:55:14 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/1/2012 9:40:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2482.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80096001 Error description: A system-level error occurred while verifying trust.
10/1/2012 9:40:35 PM, Error: Service Control Manager [7034] - The Firefox Service service terminated unexpectedly. It has done this 1 time(s).
10/1/2012 7:52:05 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2482.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80096001 Error description: A system-level error occurred while verifying trust.
10/1/2012 7:42:26 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/1/2012 6:05:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2482.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80096001 Error description: A system-level error occurred while verifying trust.
10/1/2012 5:54:17 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/1/2012 5:53:50 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
10/1/2012 2:31:35 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2482.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80096001 Error description: A system-level error occurred while verifying trust.
10/1/2012 2:21:03 PM, Error: EventLog [6008] - The previous system shutdown at 2:20:28 PM on ‎10/‎1/‎2012 was unexpected.
10/1/2012 2:17:40 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2482.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
10/1/2012 2:07:50 PM, Error: Service Control Manager [7001] - The Workstation service depends on the SMB 2.0 MiniRedirector service which failed to start because of the following error: The dependency service or group failed to start.
10/1/2012 2:07:50 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The device does not recognize the command.
10/1/2012 2:07:50 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The device does not recognize the command.
10/1/2012 2:07:50 PM, Error: Service Control Manager [7001] - The Remote Desktop Configuration service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
10/1/2012 2:07:50 PM, Error: Service Control Manager [7000] - The SMB MiniRedirector Wrapper and Engine service failed to start due to the following error: The device does not recognize the command.
10/1/2012 2:07:48 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
10/1/2012 2:07:48 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: The system cannot find the file specified.
10/1/2012 2:07:48 PM, Error: Service Control Manager [7000] - The Ancillary Function Driver for Winsock service failed to start due to the following error: The system cannot find the file specified.
10/1/2012 2:07:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD
10/1/2012 2:07:43 PM, Error: Service Control Manager [7001] - The World Wide Web Publishing Service service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
10/1/2012 2:07:42 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
10/1/2012 2:07:41 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
10/1/2012 2:07:37 PM, Error: Service Control Manager [7001] - The Server SMB 2.xxx Driver service depends on the srvnet service which failed to start because of the following error: The device does not recognize the command.
10/1/2012 2:07:37 PM, Error: Service Control Manager [7001] - The Server SMB 1.xxx Driver service depends on the Server SMB 2.xxx Driver service which failed to start because of the following error: The dependency service or group failed to start.
10/1/2012 2:07:37 PM, Error: Service Control Manager [7001] - The Server service depends on the Server SMB 1.xxx Driver service which failed to start because of the following error: The dependency service or group failed to start.
10/1/2012 2:07:37 PM, Error: Service Control Manager [7001] - The Print Spooler service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
10/1/2012 2:07:37 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
10/1/2012 2:07:37 PM, Error: Service Control Manager [7000] - The srvnet service failed to start due to the following error: The device does not recognize the command.
10/1/2012 2:07:37 PM, Error: Service Control Manager [7000] - The HTTP service failed to start due to the following error: The device does not recognize the command.
10/1/2012 2:07:35 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2012 2:07:35 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2012 12:40:23 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2482.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80072efd Error description: A connection with the server could not be established
10/1/2012 12:30:07 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/1/2012 11:57:31 PM, Error: Ntfs [137] - The default transaction resource manager on volume \Device\HarddiskVolume8 encountered a non-retryable error and could not start. The data contains the error code.
10/1/2012 11:54:32 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
10/1/2012 11:54:31 PM, Error: Ntfs [137] - The default transaction resource manager on volume \Device\HarddiskVolume7 encountered a non-retryable error and could not start. The data contains the error code.
10/1/2012 11:14:54 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2482.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
.
==== End Of File ===========================

and this for DDS.txt output :


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.7.0
Run by User at 21:23:54 on 2012-01-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1256.20.1033.18.1974.1312 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Prey\platform\windows\cronsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\PC Security Tweaker\newlock.exe
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wjk8cltn.default\extensions\startup.service@mozilla.com\svc.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Users\User\Documents\Downloads\Programs\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.my/
mStart Page = hxxp://startsear.ch/?aff=1&cf=e13ac9ee-dc7b-11e0-be4a-c80aa923d2da
mURLSearchHooks: H - No File
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Active Desktop Calendar] c:\program files\xemicomputers\active desktop calendar\ADC.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\user\appdata\roaming\dropbox\bin\Dropbox.exe
uPolicies-explorer: RestrictCpl = 0 (0x0)
uPolicies-explorer: DisallowCpl = 0 (0x0)
uPolicies-explorer: PreventItemCreationInUsersFilesFolder = 0 (0x0)
uPolicies-explorer: NoReadingPane = 0 (0x0)
uPolicies-explorer: NoPreviewPane = 0 (0x0)
uPolicies-explorer: DontSetAutoplayCheckbox = 0 (0x0)
uPolicies-explorer: NoCustomizeWebView = 0 (0x0)
uPolicies-explorer: NoDFSTab = 0 (0x0)
uPolicies-explorer: DisableThumbnails = 0 (0x0)
uPolicies-explorer: DisableThumbnailsOnNetworkFolders = 0 (0x0)
uPolicies-explorer: NoInstrumentation = 0 (0x0)
uPolicies-explorer: NoCustomizeThisFolder = 0 (0x0)
uPolicies-explorer: NoWebView = 0 (0x0)
uPolicies-explorer: DontShowSuperHidden = 0 (0x0)
uPolicies-explorer: NoOnlinePrintsWizard = 0 (0x0)
uPolicies-explorer: NoPublishingWizard = 0 (0x0)
uPolicies-explorer: AlwaysShowClassicMenu = 0 (0x0)
uPolicies-explorer: ClearRecentProgForNewUserInStartMenu = 0 (0x0)
uPolicies-explorer: NoUserFolderInStartMenu = 0 (0x0)
uPolicies-explorer: NoSearchComputerLinkInStartMenu = 0 (0x0)
uPolicies-explorer: NoSearchProgramsInStartMenu = 0 (0x0)
uPolicies-explorer: NoSearchInternetInStartMenu = 0 (0x0)
uPolicies-explorer: NoSearchFilesInStartMenu = 0 (0x0)
uPolicies-explorer: NoSearchCommInStartMenu = 0 (0x0)
uPolicies-explorer: NoSMConfigurePrograms = 0 (0x0)
uPolicies-explorer: NoSMMyPictures = 0 (0x0)
uPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
uPolicies-explorer: NoHelp = 0 (0x0)
uPolicies-explorer: NoCommonGroups = 0 (0x0)
uPolicies-explorer: NoStartMenuEjectPC = 0 (0x0)
uPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
uPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
uPolicies-explorer: NoDisconnect = 0 (0x0)
uPolicies-explorer: NoNtSecurity = 0 (0x0)
uPolicies-explorer: GreyMSIAds = 0 (0x0)
uPolicies-explorer: ForceMaxRecentDocs = 0 (0x0)
uPolicies-explorer: NoStartMenuMyGames = 0 (0x0)
uPolicies-explorer: NoSMBalloonTip = 0 (0x0)
uPolicies-explorer: NoSMBalloonTips = 0 (0x0)
uPolicies-explorer: HideSCAVolume = 0 (0x0)
uPolicies-explorer: HideSCANetwork = 0 (0x0)
uPolicies-explorer: HideSCAPower = 0 (0x0)
uPolicies-explorer: HideSCABattery = 0 (0x0)
uPolicies-explorer: TaskbarNoNotification = 0 (0x0)
uPolicies-explorer: NoTaskGrouping = 0 (0x0)
uPolicies-explorer: TaskbarNoThumbnail = 0 (0x0)
uPolicies-explorer: TaskbarLockAll = 0 (0x0)
uPolicies-explorer: TaskbarNoResize = 0 (0x0)
uPolicies-explorer: TaskbarNoAddRemoveToolbar = 0 (0x0)
uPolicies-explorer: TaskbarNoDragToolbar = 0 (0x0)
uPolicies-explorer: TaskbarNoRedock = 0 (0x0)
uPolicies-explorer: RestrictWelcomeCenter = 0 (0x0)
uPolicies-explorer: NoWebServices = 0 (0x0)
uPolicies-explorer: NoFileUrl = 0 (0x0)
uPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
uPolicies-explorer: NoInplaceSharing = 0 (0x0)
uPolicies-explorer: UseFoldersInStartMenu = 0 (0x0)
uPolicies-explorer: TurnOffSPIAnimations = 0 (0x0)
uPolicies-explorer: PromptRunasInstallNetPath = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 0 (0x0)
uPolicies-explorer: NoThumbnailCache = 0 (0x0)
uPolicies-explorer: ForceCopyAclwithFile = 0 (0x0)
uPolicies-explorer: StartRunNoHOMEPATH = 0 (0x0)
uPolicies-system: HideLogonScripts = 0 (0x0)
mPolicies-explorer: UseDefaultTile = 0 (0x0)
mPolicies-explorer: NoWelcomeScreen = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
mPolicies-system: HideShutdownScripts = 0 (0x0)
dPolicies-explorer: NoThemesTab = 0 (0x0)
dPolicies-explorer: RestrictCpl = 0 (0x0)
dPolicies-explorer: DisallowCpl = 0 (0x0)
dPolicies-explorer: RestrictRun = 0 (0x0)
dPolicies-explorer: DisallowRun = 0 (0x0)
dPolicies-explorer: NoRecycleFiles = 0 (0x0)
dPolicies-explorer: PreventItemCreationInUsersFilesFolder = 0 (0x0)
dPolicies-explorer: NoReadingPane = 0 (0x0)
dPolicies-explorer: NoPreviewPane = 0 (0x0)
dPolicies-explorer: DontSetAutoplayCheckbox = 0 (0x0)
dPolicies-explorer: NoCustomizeWebView = 0 (0x0)
dPolicies-explorer: NoDFSTab = 0 (0x0)
dPolicies-explorer: DisableThumbnails = 0 (0x0)
dPolicies-explorer: DisableThumbnailsOnNetworkFolders = 0 (0x0)
dPolicies-explorer: NoInstrumentation = 0 (0x0)
dPolicies-explorer: NoCustomizeThisFolder = 0 (0x0)
dPolicies-explorer: NoWebView = 0 (0x0)
dPolicies-explorer: DontShowSuperHidden = 0 (0x0)
dPolicies-explorer: NoOnlinePrintsWizard = 0 (0x0)
dPolicies-explorer: NoPublishingWizard = 0 (0x0)
dPolicies-explorer: AlwaysShowClassicMenu = 0 (0x0)
dPolicies-explorer: ClearRecentProgForNewUserInStartMenu = 0 (0x0)
dPolicies-explorer: NoUserFolderInStartMenu = 0 (0x0)
dPolicies-explorer: NoSearchComputerLinkInStartMenu = 0 (0x0)
dPolicies-explorer: NoSearchProgramsInStartMenu = 0 (0x0)
dPolicies-explorer: NoSearchInternetInStartMenu = 0 (0x0)
dPolicies-explorer: NoSearchFilesInStartMenu = 0 (0x0)
dPolicies-explorer: NoSearchCommInStartMenu = 0 (0x0)
dPolicies-explorer: NoSMConfigurePrograms = 0 (0x0)
dPolicies-explorer: NoSMMyPictures = 0 (0x0)
dPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
dPolicies-explorer: NoHelp = 0 (0x0)
dPolicies-explorer: NoCommonGroups = 0 (0x0)
dPolicies-explorer: NoStartMenuEjectPC = 0 (0x0)
dPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
dPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
dPolicies-explorer: NoDisconnect = 0 (0x0)
dPolicies-explorer: NoNtSecurity = 0 (0x0)
dPolicies-explorer: GreyMSIAds = 0 (0x0)
dPolicies-explorer: ForceMaxRecentDocs = 0 (0x0)
dPolicies-explorer: NoStartMenuMyGames = 0 (0x0)
dPolicies-explorer: NoSMBalloonTip = 0 (0x0)
dPolicies-explorer: NoSMBalloonTips = 0 (0x0)
dPolicies-explorer: HideClock = 0 (0x0)
dPolicies-explorer: HideSCAVolume = 0 (0x0)
dPolicies-explorer: HideSCANetwork = 0 (0x0)
dPolicies-explorer: HideSCAPower = 0 (0x0)
dPolicies-explorer: HideSCABattery = 0 (0x0)
dPolicies-explorer: TaskbarNoNotification = 0 (0x0)
dPolicies-explorer: NoTaskGrouping = 0 (0x0)
dPolicies-explorer: TaskbarNoThumbnail = 0 (0x0)
dPolicies-explorer: TaskbarLockAll = 0 (0x0)
dPolicies-explorer: TaskbarNoResize = 0 (0x0)
dPolicies-explorer: TaskbarNoAddRemoveToolbar = 0 (0x0)
dPolicies-explorer: TaskbarNoDragToolbar = 0 (0x0)
dPolicies-explorer: TaskbarNoRedock = 0 (0x0)
dPolicies-explorer: RestrictWelcomeCenter = 0 (0x0)
dPolicies-explorer: NoWebServices = 0 (0x0)
dPolicies-explorer: NoFileUrl = 0 (0x0)
dPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
dPolicies-explorer: NoInplaceSharing = 0 (0x0)
dPolicies-explorer: UseFoldersInStartMenu = 0 (0x0)
dPolicies-explorer: TurnOffSPIAnimations = 0 (0x0)
dPolicies-explorer: PromptRunasInstallNetPath = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoThumbnailCache = 0 (0x0)
dPolicies-explorer: ForceCopyAclwithFile = 0 (0x0)
dPolicies-explorer: StartRunNoHOMEPATH = 0 (0x0)
dPolicies-system: NoColorChoice = 0 (0x0)
dPolicies-system: HideLogonScripts = 0 (0x0)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download FLV videos with IDM from 10 last requested - c:\program files\internet download manager\IEGetVL2.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 10.0.0.172 10.1.2.196
TCP: Interfaces\{95AACCE9-77AF-4500-A91F-340E59B42365} : NameServer = 10.101.150.11,10.101.150.15,10.1.2.11,10.2.1.252,10.2.1.156
TCP: Interfaces\{DECB147F-73CA-4C37-B992-C342CB8A65B7} : DhcpNameServer = 10.0.0.172 10.1.2.196
TCP: Interfaces\{DECB147F-73CA-4C37-B992-C342CB8A65B7}\3334F6D6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DECB147F-73CA-4C37-B992-C342CB8A65B7}\4556374796E676 : DhcpNameServer = 16.110.135.52 16.110.135.51
TCP: Interfaces\{DECB147F-73CA-4C37-B992-C342CB8A65B7}\57E6966696 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DECB147F-73CA-4C37-B992-C342CB8A65B7}\969657D60277966696 : DhcpNameServer = 192.168.130.1 202.188.0.133 202.188.1.5
TCP: Interfaces\{DECB147F-73CA-4C37-B992-C342CB8A65B7}\969657D6D227567696374727164796F6E6 : DhcpNameServer = 10.0.0.170 10.0.0.172 10.1.2.197
TCP: Interfaces\{DECB147F-73CA-4C37-B992-C342CB8A65B7}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\program files\common files\binarysense\hlAPP.dll
Handler: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - c:\windows\system32\textwareilluminatorbaseProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\wjk8cltn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=1&cf=e13ac9ee-dc7b-11e0-be4a-c80aa923d2da
FF - prefs.js: keyword.URL - hxxps://encrypted.google.com/webhp?ie=UTF-8&oe=UTF-8
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\user\appdata\roaming\move networks\plugins\npqmp071700000016.dll
FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsle4539ac1;MpKsle4539ac1;c:\programdata\microsoft\microsoft antimalware\definition updates\{90b95510-efbe-44a4-a8ad-d05c1463b4b0}\MpKsle4539ac1.sys [2012-1-11 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 CronService;Cron Service for Prey;c:\program files\prey\platform\windows\cronsvc.exe [2011-2-16 19968]
R2 DeskSaverService;DeskSaverService;c:\program files\pc security tweaker\newlock.exe [2011-5-15 1459424]
R2 Firefox Service;Firefox Service;c:\users\user\appdata\roaming\mozilla\firefox\profiles\wjk8cltn.default\extensions\startup.service@mozilla.com\svc.exe [2011-7-11 83456]
R2 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-22 39272]
R2 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-11-26 89888]
R2 SZASSIST;SecretZone Assist Service;c:\program files\clarus\samsung secretzone\SZAssistSVC.exe [2011-11-20 90112]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-3-30 1523008]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-27 7566848]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-27 238592]
R3 mdf16;mdf16;c:\program files\clarus\samsung secretzone\mdf16.sys [2011-11-20 18288]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 mvd22;mvd22;c:\program files\clarus\samsung secretzone\mvd22.sys [2011-11-20 70512]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2011-2-10 10064]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-30 136176]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2011-10-27 8192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-6-22 29472]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-30 136176]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-27 125696]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [2011-5-19 32377]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-6-14 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-12-20 11104]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-5-19 174592]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2010-1-7 375808]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-9-3 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-21 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-14 311296]
S4 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2011-2-19 87968]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-27 176128]
S4 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-1-20 228408]
S4 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files\common files\binarysense\hldasvc.exe [2011-2-18 841544]
S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-10-14 92216]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\g10\app\oracle\product\10.2.0\server\bin\extjob.exe xe --> c:\g10\app\oracle\product\10.2.0\server\bin\extjob.exe XE [?]
S4 OracleServiceXE;OracleServiceXE;c:\g10\app\oracle\product\10.2.0\server\bin\oracle.exe xe --> c:\g10\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
S4 OracleXETNSListener;OracleXETNSListener;c:\g10\app\oracle\product\10.2.0\server\bin\TNSLSNR.EXE [2006-2-2 204800]
S4 RtVOsdService;RtVOsdService Installer;c:\program files\realtek\rtvosd\RtVOsdService.exe [2010-6-24 315392]
S4 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-5-19 2320920]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
S4 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2010-9-21 598856]
.
=============== Created Last 30 ================
.
2012-01-11 09:47:31 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{90b95510-efbe-44a4-a8ad-d05c1463b4b0}\MpKsle4539ac1.sys
2012-01-11 09:47:27 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{90b95510-efbe-44a4-a8ad-d05c1463b4b0}\offreg.dll
2012-01-11 08:26:05 -------- d-----w- c:\program files\Foxit Software
2012-01-10 15:18:20 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{90b95510-efbe-44a4-a8ad-d05c1463b4b0}\mpengine.dll
2012-01-10 13:56:57 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-10 11:51:00 -------- d-----w- c:\users\user\appdata\local\{3F817016-2FBF-410B-8B9C-BDB7BD875C37}
2012-01-10 11:50:45 -------- d-----w- c:\users\user\appdata\local\{C2FDDECE-484C-4BEF-AA64-D0503C9A6EB7}
2012-01-10 06:20:06 -------- d-----w- c:\users\user\appdata\local\temp
2012-01-10 05:37:46 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-01-10 05:24:45 98816 ----a-w- c:\windows\sed.exe
2012-01-10 05:24:45 518144 ----a-w- c:\windows\SWREG.exe
2012-01-10 05:24:45 256000 ----a-w- c:\windows\PEV.exe
2012-01-10 05:24:45 208896 ----a-w- c:\windows\MBR.exe
2012-01-10 00:52:53 -------- d-----w- c:\users\user\appdata\roaming\RealNetworks
2011-12-28 02:07:28 -------- d-----w- c:\users\user\appdata\local\DDMSettings
2011-12-28 02:04:07 -------- d-----w- c:\program files\common files\DivX Shared
2011-12-28 01:46:36 -------- d-----w- c:\program files\DivX
2011-12-28 01:43:53 -------- d-----w- c:\programdata\DivX
2011-12-27 00:42:21 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-12-26 06:32:37 472576 ----a-w- c:\windows\AutoKMS.exe
2011-12-26 06:25:02 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-12-26 06:24:33 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-12-26 06:24:30 -------- d-----w- c:\windows\SHELLNEW
2011-12-25 15:32:33 -------- d-----w- c:\users\user\appdata\local\Facebook
2011-12-25 00:59:12 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{af04ad16-196b-41b3-91c4-feddbfe2daea}\gapaengine.dll
2011-12-25 00:30:43 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-24 23:34:38 -------- d-----w- c:\program files\ESET
2011-12-24 10:57:17 -------- d-----w- c:\programdata\SUPERSetup
2011-12-24 10:32:53 -------- d-----w- c:\users\user\appdata\roaming\SUPERAntiSpyware.com
2011-12-24 10:32:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-24 10:32:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-23 10:20:04 388096 ----a-r- c:\users\user\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-12-23 10:20:03 -------- d-----w- c:\program files\Trend Micro
2011-12-19 23:11:18 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2011-12-19 23:11:06 -------- d-----w- c:\program files\common files\xing shared
2011-12-19 23:10:59 150696 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2011-12-19 23:10:51 108544 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2011-12-18 07:23:32 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-18 07:23:31 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-18 07:23:30 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-18 07:23:27 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-18 07:23:21 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-18 07:23:20 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-17 19:22:32 -------- d-----w- c:\program files\Babylon
2011-12-17 18:13:27 -------- d-----w- c:\users\user\appdata\local\{226CCEA6-317F-4E81-B865-C54DCD4E6B46}
2011-12-17 18:13:16 -------- d-----w- c:\users\user\appdata\local\{4A4708C9-99FC-42D2-925B-4F18670009E4}
2011-12-15 17:38:24 -------- d-----w- c:\users\user\appdata\local\{C6AC3DF8-84BA-4D7C-88EF-EAAC1DD6FF8A}
2011-12-15 17:37:59 -------- d-----w- c:\users\user\appdata\local\{411DD979-5ED5-4585-928A-6334216C8254}
2011-12-15 06:14:59 45056 ----a-r- c:\users\user\appdata\roaming\microsoft\installer\{885a63ea-382b-4dd4-a755-14809b8557d6}\ARPPRODUCTICON.exe
2011-12-13 15:30:51 -------- d-----w- c:\users\user\appdata\local\Macromedia
2011-12-13 15:25:30 -------- d-----w- c:\users\user\appdata\roaming\iSpring Solutions
2011-12-13 13:27:11 -------- d-----w- c:\users\user\appdata\local\{502B7422-B409-4DA2-964D-6A975E456E80}
2011-12-13 13:26:57 -------- d-----w- c:\users\user\appdata\local\{8435CA9E-CF92-4EC5-85ED-D3F4B11C3BBE}
2011-12-12 19:07:06 -------- d-----w- c:\users\user\appdata\local\{F83A027E-A54B-4B94-BF06-C3EB697B6670}
2011-12-12 19:06:10 -------- d-----w- c:\users\user\appdata\local\{1177B7C5-55DA-4F54-A6EA-8A8ED28F6D54}
.
==================== Find3M ====================
.
2012-01-11 13:07:36 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2011-12-19 23:10:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-19 23:10:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-12-17 01:13:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 17:09:28 89888 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2011-11-20 15:01:16 28569 ----a-w- c:\programdata\1321795367.6060.bin
2011-11-20 15:01:08 8623 ----a-w- c:\programdata\1321795367.5620.bin
2011-11-20 14:59:36 48826 ----a-w- c:\programdata\1321795367.5580.bin
2011-11-20 14:59:36 291111 ----a-w- c:\programdata\1321795367.5420.bin
2011-11-20 14:59:32 35633 ----a-w- c:\programdata\1321795367.1252.bin
2011-11-20 14:00:17 5072 ----a-w- c:\programdata\1321795367.5824.bin
2011-11-20 13:59:37 1670 ----a-w- c:\programdata\1321795367.5584.bin
2011-11-20 13:26:59 1698 ----a-w- c:\programdata\1321795367.2420.bin
2011-11-20 13:24:19 4467 ----a-w- c:\programdata\1321795367.1272.bin
2011-11-20 13:23:55 9323 ----a-w- c:\programdata\1321795367.5688.bin
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-27 00:06:31 8192 ----a-w- c:\windows\system32\srvany.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: WDC_WD32 rev.12.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x83C17000]<< >>UNKNOWN [0x8A011000]<< >>UNKNOWN [0x8AE5E000]<< >>UNKNOWN [0x8A120000]<< >>UNKNOWN [0x84029000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x83C4E52A] -> \Device\Harddisk0\DR0[0x87B98AC8]
\Driver\Disk[0x8645AAF8] -> IRP_MJ_CREATE -> 0x8A01539F
3 [0x8A01559E] -> ntkrnlpa!IofCallDriver[0x83C4E52A] -> \Device\Ide\IAAStorageDevice-1[0x87157028]
\Driver\iaStor[0x87146CD0] -> IRP_MJ_CREATE -> 0x8A164AF8
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV ES, AX; MOV DS, AX; MOV SI, SP; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; JMP FAR 0x0:0x660; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 21:25:16.57 ===============

#4 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,524
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 11 January 2012 - 09:00 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

    In your next post I need the following

  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#5 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,524
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 14 January 2012 - 02:59 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#6 User is offline   M.H 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 09-January 12

Posted 16 January 2012 - 09:40 PM

im so sorry for late reply gringo_pr ( I apologize for that )

it is working now and this is the ComboFix report you request :


ComboFix 12-01-09.07 - User 01/17/2012 10:30:02.4.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1256.20.1033.18.1974.1227 [GMT 8:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2011-12-17 to 2012-01-17 )))))))))))))))))))))))))))))))
.
.
2012-01-17 02:31 . 2012-01-17 02:31 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-01-17 02:31 . 2012-01-17 02:31 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-01-17 02:31 . 2012-01-17 02:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-17 02:31 . 2012-01-17 02:31 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-01-17 02:23 . 2012-01-17 02:23 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59297700-4C2B-4810-96B7-8803833D035F}\MpKslc559f819.sys
2012-01-17 02:23 . 2012-01-17 02:28 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59297700-4C2B-4810-96B7-8803833D035F}\offreg.dll
2012-01-16 12:45 . 2012-01-16 12:45 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-16 12:45 . 2012-01-16 12:45 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-16 12:45 . 2012-01-16 12:45 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-16 12:45 . 2012-01-16 12:45 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-15 02:27 . 2011-11-20 18:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59297700-4C2B-4810-96B7-8803833D035F}\mpengine.dll
2012-01-13 17:00 . 2012-01-13 17:00 -------- d-----w- c:\users\User\AppData\Roaming\GRETECH
2012-01-11 08:26 . 2012-01-11 08:26 -------- d-----w- c:\program files\Foxit Software
2012-01-10 06:20 . 2012-01-17 02:31 -------- d-----w- c:\users\User\AppData\Local\temp
2012-01-10 05:37 . 2011-12-12 10:13 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\users\User\AppData\Roaming\RealNetworks
2011-12-28 02:07 . 2011-12-28 02:07 -------- d-----w- c:\users\User\AppData\Local\DDMSettings
2011-12-28 02:04 . 2011-12-28 02:04 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-12-28 01:46 . 2011-12-28 02:04 -------- d-----w- c:\program files\DivX
2011-12-28 01:43 . 2011-12-28 02:04 -------- d-----w- c:\programdata\DivX
2011-12-27 00:42 . 2011-11-20 18:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-26 06:32 . 2011-12-26 06:32 472576 ----a-w- c:\windows\AutoKMS.exe
2011-12-26 06:26 . 2011-12-26 06:26 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-12-26 06:25 . 2011-12-26 06:25 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-12-26 06:24 . 2011-12-26 06:24 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-12-26 06:24 . 2012-01-16 04:15 -------- d-----w- c:\windows\SHELLNEW
2011-12-25 15:32 . 2011-12-25 15:46 -------- d-----w- c:\users\User\AppData\Local\Facebook
2011-12-25 00:59 . 2011-12-25 00:59 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF04AD16-196B-41B3-91C4-FEDDBFE2DAEA}\gapaengine.dll
2011-12-25 00:30 . 2011-12-25 00:31 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-24 23:34 . 2011-12-24 23:34 -------- d-----w- c:\program files\ESET
2011-12-24 10:57 . 2011-12-24 10:57 -------- d-----w- c:\programdata\SUPERSetup
2011-12-23 10:20 . 2011-12-23 10:20 388096 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-23 10:20 . 2011-12-23 10:20 -------- d-----w- c:\program files\Trend Micro
2011-12-19 23:11 . 2011-12-19 23:11 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2011-12-19 23:11 . 2011-12-19 23:11 -------- d-----w- c:\program files\Common Files\xing shared
2011-12-19 23:10 . 2011-12-19 23:10 150696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2011-12-19 23:10 . 2011-12-19 23:10 108544 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2011-12-18 07:23 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-18 07:23 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-18 07:23 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-18 07:23 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-18 07:23 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-18 07:23 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-17 02:23 . 2011-11-01 14:01 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2011-12-19 23:10 . 2011-12-05 23:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-19 23:10 . 2011-12-05 23:52 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-12-17 01:13 . 2011-05-18 03:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-15 06:14 . 2011-12-15 06:14 45056 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe
2011-11-25 17:09 . 2011-11-25 17:17 89888 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2011-11-20 15:01 . 2011-11-20 14:59 28569 ----a-w- c:\programdata\1321795367.6060.bin
2011-11-20 15:01 . 2011-11-20 13:22 8623 ----a-w- c:\programdata\1321795367.5620.bin
2011-11-20 14:59 . 2011-11-20 13:22 291111 ----a-w- c:\programdata\1321795367.5420.bin
2011-11-20 14:59 . 2011-11-20 13:22 48826 ----a-w- c:\programdata\1321795367.5580.bin
2011-11-20 14:59 . 2011-11-20 13:24 35633 ----a-w- c:\programdata\1321795367.1252.bin
2011-11-20 14:00 . 2011-11-20 13:23 5072 ----a-w- c:\programdata\1321795367.5824.bin
2011-11-20 13:59 . 2011-11-20 13:26 1670 ----a-w- c:\programdata\1321795367.5584.bin
2011-11-20 13:26 . 2011-11-20 13:23 1698 ----a-w- c:\programdata\1321795367.2420.bin
2011-11-20 13:24 . 2011-11-20 13:24 4467 ----a-w- c:\programdata\1321795367.1272.bin
2011-11-20 13:23 . 2011-11-20 13:23 9323 ----a-w- c:\programdata\1321795367.5688.bin
2011-10-27 00:06 . 2011-10-27 00:10 8192 ----a-w- c:\windows\system32\srvany.exe
2012-01-16 12:45 . 2011-03-23 09:42 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Active Desktop Calendar"="c:\program files\XemiComputers\Active Desktop Calendar\ADC.exe" [2010-06-15 5730304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-10-16 2363392]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-6 24242056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"= 0 (0x0)
"HideLogonScripts"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"PreventItemCreationInUsersFilesFolder"= 0 (0x0)
"NoReadingPane"= 0 (0x0)
"NoPreviewPane"= 0 (0x0)
"DontSetAutoplayCheckbox"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"DisableThumbnails"= 0 (0x0)
"DisableThumbnailsOnNetworkFolders"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"AlwaysShowClassicMenu"= 0 (0x0)
"ClearRecentProgForNewUserInStartMenu"= 0 (0x0)
"NoUserFolderInStartMenu"= 0 (0x0)
"NoSearchComputerLinkInStartMenu"= 0 (0x0)
"NoSearchProgramsInStartMenu"= 0 (0x0)
"NoSearchInternetInStartMenu"= 0 (0x0)
"NoSearchFilesInStartMenu"= 0 (0x0)
"NoSearchCommInStartMenu"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoStartMenuMyGames"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
"TaskbarNoNotification"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"TaskbarNoThumbnail"= 0 (0x0)
"TaskbarLockAll"= 0 (0x0)
"TaskbarNoResize"= 0 (0x0)
"TaskbarNoAddRemoveToolbar"= 0 (0x0)
"TaskbarNoDragToolbar"= 0 (0x0)
"TaskbarNoRedock"= 0 (0x0)
"RestrictWelcomeCenter"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoInplaceSharing"= 0 (0x0)
"UseFoldersInStartMenu"= 0 (0x0)
"TurnOffSPIAnimations"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThemesTab"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"DisallowRun"= 0 (0x0)
"NoRecycleFiles"= 0 (0x0)
"PreventItemCreationInUsersFilesFolder"= 0 (0x0)
"NoReadingPane"= 0 (0x0)
"NoPreviewPane"= 0 (0x0)
"DontSetAutoplayCheckbox"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"DisableThumbnails"= 0 (0x0)
"DisableThumbnailsOnNetworkFolders"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"AlwaysShowClassicMenu"= 0 (0x0)
"ClearRecentProgForNewUserInStartMenu"= 0 (0x0)
"NoUserFolderInStartMenu"= 0 (0x0)
"NoSearchComputerLinkInStartMenu"= 0 (0x0)
"NoSearchProgramsInStartMenu"= 0 (0x0)
"NoSearchInternetInStartMenu"= 0 (0x0)
"NoSearchFilesInStartMenu"= 0 (0x0)
"NoSearchCommInStartMenu"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoStartMenuMyGames"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideClock"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
"TaskbarNoNotification"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"TaskbarNoThumbnail"= 0 (0x0)
"TaskbarLockAll"= 0 (0x0)
"TaskbarNoResize"= 0 (0x0)
"TaskbarNoAddRemoveToolbar"= 0 (0x0)
"TaskbarNoDragToolbar"= 0 (0x0)
"TaskbarNoRedock"= 0 (0x0)
"RestrictWelcomeCenter"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoInplaceSharing"= 0 (0x0)
"UseFoldersInStartMenu"= 0 (0x0)
"TurnOffSPIAnimations"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 06:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-12-25 11:51 136176 ----atw- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\users\User\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-10-16 19:51 2363392 ------w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
2010-09-21 08:34 5360232 ------w- c:\program files\Realtek\Audio\HDA\RtkNGUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtkOSD]
2009-10-13 18:33 907264 ------w- c:\program files\Realtek\Audio\OSD\RtVOsd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-19 20:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2011-01-26 09:41 336384 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-05-27 14:31 1721640 ------w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]
2009-07-23 19:04 498744 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
"Google Update"="c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" -autorun
"00saskda"="c:\program files\PC Security Tweaker\newlock.exe" saskda
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
R1 MpKsl042a0d73;MpKsl042a0d73;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E61F5EBC-635A-496F-AF75-2FE0714ED85C}\MpKsl042a0d73.sys [x]
R1 MpKsl0ea1a573;MpKsl0ea1a573;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{25D4536E-C1D1-4014-9ED5-B5F48BA11323}\MpKsl0ea1a573.sys [x]
R1 MpKsl0fd0d469;MpKsl0fd0d469;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E32C50E8-A925-46BD-8F98-31CC1693DE77}\MpKsl0fd0d469.sys [x]
R1 MpKsl1a70529e;MpKsl1a70529e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B83B4FEB-4EDC-495E-9B2B-B8C3DB85053D}\MpKsl1a70529e.sys [x]
R1 MpKsl1f66d8eb;MpKsl1f66d8eb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7274B2EE-2446-4AB8-9461-2507B13F3D82}\MpKsl1f66d8eb.sys [x]
R1 MpKsl345ff89d;MpKsl345ff89d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{886DD63E-D195-4E84-976F-A24BFB3E90D1}\MpKsl345ff89d.sys [x]
R1 MpKsl3d4e38d4;MpKsl3d4e38d4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59297700-4C2B-4810-96B7-8803833D035F}\MpKsl3d4e38d4.sys [x]
R1 MpKsl4198f956;MpKsl4198f956;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59297700-4C2B-4810-96B7-8803833D035F}\MpKsl4198f956.sys [x]
R1 MpKsl43899752;MpKsl43899752;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{886DD63E-D195-4E84-976F-A24BFB3E90D1}\MpKsl43899752.sys [x]
R1 MpKsl4a8ec23b;MpKsl4a8ec23b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{886DD63E-D195-4E84-976F-A24BFB3E90D1}\MpKsl4a8ec23b.sys [x]
R1 MpKsl5970a414;MpKsl5970a414;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D5B6B6A-B584-465E-ACCA-2A5A9BBE258E}\MpKsl5970a414.sys [x]
R1 MpKsl607de73f;MpKsl607de73f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1EAA1983-1D00-4577-A711-8ECF1E8F155E}\MpKsl607de73f.sys [x]
R1 MpKsl60ddeaec;MpKsl60ddeaec;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E25BF4E5-F1A5-4443-A93E-AE7664DC8990}\MpKsl60ddeaec.sys [x]
R1 MpKsl6661e9cd;MpKsl6661e9cd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B140094-AE8C-44F4-8451-1AA23B17F346}\MpKsl6661e9cd.sys [x]
R1 MpKsl687ac184;MpKsl687ac184;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{238E4DFF-4C04-48BE-B47A-A2AB1F8625C6}\MpKsl687ac184.sys [x]
R1 MpKsl6e866b1a;MpKsl6e866b1a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E25BF4E5-F1A5-4443-A93E-AE7664DC8990}\MpKsl6e866b1a.sys [x]
R1 MpKsl88df4caa;MpKsl88df4caa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{251BC24C-E587-4269-8073-B7DD52FFACB7}\MpKsl88df4caa.sys [x]
R1 MpKsl8d9c778a;MpKsl8d9c778a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{286E863C-B7A1-43ED-BCB8-4DE91091D946}\MpKsl8d9c778a.sys [x]
R1 MpKsl9567116f;MpKsl9567116f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31FB6887-778C-4ED9-8497-77576E75C104}\MpKsl9567116f.sys [x]
R1 MpKsl9799d003;MpKsl9799d003;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E32C50E8-A925-46BD-8F98-31CC1693DE77}\MpKsl9799d003.sys [x]
R1 MpKsl9b901d22;MpKsl9b901d22;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B44C605-59D2-41DF-A7DC-F6FA70FADE00}\MpKsl9b901d22.sys [x]
R1 MpKsla7b51090;MpKsla7b51090;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E25BF4E5-F1A5-4443-A93E-AE7664DC8990}\MpKsla7b51090.sys [x]
R1 MpKslabab3215;MpKslabab3215;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1AE5E6F-18E4-409B-8F90-CB7BF9A60305}\MpKslabab3215.sys [x]
R1 MpKslb0002297;MpKslb0002297;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8AA4BAC9-5AB3-490D-BD1D-0E6C88EFF73C}\MpKslb0002297.sys [x]
R1 MpKslb14b807b;MpKslb14b807b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59297700-4C2B-4810-96B7-8803833D035F}\MpKslb14b807b.sys [x]
R1 MpKslb582f02f;MpKslb582f02f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFBBA462-5903-496D-BE39-DFB231A3590B}\MpKslb582f02f.sys [x]
R1 MpKslb7cfdd55;MpKslb7cfdd55;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{295D1F51-B3A9-42BA-BF48-FAD6131F73D7}\MpKslb7cfdd55.sys [x]
R1 MpKslbcdc4c83;MpKslbcdc4c83;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B83B4FEB-4EDC-495E-9B2B-B8C3DB85053D}\MpKslbcdc4c83.sys [x]
R1 MpKslbefbf21f;MpKslbefbf21f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E25BF4E5-F1A5-4443-A93E-AE7664DC8990}\MpKslbefbf21f.sys [x]
R1 MpKslc4c54190;MpKslc4c54190;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59297700-4C2B-4810-96B7-8803833D035F}\MpKslc4c54190.sys [x]
R1 MpKsld2abd823;MpKsld2abd823;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1FD448F7-BA44-4924-A22E-021C51895DB7}\MpKsld2abd823.sys [x]
R1 MpKsld62d777d;MpKsld62d777d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{295D1F51-B3A9-42BA-BF48-FAD6131F73D7}\MpKsld62d777d.sys [x]
R1 MpKsld64e2ccc;MpKsld64e2ccc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFBBA462-5903-496D-BE39-DFB231A3590B}\MpKsld64e2ccc.sys [x]
R1 MpKsle1d1e714;MpKsle1d1e714;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7612C1A5-FEE6-4B8D-B222-B45294A3C751}\MpKsle1d1e714.sys [x]
R1 MpKsle4539ac1;MpKsle4539ac1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{90B95510-EFBE-44A4-A8AD-D05C1463B4B0}\MpKsle4539ac1.sys [x]
R1 MpKslf1182d05;MpKslf1182d05;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7612C1A5-FEE6-4B8D-B222-B45294A3C751}\MpKslf1182d05.sys [x]
R1 MpKslff73897f;MpKslff73897f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B44C605-59D2-41DF-A7DC-F6FA70FADE00}\MpKslff73897f.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Firefox Service;Firefox Service;c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wjk8cltn.default\extensions\startup.service@mozilla.com\svc.exe [2011-03-10 83456]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-30 136176]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2011-10-27 8192]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-22 29472]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-30 136176]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-04-09 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-04-09 11104]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 174592]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-09 394856]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-06 375808]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-19 52224]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\BatteryCare\WinRing0.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-11-17 87968]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 176128]
R4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\g10\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [x]
R4 OracleServiceXE;OracleServiceXE;c:\g10\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [x]
R4 OracleXETNSListener;OracleXETNSListener;c:\g10\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-01 204800]
R4 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
R4 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]
S1 MpKslc559f819;MpKslc559f819;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59297700-4C2B-4810-96B7-8803833D035F}\MpKslc559f819.sys [2012-01-17 29904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 CronService;Cron Service for Prey;c:\program files\Prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 DeskSaverService;DeskSaverService;c:\program files\PC Security Tweaker\newlock.exe [2010-12-03 1459424]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-11-25 89888]
S2 SZASSIST;SecretZone Assist Service;c:\program files\Clarus\Samsung SecretZone\SZAssistSVC.exe [2010-08-30 90112]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-03-30 1523008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 7566848]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 238592]
S3 mdf16;mdf16;c:\program files\Clarus\Samsung SecretZone\mdf16.sys [2010-08-11 18288]
S3 mvd22;mvd22;c:\program files\Clarus\Samsung SecretZone\mvd22.sys [2010-08-11 70512]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-02-10 10064]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLC559F819
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 19:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-30 08:43]
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-30 08:43]
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3631552745-2103473267-2274662419-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-25 11:51]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3631552745-2103473267-2274662419-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-25 11:51]
.
2012-01-14 c:\windows\Tasks\HPCeeScheduleForUser.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
2012-01-05 c:\windows\Tasks\One-Click Tweak.job
- c:\program files\Advanced PC Tweaker\OneClick.exe [2011-04-21 10:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.my/
mStart Page = hxxp://startsear.ch/?aff=1&cf=e13ac9ee-dc7b-11e0-be4a-c80aa923d2da
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download FLV videos with IDM from 10 last requested - c:\program files\Internet Download Manager\IEGetVL2.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.172 10.1.2.196
TCP: Interfaces\{95AACCE9-77AF-4500-A91F-340E59B42365}: NameServer = 10.101.150.11,10.101.150.15,10.1.2.11,10.2.1.252,10.2.1.156
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wjk8cltn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=1&cf=e13ac9ee-dc7b-11e0-be4a-c80aa923d2da
FF - prefs.js: keyword.URL - hxxps://encrypted.google.com/webhp?ie=UTF-8&oe=UTF-8
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0055C089-8582-441B-A0BF-17B458C2A3A8}"=hex:51,66,7a,6c,4c,1d,38,12,e7,c3,46,
04,b0,cb,75,01,df,a9,54,f4,5d,9c,e7,bc
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,3b,1b,8f,83,90,
1c,e1,9e,33,02,a3,72,3f,0b,7f,29,a5,ac
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,3b,1b,a4,27,33,
43,e5,b1,93,0f,ba,a7,28,e9,ce,e3,c3,33
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2c,91,
68,f3,66,48,02,ac,f6,4c,fc,1f,7a,e6,61
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,dc,
c1,73,f2,31,0c,a7,7b,db,65,c3,87,cd,b6
"{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}"=hex:51,66,7a,6c,4c,1d,3b,1b,fb,b9,16,
c7,cb,1c,0a,02,82,d7,a1,3f,94,0e,ed,0c
"{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}"=hex:51,66,7a,6c,4c,1d,3b,1b,d0,90,4e,
fb,20,d3,cb,0d,9a,e5,9b,d4,ee,58,8a,0f
"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,3b,1b,12,eb,28,
f9,73,8f,70,09,98,ff,c6,df,74,e3,dc,e7
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=hex:51,66,7a,6c,4c,1d,3b,1b,ff,59,ee,
3b,5b,61,39,02,80,00,cd,c9,d1,60,d5,77
"{EE9A4208-64EC-11DE-8440-204256D89593}"=hex:51,66,7a,6c,4c,1d,3b,1b,18,5f,8e,
f4,da,32,b4,5e,9f,4f,67,02,54,9a,d0,8c
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c3,fe,
a7,53,94,ba,5e,a7,e2,47,e0,cb,48,f0,10
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,07,40,
30,c0,0d,0f,09,b3,ac,88,e9,65,6c,07,8e
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,83,11,
e5,6c,9a,44,01,a4,34,d1,a9,2b,94,10,1c
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"=hex:51,66,7a,6c,4c,1d,38,12,55,e2,d0,
7e,f8,75,36,04,cc,26,b5,2d,be,5d,85,a1
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a9,5d,2f,b1,a7,a7,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e5,a8,03,3b,99,3e,e8,44,a9,4d,68,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e5,a8,03,3b,99,3e,e8,44,a9,4d,68,\
.
[HKEY_USERS\S-1-5-21-3631552745-2103473267-2274662419-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):31,ad,75,ac,99,82,c5,cf,7c,36,88,06,a5,4c,30,bf,23,b7,b3,4f,ec,
56,37,01,59,ee,bd,c3,f5,fa,cc,33,5e,3e,23,3f,71,33,f2,36,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2972)
c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\XemiComputers\Active Desktop Calendar\MouseHook.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
Completion time: 2012-01-17 10:34:55
ComboFix-quarantined-files.txt 2012-01-17 02:34
ComboFix2.txt 2012-01-15 01:11
ComboFix3.txt 2012-01-10 13:58
ComboFix4.txt 2012-01-10 06:26
.
Pre-Run: 20,022,489,088 bytes free
Post-Run: 20,034,281,472 bytes free
.
- - End Of File - - 17977C631D7361D862115DAEBF1F8E2D

#7 User is offline   M.H 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 09-January 12

Posted 16 January 2012 - 09:42 PM

just one more question, can you tell me what caused this problem in order to avoid it in the future

really many thanks to you

#8 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,524
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 16 January 2012 - 09:57 PM

Hello

there is no way for me to tell where it came from


Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

    In your next post I need the following

    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#9 User is offline   M.H 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 09-January 12

Posted 18 January 2012 - 02:30 AM

the computer is doing well now & i didnt face any problem so far
thx for helping & this is the report :

ComboFix 12-01-09.07 - User 01/18/2012 15:12:44.5.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1256.20.1033.18.1974.1224 [GMT 8:00]
Running from: c:\users\User\Desktop\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2011-12-18 to 2012-01-18 )))))))))))))))))))))))))))))))
.
.
2012-01-18 07:14 . 2012-01-18 07:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-01-18 07:14 . 2012-01-18 07:14 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-01-18 07:14 . 2012-01-18 07:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-18 07:14 . 2012-01-18 07:14 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-01-17 23:10 . 2012-01-17 23:10 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3FBA949F-2467-4C02-91B0-3FE96C418BE2}\MpKslaee29149.sys
2012-01-17 23:09 . 2012-01-17 23:09 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3FBA949F-2467-4C02-91B0-3FE96C418BE2}\offreg.dll
2012-01-17 02:35 . 2011-11-20 18:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3FBA949F-2467-4C02-91B0-3FE96C418BE2}\mpengine.dll
2012-01-16 12:45 . 2012-01-16 12:45 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-16 12:45 . 2012-01-16 12:45 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-16 12:45 . 2012-01-16 12:45 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-16 12:45 . 2012-01-16 12:45 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-13 17:00 . 2012-01-13 17:00 -------- d-----w- c:\users\User\AppData\Roaming\GRETECH
2012-01-11 08:26 . 2012-01-11 08:26 -------- d-----w- c:\program files\Foxit Software
2012-01-10 06:20 . 2012-01-18 07:14 -------- d-----w- c:\users\User\AppData\Local\temp
2012-01-10 05:37 . 2011-12-12 10:13 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-01-10 00:52 . 2012-01-10 00:52 -------- d-----w- c:\users\User\AppData\Roaming\RealNetworks
2011-12-28 02:07 . 2011-12-28 02:07 -------- d-----w- c:\users\User\AppData\Local\DDMSettings
2011-12-28 02:04 . 2011-12-28 02:04 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-12-28 01:46 . 2011-12-28 02:04 -------- d-----w- c:\program files\DivX
2011-12-28 01:43 . 2011-12-28 02:04 -------- d-----w- c:\programdata\DivX
2011-12-27 00:42 . 2011-11-20 18:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-26 06:32 . 2011-12-26 06:32 472576 ----a-w- c:\windows\AutoKMS.exe
2011-12-26 06:26 . 2011-12-26 06:26 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-12-26 06:25 . 2011-12-26 06:25 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-12-26 06:24 . 2011-12-26 06:24 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-12-26 06:24 . 2012-01-16 04:15 -------- d-----w- c:\windows\SHELLNEW
2011-12-25 15:32 . 2011-12-25 15:46 -------- d-----w- c:\users\User\AppData\Local\Facebook
2011-12-25 00:59 . 2011-12-25 00:59 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF04AD16-196B-41B3-91C4-FEDDBFE2DAEA}\gapaengine.dll
2011-12-25 00:30 . 2011-12-25 00:31 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-24 23:34 . 2011-12-24 23:34 -------- d-----w- c:\program files\ESET
2011-12-24 10:57 . 2011-12-24 10:57 -------- d-----w- c:\programdata\SUPERSetup
2011-12-23 10:20 . 2011-12-23 10:20 388096 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-23 10:20 . 2011-12-23 10:20 -------- d-----w- c:\program files\Trend Micro
2011-12-19 23:11 . 2011-12-19 23:11 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2011-12-19 23:11 . 2011-12-19 23:11 -------- d-----w- c:\program files\Common Files\xing shared
2011-12-19 23:10 . 2011-12-19 23:10 150696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2011-12-19 23:10 . 2011-12-19 23:10 108544 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-18 07:10 . 2011-11-01 14:01 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2011-12-19 23:10 . 2011-12-05 23:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-19 23:10 . 2011-12-05 23:52 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-12-17 01:13 . 2011-05-18 03:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-15 06:14 . 2011-12-15 06:14 45056 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe
2011-11-25 17:09 . 2011-11-25 17:17 89888 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2011-11-24 04:25 . 2011-12-18 07:23 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 15:01 . 2011-11-20 14:59 28569 ----a-w- c:\programdata\1321795367.6060.bin
2011-11-20 15:01 . 2011-11-20 13:22 8623 ----a-w- c:\programdata\1321795367.5620.bin
2011-11-20 14:59 . 2011-11-20 13:22 291111 ----a-w- c:\programdata\1321795367.5420.bin
2011-11-20 14:59 . 2011-11-20 13:22 48826 ----a-w- c:\programdata\1321795367.5580.bin
2011-11-20 14:59 . 2011-11-20 13:24 35633 ----a-w- c:\programdata\1321795367.1252.bin
2011-11-20 14:00 . 2011-11-20 13:23 5072 ----a-w- c:\programdata\1321795367.5824.bin
2011-11-20 13:59 . 2011-11-20 13:26 1670 ----a-w- c:\programdata\1321795367.5584.bin
2011-11-20 13:26 . 2011-11-20 13:23 1698 ----a-w- c:\programdata\1321795367.2420.bin
2011-11-20 13:24 . 2011-11-20 13:24 4467 ----a-w- c:\programdata\1321795367.1272.bin
2011-11-20 13:23 . 2011-11-20 13:23 9323 ----a-w- c:\programdata\1321795367.5688.bin
2011-11-05 04:26 . 2011-12-18 07:23 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-18 07:29 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-18 07:29 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-18 07:29 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-18 07:29 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-27 00:06 . 2011-10-27 00:10 8192 ----a-w- c:\windows\system32\srvany.exe
2011-10-26 04:47 . 2011-12-18 07:23 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 04:47 . 2011-12-18 07:23 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 04:28 . 2011-12-18 07:23 38912 ----a-w- c:\windows\system32\csrsrv.dll
2012-01-16 12:45 . 2011-03-23 09:42 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Active Desktop Calendar"="c:\program files\XemiComputers\Active Desktop Calendar\ADC.exe" [2010-06-15 5730304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-10-16 2363392]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-6 24242056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"= 0 (0x0)
"HideLogonScripts"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"PreventItemCreationInUsersFilesFolder"= 0 (0x0)
"NoReadingPane"= 0 (0x0)
"NoPreviewPane"= 0 (0x0)
"DontSetAutoplayCheckbox"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"DisableThumbnails"= 0 (0x0)
"DisableThumbnailsOnNetworkFolders"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"AlwaysShowClassicMenu"= 0 (0x0)
"ClearRecentProgForNewUserInStartMenu"= 0 (0x0)
"NoUserFolderInStartMenu"= 0 (0x0)
"NoSearchComputerLinkInStartMenu"= 0 (0x0)
"NoSearchProgramsInStartMenu"= 0 (0x0)
"NoSearchInternetInStartMenu"= 0 (0x0)
"NoSearchFilesInStartMenu"= 0 (0x0)
"NoSearchCommInStartMenu"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoStartMenuMyGames"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
"TaskbarNoNotification"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"TaskbarNoThumbnail"= 0 (0x0)
"TaskbarLockAll"= 0 (0x0)
"TaskbarNoResize"= 0 (0x0)
"TaskbarNoAddRemoveToolbar"= 0 (0x0)
"TaskbarNoDragToolbar"= 0 (0x0)
"TaskbarNoRedock"= 0 (0x0)
"RestrictWelcomeCenter"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoInplaceSharing"= 0 (0x0)
"UseFoldersInStartMenu"= 0 (0x0)
"TurnOffSPIAnimations"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThemesTab"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"DisallowRun"= 0 (0x0)
"NoRecycleFiles"= 0 (0x0)
"PreventItemCreationInUsersFilesFolder"= 0 (0x0)
"NoReadingPane"= 0 (0x0)
"NoPreviewPane"= 0 (0x0)
"DontSetAutoplayCheckbox"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"DisableThumbnails"= 0 (0x0)
"DisableThumbnailsOnNetworkFolders"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"AlwaysShowClassicMenu"= 0 (0x0)
"ClearRecentProgForNewUserInStartMenu"= 0 (0x0)
"NoUserFolderInStartMenu"= 0 (0x0)
"NoSearchComputerLinkInStartMenu"= 0 (0x0)
"NoSearchProgramsInStartMenu"= 0 (0x0)
"NoSearchInternetInStartMenu"= 0 (0x0)
"NoSearchFilesInStartMenu"= 0 (0x0)
"NoSearchCommInStartMenu"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoStartMenuMyGames"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideClock"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
"TaskbarNoNotification"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"TaskbarNoThumbnail"= 0 (0x0)
"TaskbarLockAll"= 0 (0x0)
"TaskbarNoResize"= 0 (0x0)
"TaskbarNoAddRemoveToolbar"= 0 (0x0)
"TaskbarNoDragToolbar"= 0 (0x0)
"TaskbarNoRedock"= 0 (0x0)
"RestrictWelcomeCenter"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoInplaceSharing"= 0 (0x0)
"UseFoldersInStartMenu"= 0 (0x0)
"TurnOffSPIAnimations"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 06:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-12-25 11:51 136176 ----atw- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\users\User\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-10-16 19:51 2363392 ------w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
2010-09-21 08:34 5360232 ------w- c:\program files\Realtek\Audio\HDA\RtkNGUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtkOSD]
2009-10-13 18:33 907264 ------w- c:\program files\Realtek\Audio\OSD\RtVOsd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-19 20:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2011-01-26 09:41 336384 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-05-27 14:31 1721640 ------w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]
2009-07-23 19:04 498744 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
"Google Update"="c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" -autorun
"00saskda"="c:\program files\PC Security Tweaker\newlock.exe" saskda
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
R1 MpKsl042a0d73;MpKsl042a0d73;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E61F5EBC-635A-496F-AF75-2FE0714ED85C}\MpKsl042a0d73.sys [x]
R1 MpKsl0ea1a573;MpKsl0ea1a573;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{25D4536E-C1D1-4014-9ED5-B5F48BA11323}\MpKsl0ea1a573.sys [x]
R1 MpKsl0fd0d469;MpKsl0fd0d469;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E32C50E8-A925-46BD-8F98-31CC1693DE77}\MpKsl0fd0d469.sys [x]
R1 MpKsl1a70529e;MpKsl1a70529e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B83B4FEB-4EDC-495E-9B2B-B8C3DB85053D}\MpKsl1a70529e.sys [x]
R1 MpKsl1f66d8eb;MpKsl1f66d8eb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7274B2EE-2446-4AB8-9461-2507B13F3D82}\MpKsl1f66d8eb.sys [x]
R1 MpKsl345ff89d;MpKsl345ff89d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{886DD63E-D195-4E84-976F-A24BFB3E90D1}\MpKsl345ff89d.sys [x]
R1 MpKsl3d4e38d4;MpKsl3d4e38d4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59297700-4C2B-4810-96B7-8803833D035F}\MpKsl3d4e38d4.sys [x]
R1 MpKsl4198f956;MpKsl4198f956;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59297700-4C2B-4810-96B7-8803833D035F}\MpKsl4198f956.sys [x]
R1 MpKsl43899752;MpKsl43899752;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{886DD63E-D195-4E84-976F-A24BFB3E90D1}\MpKsl43899752.sys [x]
R1 MpKsl4a8ec23b;MpKsl4a8ec23b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{886DD63E-D195-4E84-976F-A24BFB3E90D1}\MpKsl4a8ec23b.sys [x]
R1 MpKsl5970a414;MpKsl5970a414;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D5B6B6A-B584-465E-ACCA-2A5A9BBE258E}\MpKsl5970a414.sys [x]
R1 MpKsl607de73f;MpKsl607de73f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1EAA1983-1D00-4577-A711-8ECF1E8F155E}\MpKsl607de73f.sys [x]
R1 MpKsl60ddeaec;MpKsl60ddeaec;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E25BF4E5-F1A5-4443-A93E-AE7664DC8990}\MpKsl60ddeaec.sys [x]
R1 MpKsl6661e9cd;MpKsl6661e9cd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B140094-AE8C-44F4-8451-1AA23B17F346}\MpKsl6661e9cd.sys [x]
R1 MpKsl687ac184;MpKsl687ac184;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{238E4DFF-4C04-48BE-B47A-A2AB1F8625C6}\MpKsl687ac184.sys [x]
R1 MpKsl6e866b1a;MpKsl6e866b1a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E25BF4E5-F1A5-4443-A93E-AE7664DC8990}\MpKsl6e866b1a.sys [x]
R1 MpKsl88df4caa;MpKsl88df4caa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{251BC24C-E587-4269-8073-B7DD52FFACB7}\MpKsl88df4caa.sys [x]
R1 MpKsl8d9c778a;MpKsl8d9c778a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{286E863C-B7A1-43ED-BCB8-4DE91091D946}\MpKsl8d9c778a.sys [x]
R1 MpKsl9567116f;MpKsl9567116f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31FB6887-778C-4ED9-8497-77576E75C104}\MpKsl9567116f.sys [x]
R1 MpKsl9799d003;MpKsl9799d003;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E32C50E8-A925-46BD-8F98-31CC1693DE77}\MpKsl9799d003.sys [x]
R1 MpKsl9b901d22;MpKsl9b901d22;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B44C605-59D2-41DF-A7DC-F6FA70FADE00}\MpKsl9b901d22.sys [x]
R1 MpKsla7b51090;MpKsla7b51090;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E25BF4E5-F1A5-4443-A93E-AE7664DC8990}\MpKsla7b51090.sys [x]
R1 MpKslabab3215;MpKslabab3215;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1AE5E6F-18E4-409B-8F90-CB7BF9A60305}\MpKslabab3215.sys [x]
R1 MpKslb0002297;MpKslb0002297;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8AA4BAC9-5AB3-490D-BD1D-0E6C88EFF73C}\MpKslb0002297.sys [x]
R1 MpKslb14b807b;MpKslb14b807b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59297700-4C2B-4810-96B7-8803833D035F}\MpKslb14b807b.sys [x]
R1 MpKslb582f02f;MpKslb582f02f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFBBA462-5903-496D-BE39-DFB231A3590B}\MpKslb582f02f.sys [x]
R1 MpKslb7cfdd55;MpKslb7cfdd55;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{295D1F51-B3A9-42BA-BF48-FAD6131F73D7}\MpKslb7cfdd55.sys [x]
R1 MpKslbcdc4c83;MpKslbcdc4c83;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B83B4FEB-4EDC-495E-9B2B-B8C3DB85053D}\MpKslbcdc4c83.sys [x]
R1 MpKslbefbf21f;MpKslbefbf21f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E25BF4E5-F1A5-4443-A93E-AE7664DC8990}\MpKslbefbf21f.sys [x]
R1 MpKslc4c54190;MpKslc4c54190;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59297700-4C2B-4810-96B7-8803833D035F}\MpKslc4c54190.sys [x]
R1 MpKslc559f819;MpKslc559f819;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59297700-4C2B-4810-96B7-8803833D035F}\MpKslc559f819.sys [x]
R1 MpKsld1fccf3a;MpKsld1fccf3a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3FBA949F-2467-4C02-91B0-3FE96C418BE2}\MpKsld1fccf3a.sys [x]
R1 MpKsld2abd823;MpKsld2abd823;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1FD448F7-BA44-4924-A22E-021C51895DB7}\MpKsld2abd823.sys [x]
R1 MpKsld62d777d;MpKsld62d777d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{295D1F51-B3A9-42BA-BF48-FAD6131F73D7}\MpKsld62d777d.sys [x]
R1 MpKsld64e2ccc;MpKsld64e2ccc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFBBA462-5903-496D-BE39-DFB231A3590B}\MpKsld64e2ccc.sys [x]
R1 MpKsle1d1e714;MpKsle1d1e714;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7612C1A5-FEE6-4B8D-B222-B45294A3C751}\MpKsle1d1e714.sys [x]
R1 MpKsle4539ac1;MpKsle4539ac1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{90B95510-EFBE-44A4-A8AD-D05C1463B4B0}\MpKsle4539ac1.sys [x]
R1 MpKslf1182d05;MpKslf1182d05;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7612C1A5-FEE6-4B8D-B222-B45294A3C751}\MpKslf1182d05.sys [x]
R1 MpKslff73897f;MpKslff73897f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B44C605-59D2-41DF-A7DC-F6FA70FADE00}\MpKslff73897f.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Firefox Service;Firefox Service;c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wjk8cltn.default\extensions\startup.service@mozilla.com\svc.exe [2011-03-10 83456]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-30 136176]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2011-10-27 8192]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-22 29472]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-30 136176]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-04-09 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-04-09 11104]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 174592]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-09 394856]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-06 375808]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-19 52224]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\BatteryCare\WinRing0.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-11-17 87968]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 176128]
R4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\g10\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [x]
R4 OracleServiceXE;OracleServiceXE;c:\g10\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [x]
R4 OracleXETNSListener;OracleXETNSListener;c:\g10\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-01 204800]
R4 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
R4 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]
S1 MpKslaee29149;MpKslaee29149;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3FBA949F-2467-4C02-91B0-3FE96C418BE2}\MpKslaee29149.sys [2012-01-17 29904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 CronService;Cron Service for Prey;c:\program files\Prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 DeskSaverService;DeskSaverService;c:\program files\PC Security Tweaker\newlock.exe [2010-12-03 1459424]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-11-25 89888]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-03-30 1523008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 7566848]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 238592]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-02-10 10064]
S4 mdf16;mdf16;c:\program files\Clarus\Samsung SecretZone\mdf16.sys [x]
S4 mvd22;mvd22;c:\program files\Clarus\Samsung SecretZone\mvd22.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLAEE29149
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 19:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-30 08:43]
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-30 08:43]
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3631552745-2103473267-2274662419-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-25 11:51]
.
2012-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3631552745-2103473267-2274662419-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-25 11:51]
.
2012-01-14 c:\windows\Tasks\HPCeeScheduleForUser.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
2012-01-05 c:\windows\Tasks\One-Click Tweak.job
- c:\program files\Advanced PC Tweaker\OneClick.exe [2011-04-21 10:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.my/
mStart Page = hxxp://startsear.ch/?aff=1&cf=e13ac9ee-dc7b-11e0-be4a-c80aa923d2da
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download FLV videos with IDM from 10 last requested - c:\program files\Internet Download Manager\IEGetVL2.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.172 10.1.2.196
TCP: Interfaces\{95AACCE9-77AF-4500-A91F-340E59B42365}: NameServer = 10.101.150.11,10.101.150.15,10.1.2.11,10.2.1.252,10.2.1.156
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wjk8cltn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxps://encrypted.google.com/webhp?ie=UTF-8&oe=UTF-8
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0055C089-8582-441B-A0BF-17B458C2A3A8}"=hex:51,66,7a,6c,4c,1d,38,12,e7,c3,46,
04,b0,cb,75,01,df,a9,54,f4,5d,9c,e7,bc
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,3b,1b,8f,83,90,
1c,e1,9e,33,02,a3,72,3f,0b,7f,29,a5,ac
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,3b,1b,a4,27,33,
43,e5,b1,93,0f,ba,a7,28,e9,ce,e3,c3,33
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2c,91,
68,f3,66,48,02,ac,f6,4c,fc,1f,7a,e6,61
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,dc,
c1,73,f2,31,0c,a7,7b,db,65,c3,87,cd,b6
"{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}"=hex:51,66,7a,6c,4c,1d,3b,1b,fb,b9,16,
c7,cb,1c,0a,02,82,d7,a1,3f,94,0e,ed,0c
"{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}"=hex:51,66,7a,6c,4c,1d,3b,1b,d0,90,4e,
fb,20,d3,cb,0d,9a,e5,9b,d4,ee,58,8a,0f
"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,3b,1b,12,eb,28,
f9,73,8f,70,09,98,ff,c6,df,74,e3,dc,e7
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=hex:51,66,7a,6c,4c,1d,3b,1b,ff,59,ee,
3b,5b,61,39,02,80,00,cd,c9,d1,60,d5,77
"{EE9A4208-64EC-11DE-8440-204256D89593}"=hex:51,66,7a,6c,4c,1d,3b,1b,18,5f,8e,
f4,da,32,b4,5e,9f,4f,67,02,54,9a,d0,8c
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c3,fe,
a7,53,94,ba,5e,a7,e2,47,e0,cb,48,f0,10
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,07,40,
30,c0,0d,0f,09,b3,ac,88,e9,65,6c,07,8e
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,83,11,
e5,6c,9a,44,01,a4,34,d1,a9,2b,94,10,1c
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"=hex:51,66,7a,6c,4c,1d,38,12,55,e2,d0,
7e,f8,75,36,04,cc,26,b5,2d,be,5d,85,a1
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a9,5d,2f,b1,a7,a7,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e5,a8,03,3b,99,3e,e8,44,a9,4d,68,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e5,a8,03,3b,99,3e,e8,44,a9,4d,68,\
.
[HKEY_USERS\S-1-5-21-3631552745-2103473267-2274662419-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):31,ad,75,ac,99,82,c5,cf,7c,36,88,06,a5,4c,30,bf,23,b7,b3,4f,ec,
56,37,01,59,ee,bd,c3,f5,fa,cc,33,5e,3e,23,3f,71,33,f2,36,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5700)
c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\XemiComputers\Active Desktop Calendar\MouseHook.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
Completion time: 2012-01-18 15:17:22
ComboFix-quarantined-files.txt 2012-01-18 07:17
ComboFix2.txt 2012-01-17 02:34
ComboFix3.txt 2012-01-15 01:11
ComboFix4.txt 2012-01-10 13:58
ComboFix5.txt 2012-01-18 07:11
.
Pre-Run: 19,668,987,904 bytes free
Post-Run: 19,602,001,920 bytes free
.
- - End Of File - - 7BD50FB29E21DDF6026D8D9DA8B8C59C

#10 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,524
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 18 January 2012 - 12:16 PM

Hello


I forgot to ask before - Is the firewall working yet?



TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

    Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.



If you have problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

"information and logs"

    In your next post I need the following

    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#11 User is offline   M.H 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 09-January 12

Posted 19 January 2012 - 08:58 AM

yp my firewall is working now , i just face one problem which is when i enter my password it is take around 20 second to start and sometime the laptop is become slowly when open software or browsing some things

this is the 1st report from MBAM :

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.19.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: HAJI-PC [administrator]

Protection: Enabled

1/19/2012 2:54:04 PM
mbam-log-2012-01-19 (14-54-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222138
Time elapsed: 20 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\OO1310T0QS (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/?aff=1&cf=e13ac9ee-dc7b-11e0-be4a-c80aa923d2da) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

and this is 2ed report from hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:00:07 PM, on 23/12/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download FLV videos with IDM from 10 last requested - C:\Program Files\Internet Download Manager\IEGetVL2.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{95AACCE9-77AF-4500-A91F-340E59B42365}: NameServer = 10.101.150.11,10.101.150.15,10.1.2.11,10.2.1.252,10.2.1.156
O17 - HKLM\System\CS1\Services\Tcpip\..\{95AACCE9-77AF-4500-A91F-340E59B42365}: NameServer = 10.101.150.11,10.101.150.15,10.1.2.11,10.2.1.252,10.2.1.156
O17 - HKLM\System\CS2\Services\Tcpip\..\{95AACCE9-77AF-4500-A91F-340E59B42365}: NameServer = 10.101.150.11,10.101.150.15,10.1.2.11,10.2.1.252,10.2.1.156
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - C:\Program Files\Common Files\BinarySense\hlAPP.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Cron Service for Prey (CronService) - Fork Ltd. - C:\Program Files\Prey\platform\windows\cronsvc.exe
O23 - Service: DeskSaverService - Unknown owner - C:\Program Files\PC Security Tweaker\newlock.exe
O23 - Service: Firefox Service - Unknown owner - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wjk8cltn.default\extensions\startup.service@mozilla.com\svc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: SecretZone Assist Service (SZASSIST) - Clarus, Inc. - C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe

--
End of file - 8185 bytes

#12 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,524
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 19 January 2012 - 11:54 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

see if this helps with the speed

1.Click on "Start" and point to "Search".
2.Write "device" into the search box and Press "Search".
3.Select "Device Manager" in the search results.
4.Open the Disk Drive branch.
5.Click the hard disk for its property sheet.
6.Activate "Enable Write Caching" on the Device check box.
7.For maximum performance, activate the "Turn Off Windows Write-Cache Buffer Flushing on the Device" too.
8.Click "OK"

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

      O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user')


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

      NOTE**You can research each of those lines >here< and see if you want to keep them or not
      just copy the name between the brackets and paste into the search space
      O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
      Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt

Copy and paste that log as a reply to this topic

Gringo

This post has been edited by gringo_pr: 19 January 2012 - 11:56 AM

I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#13 User is offline   M.H 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 09-January 12

Posted 21 January 2012 - 06:55 PM

Gringo thanks a lot for helping me

but the online scanner is taking long time + im using wireless so some time i lose the connection

is there any alternative solution such as download ESET and scan all drives in normal scan?

#14 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,524
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 21 January 2012 - 08:45 PM

try this and see if it does any better


F-Secure Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go HERE to run an online scan from F-Secure
  • Click on Start scanning
  • This will open a new window
        In Interner Explorer
      • It will require an activex control, please install it
      • Click Accept


        In Firefox
      • It will require an Add-on to be installed, please install it
      • Order to install the Add-on Firefox needs to be restarted, please do so

  • Click Full System Scan
  • It will now download the scanner this may take a while please be patient
  • It will then start scanning wait for the scan to finish
  • Click Automatic cleaning (recommended)
  • Wait for it finish the cleaning process
  • Click show report
  • This will open up a window with the results of the scan copy and paste those results as a reply to this topic



Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#15 User is offline   M.H 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 09-January 12

Posted 21 January 2012 - 10:10 PM

hi Gringo

i managed to complete ESET scanner and found 26, this is the result :

C:\Documents and Settings\User\AppData\Roaming\Mozilla\Firefox\Profiles\wjk8cltn.default\extensions\plugin3@gameplaylabs.com\chrome\content\overlay.js Win32/Adware.GamePlayLabs application
C:\Documents and Settings\User\Documents\Downloads\Compressed\كيجن\كيجن\keygen.exe a variant of Win32/Keygen.AR application
C:\Documents and Settings\User\Documents\Downloads\Programs\AdvancedPCTweaker.exe a variant of Win32/Adware.AdvPCTweak application
C:\Documents and Settings\User\Documents\Downloads\Programs\cnet_KMPlayer_EN_3_0_0_1441_R2_exe.exe a variant of Win32/InstallCore.D application
C:\Documents and Settings\User\Documents\Downloads\Programs\winamp5621_full_emusic-7plus_all.exe Win32/OpenCandy application
C:\Program Files\Advanced PC Tweaker\AdvancedPCTweaker.exe a variant of Win32/Adware.AdvPCTweak application
C:\SwSetup\softwar\e-drow family\edrawmax.exe a variant of Win32/KeyLogger.Ardamax.NAS application
C:\SwSetup\softwar\e-drow family\EDrawNetDiagram.exe a variant of Win32/KeyLogger.Ardamax.NAS application
C:\SwSetup\softwar\e-drow family\EDrawOrgChart.exe a variant of Win32/KeyLogger.Ardamax.NAS application
C:\SwSetup\softwar\e-drow family\EDrawSetup.exe a variant of Win32/KeyLogger.Ardamax.NAS application
C:\SwSetup\softwar\e-drow family\EDrawSoftDiagram.exe a variant of Win32/KeyLogger.Ardamax.NAS application
C:\SwSetup\softwar\e-drow family\Portable Edraw Flowchart v5.1.0.1214 by Birungueta\Portable Edraw Flowchart v5.1.0.1214.exe a variant of Win32/KeyLogger.Ardamax.NAS application
C:\SwSetup\softwar\ESET NOD32 Smart Security 3.0\ESET NOD32 Smart Security 3.0.621(KNIGHTY1973)\ESET.BREAK.v1.0.exe Win32/HackAV.FA application
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wjk8cltn.default\extensions\plugin3@gameplaylabs.com\chrome\content\overlay.js Win32/Adware.GamePlayLabs application
C:\Users\User\Documents\Downloads\Compressed\كيجن\كيجن\keygen.exe a variant of Win32/Keygen.AR application
C:\Users\User\Documents\Downloads\Programs\AdvancedPCTweaker.exe a variant of Win32/Adware.AdvPCTweak application
C:\Users\User\Documents\Downloads\Programs\cnet_KMPlayer_EN_3_0_0_1441_R2_exe.exe a variant of Win32/InstallCore.D application
C:\Users\User\Documents\Downloads\Programs\winamp5621_full_emusic-7plus_all.exe Win32/OpenCandy application
C:\Windows\AutoKMS.exe Win32/HackKMS application
G:\ACAD 2008\AutoCAD-2008-keygen.exe a variant of Win32/Keygen.BT application
G:\my study\is\Information Security (INFO 2602)\It Security Group Project\Live CD OPHCRACK\ophcrack-win32-installer-3.3.1.exe multiple threats
G:\my study\media\cd network 6\CD 6 - Arabsdurra\Visit-Arabsdurra.exe Win32/Packed.Autoit.A.Gen application
G:\my study\program\Aurora Presentation 3D v11.4.19.0\KeyGen Aurora Presentation 3D\keygen.exe a variant of Win32/Keygen.AN application
G:\program\PDF\PDF Password Remover v3.0 on Msr\setup.exe probably a variant of Win32/PSWTool.PdfCracker.A application
G:\program\PDF\PDF Password Remover v3.0 on Msr\winDecrypt.exe probably a variant of Win32/PSWTool.PdfCracker.A application
G:\program\Smartphoneware.Best.Blacklist.v3.0.S60v3.SymbianOS9.incl.Keygen-HSpda_2\keygen.exe a variant of Win32/Keygen.BV application

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users