Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recurring XP Security 2012 infection


  • This topic is locked This topic is locked
13 replies to this topic

#1 lkass

lkass

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 17 December 2011 - 09:44 AM

I seem to have a recurring infection of XP Security 2012. I first started a week ago with a messed up machine. I had ping.exe running as a service, I had a browser hijacker that I think was called "get-results-fast." Any url was hijacked to a pseudo search site with ads. At the same time I got an XP Security 2012 infection. I first just went to task manager and ended any odd looking processes, which killed the hijacker. Then through asearch, I found this site, downloaded rkill.exe, tdss.exe, and ccleaner. I ran all of them and without reboooting ran malwarebytes anti-malware. that all did the trick, everything was fine and normal. About 24 hours later, XP Security 2012 was back. I went to task manager, killed three letter processes, ran rkill.exe and anti-malware. Everything was fine. This keeps happening daily. Some days the infection starts when my AV finds and quarantines a trojan (TR/Fake.Rean4562 or TR/Dldr.Tracur.AH.249). Getting my pc to run normally is relatively easy and quick, but it sure is strange and it happens each evening. As instructed, I've run DeFogger and disabled CD Emulation, run DDS and GMER.

The logs are attached. I've zipped each if them separately.

Attached Files



BC AdBot (Login to Remove)

 


#2 lkass

lkass
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 22 December 2011 - 05:07 PM

Bumping from a little desperation. This morphed into Security Sphere 2012 and now intercepts even task manager and rkill.

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,633 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 23 December 2011 - 09:45 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/432968 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 lkass

lkass
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 23 December 2011 - 10:59 PM

I seem to have a recurring infection of XP Security 2012. I first started a week ago with a messed up machine. I had ping.exe running as a service, I had a browser hijacker that I think was called "get-results-fast." Any url was hijacked to a pseudo search site with ads. At the same time I got an XP Security 2012 infection. I first just went to task manager and ended any odd looking processes, which killed the hijacker. Then through asearch, I found this site, downloaded rkill.exe, tdss.exe, and ccleaner. I ran all of them and without reboooting ran malwarebytes anti-malware. that all did the trick, everything was fine and normal. About 24 hours later, XP Security 2012 was back. I went to task manager, killed three letter processes, ran rkill.exe and anti-malware. Everything was fine. This keeps happening daily. Some days the infection starts when my AV finds and quarantines a trojan (TR/Fake.Rean4562 or TR/Dldr.Tracur.AH.249). Getting my pc to run normally was relatively easy and quick, but the infection seems to have morphed into some called Security Sphere 2012 after a week. This is a bit nastier. It seems to intercept when I try to run almost all .exe files. At first, I couldn't get Rkill to run, not even when I renamed it. It even blocked taskmanager.exe! I was able to get Rkill to run as iexplore.exe, and then ran Malwarebytes AntiMalware. It picked up several infections, but when I rebooted as instructed by AntiMalware, Scurity Spere was back again. After running AntiMalware and rebooting several times with Security Sphere 2012 returning and hijacking my pc each time, I tried SuperAntiSpyware. This seems to have killed it, BUT my anti-virus picked up a trojan, TR/FakeAV.Agent.clz As instructed, I've run DeFogger and disabled CD Emulation, run DDS and GMER.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by ADMIN at 17:19:07 on 2011-12-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1257 [GMT -5:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Mobile Stream\EasyTether\easytthr.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
c:\program files\common files\protexis\license service\psiservice_2.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\iPod\bin\iPodService.exe
svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\taskmgr.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local;<local>
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [EasyTether] "c:\program files\mobile stream\easytether\easytthr.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Act.Outlook.Service] "c:\program files\act\act for windows\Act.Outlook.Service.exe"
mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: intuit.com\ttlc
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1299688309192
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP28EP2-12243/event/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EEC10023-F81E-48C4-A13F-9CBDB3868F37} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\j01lz9c2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z045&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll
FF - plugin: c:\program files\nitro pdf\reader\npdf.dll
FF - plugin: c:\program files\nitro pdf\reader\npnitromozilla.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
.
---- FIREFOX POLICIES ----
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
FF - user.js: accessibility.typeaheadfind.flashBar - 0
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1315308460
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1315308700
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1315308580
FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1313202072
FF - user.js: app.update.lastUpdateTime.places-maintenance-timer - 1304691784
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1315329940
FF - user.js: browser.bookmarks.editDialog.firstEditField - tagsField
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 640000
FF - user.js: browser.download.lastDir - c:\\documents and settings\\admin\\my documents\\jobs\\McAfee
FF - user.js: browser.download.manager.alertOnEXEOpen - true
FF - user.js: browser.feeds.handler.default - bookmarks
FF - user.js: browser.feeds.handlers.application - c:\\program files\\sharpreader\\SharpReader.exe
FF - user.js: browser.feeds.showFirstRunUI - false
FF - user.js: browser.migration.version - 5
FF - user.js: browser.offline - false
FF - user.js: browser.open.lastDir - c:\\documents and settings\\admin\\my documents\\downloads\\Fired to Hired_ Bouncing Back From Job Loss to Get to Work Right Now
FF - user.js: browser.places.importBookmarksHTML - false
FF - user.js: browser.places.smartBookmarksVersion - 2
FF - user.js: browser.preferences.advanced.selectedTabIndex - 1
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.search.defaultthis.engineName - Freecorder Customized Web Search
FF - user.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - user.js: browser.search.useDBForOrder - true
FF - user.js: browser.shell.checkDefaultBrowser - false
FF - user.js: browser.startup.homepage - about:home
FF - user.js: browser.startup.homepage_override.buildID - 20110830092941
FF - user.js: browser.startup.homepage_override.mstone - rv:6.0.1
FF - user.js: browser.syncPromoViewsLeft - 0
FF - user.js: extensions.artur.dubovoy@gmail.com.install-event-fired - true
FF - user.js: extensions.blocklist.pingCountTotal - 111
FF - user.js: extensions.blocklist.pingCountVersion - 5
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.databaseSchema - 4
FF - user.js: extensions.enabledAddons - {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0,jqs@sun.com:1.0,{E4091D66-127C-11DB-903A-DE80D2EFDFE8}:1.6.5.5,{972ce4c6-7e08-4474-a285-3208198ce6fd}:6.0.1
FF - user.js: extensions.enabledItems - {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,jqs@sun.com:1.0,smartwebprinting@hp.com:4.5,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0,artur.dubovoy@gmail.com:2.0.21,{E4091D66-127C-11DB-903A-DE80D2EFDFE8}:1.6.5.4,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - user.js: extensions.epubreader.button_added - true
FF - user.js: extensions.epubreader.count.column.content - single
FF - user.js: extensions.epubreader.dir.import - c:\\documents and settings\\admin\\my documents\\downloads\\50 Psychology Classics
FF - user.js: extensions.epubreader.dir.save - c:\\documents and settings\\admin\\my documents\\My Digital Editions
FF - user.js: extensions.epubreader.dir.sync - c:\\documents and settings\\admin\\My Documents
FF - user.js: extensions.epubreader.paging_dir.content - 2
FF - user.js: extensions.epubreader.toc_collapsed - true
FF - user.js: extensions.epubreader.toolbar_hint_shown - true
FF - user.js: extensions.epubreader.version - 1.4.1.0
FF - user.js: extensions.epubreader.width.frame.left - 120
FF - user.js: extensions.hpsmartwebprinting.firstRun - false
FF - user.js: extensions.imagegrabber.lastdldir - c:\\documents and settings\\admin\\my documents\\My Pictures
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\smartwebprinting@hp.com\:{\descriptor\:\c:\\\\program files\\\\hp\\\\digital imaging\\\\smart web printing\\\\mozillaaddon3\,\mtime\:1299782529078},\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\windows\\\\microsoft.net\\\\framework\\\\v3.5\\\\windows presentation foundation\\\\dotnetassistantextension\,\mtime\:1299849842734},\jqs@sun.com\:{\descriptor\:\c:\\\\program files\\\\java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1299691763968}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1314878658828},\{cafeefac-0016-0000-0022-abcdeffedcba}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{cafeefac-0016-0000-0022-abcdeffedcba}\,\mtime\:1299691772515},\{cafeefac-0016-0000-0024-abcdeffedcba}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{cafeefac-0016-0000-0024-abcdeffedcba}\,\mtime\:1299809331187},\{cafeefac-0016-0000-0026-abcdeffedcba}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{cafeefac-0016-0000-0026-abcdeffedcba}\,\mtime\:1309957763218}}},{\name\:\winreg-app-user\,\addons\:{\smartwebprinting@hp.com\:{\descriptor\:\c:\\\\program files\\\\hp\\\\digital imaging\\\\smart web printing\\\\mozillaaddon3\,\mtime\:1299782529078}}},{\name\:\app-profile\,\addons\:{\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\documents and settings\\\\admin\\\\application data\\\\mozilla\\\\firefox\\\\profiles\\\\j01lz9c2.default\\\\extensions\\\\{20a82645-c095-46ed-80e3-08825760534b}\,\mtime\:1299871350250},\{5384767e-00d9-40e9-b72f-9cc39d655d6f}\:{\descriptor\:\c:\\\\documents and settings\\\\admin\\\\application data\\\\mozilla\\\\firefox\\\\profiles\\\\j01lz9c2.default\\\\extensions\\\\{5384767e-00d9-40e9-b72f-9cc39d655d6f}\,\mtime\:1306428371437},\{e4091d66-127c-11db-903a-de80d2efdfe8}\:{\descriptor\:\c:\\\\documents and settings\\\\admin\\\\application data\\\\mozilla\\\\firefox\\\\profiles\\\\j01lz9c2.default\\\\extensions\\\\{e4091d66-127c-11db-903a-de80d2efdfe8}\,\mtime\:1314987004140}}}]
FF - user.js: extensions.jqs@sun.com.install-event-fired - true
FF - user.js: extensions.lastAppVersion - 6.0.1
FF - user.js: extensions.lastPlatformVersion - 6.0.1
FF - user.js: extensions.pendingOperations - false
FF - user.js: extensions.register@pgport.com.data - {ef522540-89f5-46b9-b6fe-1829e2b572c6},0,9999,999.999.999,9999,|{c50ca3c4-5656-43c2-a061-13e717f73fc8},5300,5300,4.0.1,5300,fvd|fvd@kallout.com,5200,5200,4.0.1,5200,fvd|fbg@pgport.com,0,5100,0.0.0,4600,|kosa@kallout.com,5000,5000,2.0.1,5000,kosa|ytvdh@pgport.com,0,4800,1.1.3,4800,|ytvdw@pgport.com,0,4700,1.1.3,4700,
FF - user.js: extensions.register@pgport.com.version - 1012
FF - user.js: extensions.smartwebprinting@hp.com.install-event-fired - true
FF - user.js: extensions.update.notifyUser - false
FF - user.js: extensions.ytvdw@pgport.com.install-event-fired - true
FF - user.js: extensions.ytvdw@pgport.com.version - 1.1.8
FF - user.js: extensions.{1392b8d2-5c05-419f-a8f6-b9f15a596612}.install-event-fired - true
FF - user.js: extensions.{20a82645-c095-46ed-80e3-08825760534b}.install-event-fired - true
FF - user.js: extensions.{5384767E-00D9-40E9-B72F-9CC39D655D6F}.install-event-fired - true
FF - user.js: extensions.{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}.install-event-fired - true
FF - user.js: extensions.{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}.install-event-fired - true
FF - user.js: extensions.{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}.install-event-fired - true
FF - user.js: extensions.{E4091D66-127C-11DB-903A-DE80D2EFDFE8}.install-event-fired - true
FF - user.js: extensions.{ba14329e-9550-4989-b3f2-9732e92d17cc}.install-event-fired - true
FF - user.js: extentions.y2layers.installId - d4dd716d-96c2-487b-82de-764bd9830697
FF - user.js: fvd.display.search - false
FF - user.js: fvd.display.tab_preview - true
FF - user.js: fvd.download.window_height - 650
FF - user.js: fvd.download.window_width - 650
FF - user.js: fvd.install_date - Sat Aug 06 2011 18:50:59 GMT-0400 (Eastern Daylight Time)
FF - user.js: fvd.is_single_user - false
FF - user.js: fvd.search.see_queries - false
FF - user.js: fvd.storage.last_clearing_time - 1312760501479
FF - user.js: fvd.supported_sites.check_interval - 2332891448
FF - user.js: fvd.supported_sites.last_check - Sat, 06 Aug 2011 23:17:18 GMT
FF - user.js: fvd.toolbar.dont_display_features_hint - false
FF - user.js: fvd.toolbar.hook.pages_errors - false
FF - user.js: fvd.updater.last_check - Sat, 06 Aug 2011 23:17:18 GMT
FF - user.js: fvd_single.counters.youtube - 4
FF - user.js: fvd_single.download.folder - c:\\documents and settings\\admin\\my documents\\Golf
FF - user.js: fvd_single.fvd_toolbar_guid_wait - {9051303c-7e41-4311-a783-d6fe5ef2832d}
FF - user.js: fvd_single.install_date - Tue Aug 02 2011 10:12:24 GMT-0400 (Eastern Daylight Time)
FF - user.js: fvd_single.license.usage.agree - true
FF - user.js: fvd_single.single.dont_display_features_hint - true
FF - user.js: fvd_single.supported_sites.check_interval - 2420314685
FF - user.js: fvd_single.supported_sites.last_check - Tue, 14 Jun 2011 16:41:05 GMT
FF - user.js: general.useragent.extra.microsoftdotnet - (.NET CLR 3.5.30729)
FF - user.js: idle.lastDailyNotification - 1315309177
FF - user.js: intl.charsetmenu.browser.cache - windows-1251, UTF-8, us-ascii, windows-1252, ISO-8859-1
FF - user.js: keyword.URL - hxxp://www.bing.com/search?pc=Z045&form=ZGAADF&q=
FF - user.js: microsoft.CLR.auto_install - false
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: places.database.lastMaintenance - 1315309177
FF - user.js: places.history.expiration.transient_current_max_pages - 64358
FF - user.js: places.last_vacuum - 1299768956
FF - user.js: pref.browser.homepage.disable_button.restore_default - false
FF - user.js: print.print_printer - PrimoPDF
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_bgcolor - false
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_bgimages - false
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_command -
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_downloadfonts - false
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_edge_bottom - 0
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_edge_left - 0
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_edge_right - 0
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_edge_top - 0
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_evenpages - true
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_footercenter -
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_footerleft - &PT
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_footerright - &D
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_headercenter -
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_headerleft - &T
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_headerright - &U
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_in_color - true
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_margin_bottom - 0.5
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_margin_left - 0.5
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_margin_right - 0.5
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_margin_top - 0.5
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_oddpages - true
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_orientation - 0
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_pagedelay - 500
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_paper_data - 1
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_paper_height - 11.00
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_paper_size_type - 0
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_paper_size_unit - 0
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_paper_width - 8.50
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_reversed - false
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_scaling - 1.00
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_shrink_to_fit - true
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_to_file - false
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_to_filename -
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_unwriteable_margin_bottom - 0
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_unwriteable_margin_left - 0
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_unwriteable_margin_right - 0
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_unwriteable_margin_top - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_bgcolor - false
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_bgimages - false
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_command -
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_downloadfonts - false
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_edge_bottom - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_edge_left - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_edge_right - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_edge_top - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_evenpages - true
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_footercenter -
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_footerleft - &PT
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_footerright - &D
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_headercenter -
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_headerleft - &T
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_headerright - &U
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_in_color - true
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_margin_bottom - 0.5
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_margin_left - 0.5
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_margin_right - 0.5
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_margin_top - 0.5
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_oddpages - true
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_orientation - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_page_delay - 50
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_pagedelay - 500
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_paper_data - 1
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_paper_height - 11.00
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_paper_size_type - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_paper_size_unit - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_paper_width - 8.50
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_reversed - false
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_scaling - 1.00
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_shrink_to_fit - true
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_to_file - false
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_to_filename -
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_unwriteable_margin_bottom - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_unwriteable_margin_left - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_unwriteable_margin_right - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_unwriteable_margin_top - 0
FF - user.js: print.printer_PrimoPDF.print_bgcolor - false
FF - user.js: print.printer_PrimoPDF.print_bgimages - false
FF - user.js: print.printer_PrimoPDF.print_command -
FF - user.js: print.printer_PrimoPDF.print_downloadfonts - false
FF - user.js: print.printer_PrimoPDF.print_edge_bottom - 0
FF - user.js: print.printer_PrimoPDF.print_edge_left - 0
FF - user.js: print.printer_PrimoPDF.print_edge_right - 0
FF - user.js: print.printer_PrimoPDF.print_edge_top - 0
FF - user.js: print.printer_PrimoPDF.print_evenpages - true
FF - user.js: print.printer_PrimoPDF.print_footercenter -
FF - user.js: print.printer_PrimoPDF.print_footerleft - &PT
FF - user.js: print.printer_PrimoPDF.print_footerright - &D
FF - user.js: print.printer_PrimoPDF.print_headercenter -
FF - user.js: print.printer_PrimoPDF.print_headerleft - &T
FF - user.js: print.printer_PrimoPDF.print_headerright - &U
FF - user.js: print.printer_PrimoPDF.print_in_color - true
FF - user.js: print.printer_PrimoPDF.print_margin_bottom - 0.5
FF - user.js: print.printer_PrimoPDF.print_margin_left - 0.5
FF - user.js: print.printer_PrimoPDF.print_margin_right - 0.5
FF - user.js: print.printer_PrimoPDF.print_margin_top - 0.5
FF - user.js: print.printer_PrimoPDF.print_oddpages - true
FF - user.js: print.printer_PrimoPDF.print_orientation - 0
FF - user.js: print.printer_PrimoPDF.print_page_delay - 50
FF - user.js: print.printer_PrimoPDF.print_pagedelay - 500
FF - user.js: print.printer_PrimoPDF.print_paper_data - 1
FF - user.js: print.printer_PrimoPDF.print_paper_height - 11.00
FF - user.js: print.printer_PrimoPDF.print_paper_size_type - 0
FF - user.js: print.printer_PrimoPDF.print_paper_size_unit - 0
FF - user.js: print.printer_PrimoPDF.print_paper_width - 8.50
FF - user.js: print.printer_PrimoPDF.print_reversed - false
FF - user.js: print.printer_PrimoPDF.print_scaling - 1.00
FF - user.js: print.printer_PrimoPDF.print_shrink_to_fit - true
FF - user.js: print.printer_PrimoPDF.print_to_file - false
FF - user.js: print.printer_PrimoPDF.print_to_filename -
FF - user.js: print.printer_PrimoPDF.print_unwriteable_margin_bottom - 0
FF - user.js: print.printer_PrimoPDF.print_unwriteable_margin_left - 0
FF - user.js: print.printer_PrimoPDF.print_unwriteable_margin_right - 0
FF - user.js: print.printer_PrimoPDF.print_unwriteable_margin_top - 0
FF - user.js: print_printer - PrimoPDF
FF - user.js: printer_PrimoPDF.print_bgcolor - false
FF - user.js: printer_PrimoPDF.print_bgimages - false
FF - user.js: printer_PrimoPDF.print_colorspace -
FF - user.js: printer_PrimoPDF.print_command -
FF - user.js: printer_PrimoPDF.print_downloadfonts - false
FF - user.js: printer_PrimoPDF.print_edge_bottom - 0
FF - user.js: printer_PrimoPDF.print_edge_left - 0
FF - user.js: printer_PrimoPDF.print_edge_right - 0
FF - user.js: printer_PrimoPDF.print_edge_top - 0
FF - user.js: printer_PrimoPDF.print_evenpages - true
FF - user.js: printer_PrimoPDF.print_footercenter -
FF - user.js: printer_PrimoPDF.print_footerleft - &PT
FF - user.js: printer_PrimoPDF.print_footerright - &D
FF - user.js: printer_PrimoPDF.print_headercenter -
FF - user.js: printer_PrimoPDF.print_headerleft - &T
FF - user.js: printer_PrimoPDF.print_headerright - &U
FF - user.js: printer_PrimoPDF.print_in_color - true
FF - user.js: printer_PrimoPDF.print_margin_bottom - 0.5
FF - user.js: printer_PrimoPDF.print_margin_left - 0.5
FF - user.js: printer_PrimoPDF.print_margin_right - 0.5
FF - user.js: printer_PrimoPDF.print_margin_top - 0.5
FF - user.js: printer_PrimoPDF.print_oddpages - true
FF - user.js: printer_PrimoPDF.print_orientation - 0
FF - user.js: printer_PrimoPDF.print_page_delay - 50
FF - user.js: printer_PrimoPDF.print_paper_data - 1
FF - user.js: printer_PrimoPDF.print_paper_height - 11.00
FF - user.js: printer_PrimoPDF.print_paper_name -
FF - user.js: printer_PrimoPDF.print_paper_size_type - 0
FF - user.js: printer_PrimoPDF.print_paper_size_unit - 0
FF - user.js: printer_PrimoPDF.print_paper_width - 8.50
FF - user.js: printer_PrimoPDF.print_plex_name -
FF - user.js: printer_PrimoPDF.print_resolution_name -
FF - user.js: printer_PrimoPDF.print_reversed - false
FF - user.js: printer_PrimoPDF.print_scaling - 1.00
FF - user.js: printer_PrimoPDF.print_shrink_to_fit - true
FF - user.js: printer_PrimoPDF.print_to_file - false
FF - user.js: printer_PrimoPDF.print_to_filename -
FF - user.js: printer_PrimoPDF.print_unwriteable_margin_bottom - 0
FF - user.js: printer_PrimoPDF.print_unwriteable_margin_left - 0
FF - user.js: printer_PrimoPDF.print_unwriteable_margin_right - 0
FF - user.js: printer_PrimoPDF.print_unwriteable_margin_top - 0
FF - user.js: privacy.cpd.sessions - false
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: privacy.sanitize.timeSpan - 4
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: services.sync.clients.lastSync - 0
FF - user.js: services.sync.clients.lastSyncLocal - 0
FF - user.js: services.sync.migrated - true
FF - user.js: services.sync.tabs.lastSync - 0
FF - user.js: services.sync.tabs.lastSyncLocal - 0
FF - user.js: storage.vacuum.last.index - 1
FF - user.js: storage.vacuum.last.places.sqlite - 1312726207
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1317900224
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.36 -
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-6-17 13496]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-12 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-11-20 494424]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-12-12 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-12-12 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-12-12 74640]
R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2011-12-16 331096]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService2.exe [2011-10-10 196912]
R3 easytether;easytether;c:\windows\system32\drivers\easytthr.sys [2011-3-9 17232]
S0 cerc6;cerc6; [x]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2011-9-12 65536]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-9 136176]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2007-2-10 29178224]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-10-5 30312]
S3 egxfilter;egxfilter;c:\windows\system32\drivers\egxfilter.sys [2011-3-9 93568]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-9 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-11 22216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-10-5 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-10-5 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-10-5 121576]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-11 366152]
.
=============== Created Last 30 ================
.
2011-12-23 10:40:51 -------- d-----w- c:\documents and settings\admin\application data\SUPERAntiSpyware.com
2011-12-23 10:39:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-23 10:39:03 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-12-22 23:28:01 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2011-12-22 23:28:00 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2011-12-22 23:27:59 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2011-12-22 23:27:58 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2011-12-22 21:00:42 -------- d-----w- c:\documents and settings\all users\application data\cP21712OhPmO21712
2011-12-19 18:47:16 15416 ----atw- c:\documents and settings\admin\application data\microsoft\rsaadjd.dll
2011-12-19 18:47:16 13984 ----atw- c:\documents and settings\admin\application data\microsoft\mjcriu.dll
2011-12-19 18:47:15 14392 ----atw- c:\documents and settings\admin\application data\microsoft\kfgresk.dll
2011-12-19 18:47:15 10808 ----atw- c:\documents and settings\admin\application data\microsoft\peaadje.dll
2011-12-19 18:47:14 26200 ----atw- c:\documents and settings\admin\application data\microsoft\qwadjb.dll
2011-12-19 18:47:14 16952 ----atw- c:\documents and settings\admin\application data\microsoft\1eaadjc.dll
2011-12-19 18:47:12 98360 ----atw- c:\documents and settings\admin\application data\microsoft\~DFK65884f.tmp
2011-12-19 18:47:12 18724 ----atw- c:\documents and settings\admin\application data\microsoft\bass.dll
2011-12-13 21:53:16 -------- d-----w- c:\program files\Ken Rename
2011-12-13 21:40:47 -------- d-----w- c:\documents and settings\admin\application data\Foxit Software
2011-12-13 02:43:30 -------- d-----w- c:\documents and settings\admin\application data\Avira
2011-12-13 02:37:40 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-12-13 02:37:40 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-13 02:37:35 -------- d-----w- c:\documents and settings\all users\application data\Avira
2011-12-13 02:37:34 -------- d-----w- c:\program files\Avira
2011-12-12 17:25:12 -------- d-sha-r- C:\cmdcons
2011-12-12 00:23:26 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-12 00:23:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-11 23:03:51 -------- d-----w- c:\program files\CCleaner
2011-11-27 17:36:08 594560 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor80.dll
2011-11-27 17:36:06 -------- d-----w- C:\temp
.
==================== Find3M ====================
.
2011-12-12 03:08:28 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-12-11 22:53:46 1108 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 09:39:36 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
2011-11-01 23:06:45 0 -c--a-w- c:\windows\system32\ConduitEngine.tmp
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-20 03:16:14 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-10 12:31:12 17712 -c--a-w- c:\windows\system32\nitrolocalui2.dll
2011-10-10 12:31:10 26416 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 17:19:33.53 ===============

Attached Files



#5 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 24 December 2011 - 09:29 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until Iíve given you the ďAll clear.Ē Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image P2P - I see you have P2P software (uTorrent, SteamTorrent) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to malware infections. Please see this post for more information. I recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs. If you choose to keep these applications, please do not use them until our fixes are complete.

Posted Image Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#6 lkass

lkass
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 27 December 2011 - 10:34 AM

Thank you for your reply. As you suggested, I removed both utorrent and streamtorrent. I ran combofix. He is the log:

ComboFix 11-12-27.01 - ADMIN 12/27/2011 10:05:18.6.2 - x86
Running from: c:\documents and settings\ADMIN\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\ADMIN\Application Data\Microsoft\~DFK65884f.tmp
c:\documents and settings\ADMIN\Application Data\Microsoft\1eaadjc.dll
c:\documents and settings\ADMIN\Application Data\Microsoft\bass.dll
c:\documents and settings\ADMIN\Application Data\Microsoft\kfgresk.dll
c:\documents and settings\ADMIN\Application Data\Microsoft\mjcriu.dll
c:\documents and settings\ADMIN\Application Data\Microsoft\peaadje.dll
c:\documents and settings\ADMIN\Application Data\Microsoft\qwadjb.dll
c:\documents and settings\ADMIN\Application Data\Microsoft\rsaadjd.dll
c:\documents and settings\ADMIN\Application Data\vso_ts_preview.xml
c:\documents and settings\All Users\Application Data\u4mv34k0fq2qcs
c:\windows\EventSystem.log
.
.
((((((((((((((((((((((((( Files Created from 2011-11-27 to 2011-12-27 )))))))))))))))))))))))))))))))
.
.
2011-12-23 10:40 . 2011-12-23 10:40 -------- d-----w- c:\documents and settings\ADMIN\Application Data\SUPERAntiSpyware.com
2011-12-23 10:39 . 2011-12-23 10:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-23 10:39 . 2011-12-23 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-12-22 23:28 . 2011-12-22 23:28 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-12-22 23:28 . 2011-12-22 23:28 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2011-12-22 23:27 . 2011-12-22 23:27 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2011-12-22 23:27 . 2011-12-22 23:27 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2011-12-22 21:00 . 2011-12-23 11:18 -------- d-----w- c:\documents and settings\All Users\Application Data\cP21712OhPmO21712
2011-12-15 06:07 . 2011-12-15 06:07 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Foxit Software
2011-12-13 21:53 . 2011-12-13 21:59 -------- d-----w- c:\program files\Ken Rename
2011-12-13 21:40 . 2011-12-13 21:41 -------- d-----w- c:\documents and settings\ADMIN\Application Data\Foxit Software
2011-12-13 21:40 . 2011-12-13 21:40 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Foxit Software
2011-12-13 02:43 . 2011-12-13 02:43 -------- d-----w- c:\documents and settings\ADMIN\Application Data\Avira
2011-12-13 02:37 . 2011-12-09 17:40 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-13 02:37 . 2011-12-09 17:40 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-12-13 02:37 . 2011-12-09 17:40 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-13 02:37 . 2011-12-13 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-12-13 02:37 . 2011-12-13 02:37 -------- d-----w- c:\program files\Avira
2011-12-12 00:23 . 2011-12-12 00:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-12 00:23 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-11 23:03 . 2011-12-11 23:03 -------- d-----w- c:\program files\CCleaner
2011-11-27 17:36 . 2011-12-16 21:16 594560 ----a-w- c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor80.dll
2011-11-27 17:36 . 2011-11-27 17:36 -------- d-----w- C:\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-12 03:08 . 2008-04-14 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-12-11 22:53 . 2011-09-13 03:47 1108 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2011-11-23 13:25 . 2008-04-14 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 09:39 . 2011-05-19 23:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2011-11-01 23:06 . 2011-05-04 13:05 0 -c--a-w- c:\windows\system32\ConduitEngine.tmp
2011-11-01 16:07 . 2008-04-14 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2008-04-14 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-20 03:16 . 2011-11-20 19:10 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-10-18 11:13 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2009-04-29 18:44 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-10 12:31 . 2011-06-22 19:58 17712 -c--a-w- c:\windows\system32\nitrolocalui2.dll
2011-10-10 12:31 . 2011-06-22 19:58 26416 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2011-10-05 19:49 . 2011-10-05 19:49 58704 ----a-r- c:\documents and settings\ADMIN\Application Data\Microsoft\Installer\{9F153AD3-3523-4542-818E-AE2F92249667}\ARPPRODUCTICON.exe
2011-04-21 17:07 . 2011-04-21 17:07 289592 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2011-12-22 23:27 . 2011-05-06 14:33 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTether"="c:\program files\Mobile Stream\EasyTether\easytthr.exe" [2010-12-19 48456]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-09 39408]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-10 619352]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-09-07 1236992]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Act.Outlook.Service"="c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe" [2007-10-24 9728]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-02-12 163840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-09 258512]
.
c:\documents and settings\ADMIN\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\\setup\\hpznui01.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\ACT\\Act for Windows\\ActSage.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [6/17/2011 5:44 AM 13496]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [12/12/2011 9:37 PM 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [11/20/2011 1:33 PM 494424]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/12/2011 9:37 PM 86224]
R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [12/16/2011 8:44 PM 331096]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe [10/10/2011 7:32 AM 196912]
R3 easytether;easytether;c:\windows\system32\drivers\easytthr.sys [3/9/2011 1:18 PM 17232]
S0 cerc6;cerc6; [x]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [9/12/2011 10:40 PM 65536]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/9/2011 1:12 PM 136176]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2/10/2007 4:29 AM 29178224]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [10/5/2011 2:50 PM 30312]
S3 egxfilter;egxfilter;c:\windows\system32\drivers\egxfilter.sys [3/9/2011 11:37 AM 93568]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/9/2011 1:12 PM 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/11/2011 7:23 PM 22216]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [10/5/2011 2:50 PM 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [10/5/2011 2:50 PM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [10/5/2011 2:50 PM 121576]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/14/2008 7:00 AM 14336]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/11/2011 7:23 PM 366152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-09 18:12]
.
2011-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-09 18:12]
.
2011-12-26 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-06-03 00:19]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\j01lz9c2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z045&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 4
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
FF - user.js: accessibility.typeaheadfind.flashBar - 0
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1315308460
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1315308700
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1315308580
FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1313202072
FF - user.js: app.update.lastUpdateTime.places-maintenance-timer - 1304691784
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1315329940
FF - user.js: browser.bookmarks.editDialog.firstEditField - tagsField
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 640000
FF - user.js: browser.download.lastDir - c:\\Documents and Settings\\ADMIN\\My Documents\\Jobs\\McAfee
FF - user.js: browser.download.manager.alertOnEXEOpen - true
FF - user.js: browser.feeds.handler.default - bookmarks
FF - user.js: browser.feeds.handlers.application - c:\\Program Files\\SharpReader\\SharpReader.exe
FF - user.js: browser.feeds.showFirstRunUI - false
FF - user.js: browser.migration.version - 5
FF - user.js: browser.offline - false
FF - user.js: browser.open.lastDir - c:\\Documents and Settings\\ADMIN\\My Documents\\Downloads\\Fired to Hired_ Bouncing Back From Job Loss to Get to Work Right Now
FF - user.js: browser.places.importBookmarksHTML - false
FF - user.js: browser.places.smartBookmarksVersion - 2
FF - user.js: browser.preferences.advanced.selectedTabIndex - 1
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.search.defaultthis.engineName - Freecorder Customized Web Search
FF - user.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - user.js: browser.search.useDBForOrder - true
FF - user.js: browser.shell.checkDefaultBrowser - false
FF - user.js: browser.startup.homepage - about:home
FF - user.js: browser.startup.homepage_override.buildID - 20110830092941
FF - user.js: browser.startup.homepage_override.mstone - rv:6.0.1
FF - user.js: browser.syncPromoViewsLeft - 0
FF - user.js: extensions.artur.dubovoy@gmail.com.install-event-fired - true
FF - user.js: extensions.blocklist.pingCountTotal - 111
FF - user.js: extensions.blocklist.pingCountVersion - 5
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.databaseSchema - 4
FF - user.js: extensions.enabledAddons - {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0,jqs@sun.com:1.0,{E4091D66-127C-11DB-903A-DE80D2EFDFE8}:1.6.5.5,{972ce4c6-7e08-4474-a285-3208198ce6fd}:6.0.1
FF - user.js: extensions.enabledItems - {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,jqs@sun.com:1.0,smartwebprinting@hp.com:4.5,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0,artur.dubovoy@gmail.com:2.0.21,{E4091D66-127C-11DB-903A-DE80D2EFDFE8}:1.6.5.4,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - user.js: extensions.epubreader.button_added - true
FF - user.js: extensions.epubreader.count.column.content - single
FF - user.js: extensions.epubreader.dir.import - c:\\Documents and Settings\\ADMIN\\My Documents\\Downloads\\50 Psychology Classics
FF - user.js: extensions.epubreader.dir.save - c:\\Documents and Settings\\ADMIN\\My Documents\\My Digital Editions
FF - user.js: extensions.epubreader.dir.sync - c:\\Documents and Settings\\ADMIN\\My Documents
FF - user.js: extensions.epubreader.paging_dir.content - 2
FF - user.js: extensions.epubreader.toc_collapsed - true
FF - user.js: extensions.epubreader.toolbar_hint_shown - true
FF - user.js: extensions.epubreader.version - 1.4.1.0
FF - user.js: extensions.epubreader.width.frame.left - 120
FF - user.js: extensions.hpsmartwebprinting.firstRun - false
FF - user.js: extensions.imagegrabber.lastdldir - c:\\Documents and Settings\\ADMIN\\My Documents\\My Pictures
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\smartwebprinting@hp.com\:{\descriptor\:\c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Smart Web Printing\\\\MozillaAddOn3\,\mtime\:1299782529078},\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\WINDOWS\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\,\mtime\:1299849842734},\jqs@sun.com\:{\descriptor\:\c:\\\\Program Files\\\\Java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1299691763968}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1314878658828},\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\,\mtime\:1299691772515},\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\,\mtime\:1299809331187},\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\,\mtime\:1309957763218}}},{\name\:\winreg-app-user\,\addons\:{\smartwebprinting@hp.com\:{\descriptor\:\c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Smart Web Printing\\\\MozillaAddOn3\,\mtime\:1299782529078}}},{\name\:\app-profile\,\addons\:{\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\Documents and Settings\\\\ADMIN\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\j01lz9c2.default\\\\extensions\\\\{20a82645-c095-46ed-80e3-08825760534b}\,\mtime\:1299871350250},\{5384767E-00D9-40E9-B72F-9CC39D655D6F}\:{\descriptor\:\c:\\\\Documents and Settings\\\\ADMIN\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\j01lz9c2.default\\\\extensions\\\\{5384767E-00D9-40E9-B72F-9CC39D655D6F}\,\mtime\:1306428371437},\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}\:{\descriptor\:\c:\\\\Documents and Settings\\\\ADMIN\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\j01lz9c2.default\\\\extensions\\\\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}\,\mtime\:1314987004140}}}]
FF - user.js: extensions.jqs@sun.com.install-event-fired - true
FF - user.js: extensions.lastAppVersion - 6.0.1
FF - user.js: extensions.lastPlatformVersion - 6.0.1
FF - user.js: extensions.pendingOperations - false
FF - user.js: extensions.register@pgport.com.data - {ef522540-89f5-46b9-b6fe-1829e2b572c6},0,9999,999.999.999,9999,|{c50ca3c4-5656-43c2-a061-13e717f73fc8},5300,5300,4.0.1,5300,fvd|fvd@kallout.com,5200,5200,4.0.1,5200,fvd|fbg@pgport.com,0,5100,0.0.0,4600,|kosa@kallout.com,5000,5000,2.0.1,5000,kosa|ytvdh@pgport.com,0,4800,1.1.3,4800,|ytvdw@pgport.com,0,4700,1.1.3,4700,
FF - user.js: extensions.register@pgport.com.version - 1012
FF - user.js: extensions.smartwebprinting@hp.com.install-event-fired - true
FF - user.js: extensions.update.notifyUser - false
FF - user.js: extensions.ytvdw@pgport.com.install-event-fired - true
FF - user.js: extensions.ytvdw@pgport.com.version - 1.1.8
FF - user.js: extensions.{1392b8d2-5c05-419f-a8f6-b9f15a596612}.install-event-fired - true
FF - user.js: extensions.{20a82645-c095-46ed-80e3-08825760534b}.install-event-fired - true
FF - user.js: extensions.{5384767E-00D9-40E9-B72F-9CC39D655D6F}.install-event-fired - true
FF - user.js: extensions.{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}.install-event-fired - true
FF - user.js: extensions.{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}.install-event-fired - true
FF - user.js: extensions.{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}.install-event-fired - true
FF - user.js: extensions.{E4091D66-127C-11DB-903A-DE80D2EFDFE8}.install-event-fired - true
FF - user.js: extensions.{ba14329e-9550-4989-b3f2-9732e92d17cc}.install-event-fired - true
FF - user.js: extentions.y2layers.installId - d4dd716d-96c2-487b-82de-764bd9830697
FF - user.js: fvd.display.search - false
FF - user.js: fvd.display.tab_preview - true
FF - user.js: fvd.download.window_height - 650
FF - user.js: fvd.download.window_width - 650
FF - user.js: fvd.install_date - Sat Aug 06 2011 18:50 GMT-0400 (Eastern Daylight Time)
FF - user.js: fvd.is_single_user - false
FF - user.js: fvd.search.see_queries - false
FF - user.js: fvd.storage.last_clearing_time - 1312760501479
FF - user.js: fvd.supported_sites.check_interval - 2332891448
FF - user.js: fvd.supported_sites.last_check - Sat, 06 Aug 2011 23:17 GMT
FF - user.js: fvd.toolbar.dont_display_features_hint - false
FF - user.js: fvd.toolbar.hook.pages_errors - false
FF - user.js: fvd.updater.last_check - Sat, 06 Aug 2011 23:17 GMT
FF - user.js: fvd_single.counters.youtube - 4
FF - user.js: fvd_single.download.folder - c:\\Documents and Settings\\ADMIN\\My Documents\\Golf
FF - user.js: fvd_single.fvd_toolbar_guid_wait - {9051303c-7e41-4311-a783-d6fe5ef2832d}
FF - user.js: fvd_single.install_date - Tue Aug 02 2011 10:12 GMT-0400 (Eastern Daylight Time)
FF - user.js: fvd_single.license.usage.agree - true
FF - user.js: fvd_single.single.dont_display_features_hint - true
FF - user.js: fvd_single.supported_sites.check_interval - 2420314685
FF - user.js: fvd_single.supported_sites.last_check - Tue, 14 Jun 2011 16:41 GMT
FF - user.js: general.useragent.extra.microsoftdotnet - (.NET CLR 3.5.30729)
FF - user.js: idle.lastDailyNotification - 1315309177
FF - user.js: intl.charsetmenu.browser.cache - windows-1251, UTF-8, us-ascii, windows-1252, ISO-8859-1
FF - user.js: keyword.URL - hxxp://www.bing.com/search?pc=Z045&form=ZGAADF&q=
FF - user.js: microsoft.CLR.auto_install - false
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: places.database.lastMaintenance - 1315309177
FF - user.js: places.history.expiration.transient_current_max_pages - 64358
FF - user.js: places.last_vacuum - 1299768956
FF - user.js: pref.browser.homepage.disable_button.restore_default - false
FF - user.js: print.print_printer - PrimoPDF
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_bgcolor - false
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_bgimages - false
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_command -
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_downloadfonts - false
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_edge_bottom - 0
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_edge_left - 0
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_edge_right - 0
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_edge_top - 0
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_evenpages - true
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_footercenter -
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_footerleft - &PT
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_footerright - &D
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_headercenter -
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_headerleft - &T
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_headerright - &U
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_in_color - true
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_margin_bottom - 0.5
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_margin_left - 0.5
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_margin_right - 0.5
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_margin_top - 0.5
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_oddpages - true
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_orientation - 0
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_pagedelay - 500
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_paper_data - 1
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_paper_height - 11.00
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_paper_size_type - 0
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_paper_size_unit - 0
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_paper_width - 8.50
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_reversed - false
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_scaling - 1.00
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_shrink_to_fit - true
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_to_file - false
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_to_filename -
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_unwriteable_margin_bottom - 0
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_unwriteable_margin_left - 0
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_unwriteable_margin_right - 0
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_unwriteable_margin_top - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_bgcolor - false
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_bgimages - false
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_command -
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_downloadfonts - false
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_edge_bottom - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_edge_left - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_edge_right - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_edge_top - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_evenpages - true
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_footercenter -
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_footerleft - &PT
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_footerright - &D
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_headercenter -
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_headerleft - &T
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_headerright - &U
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_in_color - true
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_margin_bottom - 0.5
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_margin_left - 0.5
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_margin_right - 0.5
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_margin_top - 0.5
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_oddpages - true
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_orientation - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_page_delay - 50
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_pagedelay - 500
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_paper_data - 1
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_paper_height - 11.00
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_paper_size_type - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_paper_size_unit - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_paper_width - 8.50
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_reversed - false
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_scaling - 1.00
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_shrink_to_fit - true
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_to_file - false
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_to_filename -
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_unwriteable_margin_bottom - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_unwriteable_margin_left - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_unwriteable_margin_right - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_unwriteable_margin_top - 0
FF - user.js: print.printer_PrimoPDF.print_bgcolor - false
FF - user.js: print.printer_PrimoPDF.print_bgimages - false
FF - user.js: print.printer_PrimoPDF.print_command -
FF - user.js: print.printer_PrimoPDF.print_downloadfonts - false
FF - user.js: print.printer_PrimoPDF.print_edge_bottom - 0
FF - user.js: print.printer_PrimoPDF.print_edge_left - 0
FF - user.js: print.printer_PrimoPDF.print_edge_right - 0
FF - user.js: print.printer_PrimoPDF.print_edge_top - 0
FF - user.js: print.printer_PrimoPDF.print_evenpages - true
FF - user.js: print.printer_PrimoPDF.print_footercenter -
FF - user.js: print.printer_PrimoPDF.print_footerleft - &PT
FF - user.js: print.printer_PrimoPDF.print_footerright - &D
FF - user.js: print.printer_PrimoPDF.print_headercenter -
FF - user.js: print.printer_PrimoPDF.print_headerleft - &T
FF - user.js: print.printer_PrimoPDF.print_headerright - &U
FF - user.js: print.printer_PrimoPDF.print_in_color - true
FF - user.js: print.printer_PrimoPDF.print_margin_bottom - 0.5
FF - user.js: print.printer_PrimoPDF.print_margin_left - 0.5
FF - user.js: print.printer_PrimoPDF.print_margin_right - 0.5
FF - user.js: print.printer_PrimoPDF.print_margin_top - 0.5
FF - user.js: print.printer_PrimoPDF.print_oddpages - true
FF - user.js: print.printer_PrimoPDF.print_orientation - 0
FF - user.js: print.printer_PrimoPDF.print_page_delay - 50
FF - user.js: print.printer_PrimoPDF.print_pagedelay - 500
FF - user.js: print.printer_PrimoPDF.print_paper_data - 1
FF - user.js: print.printer_PrimoPDF.print_paper_height - 11.00
FF - user.js: print.printer_PrimoPDF.print_paper_size_type - 0
FF - user.js: print.printer_PrimoPDF.print_paper_size_unit - 0
FF - user.js: print.printer_PrimoPDF.print_paper_width - 8.50
FF - user.js: print.printer_PrimoPDF.print_reversed - false
FF - user.js: print.printer_PrimoPDF.print_scaling - 1.00
FF - user.js: print.printer_PrimoPDF.print_shrink_to_fit - true
FF - user.js: print.printer_PrimoPDF.print_to_file - false
FF - user.js: print.printer_PrimoPDF.print_to_filename -
FF - user.js: print.printer_PrimoPDF.print_unwriteable_margin_bottom - 0
FF - user.js: print.printer_PrimoPDF.print_unwriteable_margin_left - 0
FF - user.js: print.printer_PrimoPDF.print_unwriteable_margin_right - 0
FF - user.js: print.printer_PrimoPDF.print_unwriteable_margin_top - 0
FF - user.js: print_printer - PrimoPDF
FF - user.js: printer_PrimoPDF.print_bgcolor - false
FF - user.js: printer_PrimoPDF.print_bgimages - false
FF - user.js: printer_PrimoPDF.print_colorspace -
FF - user.js: printer_PrimoPDF.print_command -
FF - user.js: printer_PrimoPDF.print_downloadfonts - false
FF - user.js: printer_PrimoPDF.print_edge_bottom - 0
FF - user.js: printer_PrimoPDF.print_edge_left - 0
FF - user.js: printer_PrimoPDF.print_edge_right - 0
FF - user.js: printer_PrimoPDF.print_edge_top - 0
FF - user.js: printer_PrimoPDF.print_evenpages - true
FF - user.js: printer_PrimoPDF.print_footercenter -
FF - user.js: printer_PrimoPDF.print_footerleft - &PT
FF - user.js: printer_PrimoPDF.print_footerright - &D
FF - user.js: printer_PrimoPDF.print_headercenter -
FF - user.js: printer_PrimoPDF.print_headerleft - &T
FF - user.js: printer_PrimoPDF.print_headerright - &U
FF - user.js: printer_PrimoPDF.print_in_color - true
FF - user.js: printer_PrimoPDF.print_margin_bottom - 0.5
FF - user.js: printer_PrimoPDF.print_margin_left - 0.5
FF - user.js: printer_PrimoPDF.print_margin_right - 0.5
FF - user.js: printer_PrimoPDF.print_margin_top - 0.5
FF - user.js: printer_PrimoPDF.print_oddpages - true
FF - user.js: printer_PrimoPDF.print_orientation - 0
FF - user.js: printer_PrimoPDF.print_page_delay - 50
FF - user.js: printer_PrimoPDF.print_paper_data - 1
FF - user.js: printer_PrimoPDF.print_paper_height - 11.00
FF - user.js: printer_PrimoPDF.print_paper_name -
FF - user.js: printer_PrimoPDF.print_paper_size_type - 0
FF - user.js: printer_PrimoPDF.print_paper_size_unit - 0
FF - user.js: printer_PrimoPDF.print_paper_width - 8.50
FF - user.js: printer_PrimoPDF.print_plex_name -
FF - user.js: printer_PrimoPDF.print_resolution_name -
FF - user.js: printer_PrimoPDF.print_reversed - false
FF - user.js: printer_PrimoPDF.print_scaling - 1.00
FF - user.js: printer_PrimoPDF.print_shrink_to_fit - true
FF - user.js: printer_PrimoPDF.print_to_file - false
FF - user.js: printer_PrimoPDF.print_to_filename -
FF - user.js: printer_PrimoPDF.print_unwriteable_margin_bottom - 0
FF - user.js: printer_PrimoPDF.print_unwriteable_margin_left - 0
FF - user.js: printer_PrimoPDF.print_unwriteable_margin_right - 0
FF - user.js: printer_PrimoPDF.print_unwriteable_margin_top - 0
FF - user.js: privacy.cpd.sessions - false
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: privacy.sanitize.timeSpan - 4
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: services.sync.clients.lastSync - 0
FF - user.js: services.sync.clients.lastSyncLocal - 0
FF - user.js: services.sync.migrated - true
FF - user.js: services.sync.tabs.lastSync - 0
FF - user.js: services.sync.tabs.lastSyncLocal - 0
FF - user.js: storage.vacuum.last.index - 1
FF - user.js: storage.vacuum.last.places.sqlite - 1312726207
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1317900224
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.36 -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-27 10:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a4,12,e0,5b,12,83,54,42,80,7d,cc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a4,12,e0,5b,12,83,54,42,80,7d,cc,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a4,12,e0,5b,12,83,54,42,80,7d,cc,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(244)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2011-12-27 10:25:18
ComboFix-quarantined-files.txt 2011-12-27 15:25
.
Pre-Run: 11,395,313,664 bytes free
Post-Run: 11,678,896,128 bytes free
.
- - End Of File - - 1B7CDE3121D5D1F7B87F3156D28A9B8B

Attached Files



#7 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 27 December 2011 - 06:12 PM

lkass:

Please do this next:

Posted Image Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

DirLook::
c:\documents and settings\All Users\Application Data\cP21712OhPmO21712

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • ComboFix log
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#8 lkass

lkass
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 29 December 2011 - 08:49 AM

Ok, I ran ComboFix with the script posted and then ran Malwarebytes Anti-malware

Here are the logs:

ComboFix 11-12-28.03 - ADMIN 12/28/2011 14:10:08.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1308 [GMT -5:00]
Running from: c:\documents and settings\ADMIN\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ADMIN\Desktop\cfscript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-28 )))))))))))))))))))))))))))))))
.
.
2011-12-27 19:28 . 2011-12-27 19:28 -------- d-----w- c:\program files\Common Files\Nitro PDF
2011-12-23 10:40 . 2011-12-23 10:40 -------- d-----w- c:\documents and settings\ADMIN\Application Data\SUPERAntiSpyware.com
2011-12-23 10:39 . 2011-12-23 10:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-23 10:39 . 2011-12-23 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-12-22 23:28 . 2011-12-22 23:28 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-12-22 23:28 . 2011-12-22 23:28 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2011-12-22 23:27 . 2011-12-22 23:27 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2011-12-22 23:27 . 2011-12-22 23:27 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2011-12-22 21:00 . 2011-12-23 11:18 -------- d-----w- c:\documents and settings\All Users\Application Data\cP21712OhPmO21712
2011-12-15 06:07 . 2011-12-15 06:07 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Foxit Software
2011-12-13 21:53 . 2011-12-13 21:59 -------- d-----w- c:\program files\Ken Rename
2011-12-13 21:40 . 2011-12-13 21:41 -------- d-----w- c:\documents and settings\ADMIN\Application Data\Foxit Software
2011-12-13 21:40 . 2011-12-13 21:40 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Foxit Software
2011-12-13 02:43 . 2011-12-13 02:43 -------- d-----w- c:\documents and settings\ADMIN\Application Data\Avira
2011-12-13 02:37 . 2011-12-09 17:40 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-13 02:37 . 2011-12-09 17:40 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-12-13 02:37 . 2011-12-09 17:40 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-13 02:37 . 2011-12-13 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-12-13 02:37 . 2011-12-13 02:37 -------- d-----w- c:\program files\Avira
2011-12-12 00:23 . 2011-12-12 00:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-12 00:23 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-11 23:03 . 2011-12-27 19:58 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-20 15:10 . 2011-06-22 19:58 17704 -c--a-w- c:\windows\system32\nitrolocalui2.dll
2011-12-20 15:10 . 2011-06-22 19:58 26408 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2011-12-12 03:08 . 2008-04-14 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-12-11 22:53 . 2011-09-13 03:47 1108 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2011-11-23 13:25 . 2008-04-14 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 09:39 . 2011-05-19 23:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2011-11-01 23:06 . 2011-05-04 13:05 0 -c--a-w- c:\windows\system32\ConduitEngine.tmp
2011-11-01 16:07 . 2008-04-14 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2008-04-14 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-20 03:16 . 2011-11-20 19:10 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-10-18 11:13 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2009-04-29 18:44 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-05 19:49 . 2011-10-05 19:49 58704 ----a-r- c:\documents and settings\ADMIN\Application Data\Microsoft\Installer\{9F153AD3-3523-4542-818E-AE2F92249667}\ARPPRODUCTICON.exe
2011-04-21 17:07 . 2011-04-21 17:07 289592 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2011-12-22 23:27 . 2011-05-06 14:33 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\cP21712OhPmO21712 ----
.
2011-12-22 21:01 . 2011-12-23 10:20 208 ----a-w- c:\documents and settings\All Users\Application Data\cP21712OhPmO21712\cP21712OhPmO21712
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-27_15.19.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-27 20:08 . 2011-12-27 20:08 16384 c:\windows\Temp\Perflib_Perfdata_7c0.dat
+ 2011-12-27 20:09 . 2011-12-27 20:09 16384 c:\windows\Temp\Perflib_Perfdata_704.dat
+ 2011-12-27 19:29 . 2011-12-20 15:10 79656 c:\windows\system32\spool\drivers\w32x86\NitroReaderUI2.dll
+ 2011-12-27 19:29 . 2011-12-20 15:10 42280 c:\windows\system32\spool\drivers\w32x86\NitroReaderGraphics2.dll
+ 2011-12-27 19:29 . 2011-12-20 15:10 79656 c:\windows\system32\spool\drivers\w32x86\3\NitroReaderUI2.dll
+ 2011-12-27 19:29 . 2011-12-20 15:10 42280 c:\windows\system32\spool\drivers\w32x86\3\NitroReaderGraphics2.dll
+ 2011-12-27 20:06 . 2011-12-27 20:06 333072 c:\windows\system32\FNTCACHE.DAT
- 2011-12-24 20:16 . 2011-12-24 20:16 333072 c:\windows\system32\FNTCACHE.DAT
+ 2011-12-27 19:29 . 2011-12-27 19:29 1040896 c:\windows\Installer\c815ff.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTether"="c:\program files\Mobile Stream\EasyTether\easytthr.exe" [2010-12-19 48456]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-09 39408]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-10 619352]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-09-07 1236992]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-02-12 163840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-09 258512]
.
c:\documents and settings\ADMIN\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act.Outlook.Service]
2007-10-24 00:55 9728 ------w- c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\\setup\\hpznui01.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\ACT\\Act for Windows\\ActSage.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [6/17/2011 5:44 AM 13496]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [12/12/2011 9:37 PM 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [11/20/2011 1:33 PM 494424]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/12/2011 9:37 PM 86224]
R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [12/16/2011 8:44 PM 331096]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2/10/2007 4:29 AM 29178224]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe [12/20/2011 10:11 AM 196904]
R3 easytether;easytether;c:\windows\system32\drivers\easytthr.sys [3/9/2011 1:18 PM 17232]
S0 cerc6;cerc6; [x]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [9/12/2011 10:40 PM 65536]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/9/2011 1:12 PM 136176]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [10/5/2011 2:50 PM 30312]
S3 egxfilter;egxfilter;c:\windows\system32\drivers\egxfilter.sys [3/9/2011 11:37 AM 93568]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/9/2011 1:12 PM 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/11/2011 7:23 PM 22216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [10/5/2011 2:50 PM 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [10/5/2011 2:50 PM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [10/5/2011 2:50 PM 121576]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/14/2008 7:00 AM 14336]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/11/2011 7:23 PM 366152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-09 18:12]
.
2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-09 18:12]
.
2011-12-27 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-06-03 00:19]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\j01lz9c2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z045&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 4
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
FF - user.js: accessibility.typeaheadfind.flashBar - 0
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1315308460
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1315308700
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1315308580
FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1313202072
FF - user.js: app.update.lastUpdateTime.places-maintenance-timer - 1304691784
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1315329940
FF - user.js: browser.bookmarks.editDialog.firstEditField - tagsField
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 640000
FF - user.js: browser.download.lastDir - c:\\Documents and Settings\\ADMIN\\My Documents\\Jobs\\McAfee
FF - user.js: browser.download.manager.alertOnEXEOpen - true
FF - user.js: browser.feeds.handler.default - bookmarks
FF - user.js: browser.feeds.handlers.application - c:\\Program Files\\SharpReader\\SharpReader.exe
FF - user.js: browser.feeds.showFirstRunUI - false
FF - user.js: browser.migration.version - 5
FF - user.js: browser.offline - false
FF - user.js: browser.open.lastDir - c:\\Documents and Settings\\ADMIN\\My Documents\\Downloads\\Fired to Hired_ Bouncing Back From Job Loss to Get to Work Right Now
FF - user.js: browser.places.importBookmarksHTML - false
FF - user.js: browser.places.smartBookmarksVersion - 2
FF - user.js: browser.preferences.advanced.selectedTabIndex - 1
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.search.defaultthis.engineName - Freecorder Customized Web Search
FF - user.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - user.js: browser.search.useDBForOrder - true
FF - user.js: browser.shell.checkDefaultBrowser - false
FF - user.js: browser.startup.homepage - about:home
FF - user.js: browser.startup.homepage_override.buildID - 20110830092941
FF - user.js: browser.startup.homepage_override.mstone - rv:6.0.1
FF - user.js: browser.syncPromoViewsLeft - 0
FF - user.js: extensions.artur.dubovoy@gmail.com.install-event-fired - true
FF - user.js: extensions.blocklist.pingCountTotal - 111
FF - user.js: extensions.blocklist.pingCountVersion - 5
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.databaseSchema - 4
FF - user.js: extensions.enabledAddons - {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0,jqs@sun.com:1.0,{E4091D66-127C-11DB-903A-DE80D2EFDFE8}:1.6.5.5,{972ce4c6-7e08-4474-a285-3208198ce6fd}:6.0.1
FF - user.js: extensions.enabledItems - {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,jqs@sun.com:1.0,smartwebprinting@hp.com:4.5,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0,artur.dubovoy@gmail.com:2.0.21,{E4091D66-127C-11DB-903A-DE80D2EFDFE8}:1.6.5.4,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - user.js: extensions.epubreader.button_added - true
FF - user.js: extensions.epubreader.count.column.content - single
FF - user.js: extensions.epubreader.dir.import - c:\\Documents and Settings\\ADMIN\\My Documents\\Downloads\\50 Psychology Classics
FF - user.js: extensions.epubreader.dir.save - c:\\Documents and Settings\\ADMIN\\My Documents\\My Digital Editions
FF - user.js: extensions.epubreader.dir.sync - c:\\Documents and Settings\\ADMIN\\My Documents
FF - user.js: extensions.epubreader.paging_dir.content - 2
FF - user.js: extensions.epubreader.toc_collapsed - true
FF - user.js: extensions.epubreader.toolbar_hint_shown - true
FF - user.js: extensions.epubreader.version - 1.4.1.0
FF - user.js: extensions.epubreader.width.frame.left - 120
FF - user.js: extensions.hpsmartwebprinting.firstRun - false
FF - user.js: extensions.imagegrabber.lastdldir - c:\\Documents and Settings\\ADMIN\\My Documents\\My Pictures
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\smartwebprinting@hp.com\:{\descriptor\:\c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Smart Web Printing\\\\MozillaAddOn3\,\mtime\:1299782529078},\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\WINDOWS\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\,\mtime\:1299849842734},\jqs@sun.com\:{\descriptor\:\c:\\\\Program Files\\\\Java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1299691763968}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1314878658828},\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\,\mtime\:1299691772515},\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\,\mtime\:1299809331187},\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\,\mtime\:1309957763218}}},{\name\:\winreg-app-user\,\addons\:{\smartwebprinting@hp.com\:{\descriptor\:\c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Smart Web Printing\\\\MozillaAddOn3\,\mtime\:1299782529078}}},{\name\:\app-profile\,\addons\:{\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\Documents and Settings\\\\ADMIN\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\j01lz9c2.default\\\\extensions\\\\{20a82645-c095-46ed-80e3-08825760534b}\,\mtime\:1299871350250},\{5384767E-00D9-40E9-B72F-9CC39D655D6F}\:{\descriptor\:\c:\\\\Documents and Settings\\\\ADMIN\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\j01lz9c2.default\\\\extensions\\\\{5384767E-00D9-40E9-B72F-9CC39D655D6F}\,\mtime\:1306428371437},\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}\:{\descriptor\:\c:\\\\Documents and Settings\\\\ADMIN\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\j01lz9c2.default\\\\extensions\\\\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}\,\mtime\:1314987004140}}}]
FF - user.js: extensions.jqs@sun.com.install-event-fired - true
FF - user.js: extensions.lastAppVersion - 6.0.1
FF - user.js: extensions.lastPlatformVersion - 6.0.1
FF - user.js: extensions.pendingOperations - false
FF - user.js: extensions.register@pgport.com.data - {ef522540-89f5-46b9-b6fe-1829e2b572c6},0,9999,999.999.999,9999,|{c50ca3c4-5656-43c2-a061-13e717f73fc8},5300,5300,4.0.1,5300,fvd|fvd@kallout.com,5200,5200,4.0.1,5200,fvd|fbg@pgport.com,0,5100,0.0.0,4600,|kosa@kallout.com,5000,5000,2.0.1,5000,kosa|ytvdh@pgport.com,0,4800,1.1.3,4800,|ytvdw@pgport.com,0,4700,1.1.3,4700,
FF - user.js: extensions.register@pgport.com.version - 1012
FF - user.js: extensions.smartwebprinting@hp.com.install-event-fired - true
FF - user.js: extensions.update.notifyUser - false
FF - user.js: extensions.ytvdw@pgport.com.install-event-fired - true
FF - user.js: extensions.ytvdw@pgport.com.version - 1.1.8
FF - user.js: extensions.{1392b8d2-5c05-419f-a8f6-b9f15a596612}.install-event-fired - true
FF - user.js: extensions.{20a82645-c095-46ed-80e3-08825760534b}.install-event-fired - true
FF - user.js: extensions.{5384767E-00D9-40E9-B72F-9CC39D655D6F}.install-event-fired - true
FF - user.js: extensions.{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}.install-event-fired - true
FF - user.js: extensions.{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}.install-event-fired - true
FF - user.js: extensions.{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}.install-event-fired - true
FF - user.js: extensions.{E4091D66-127C-11DB-903A-DE80D2EFDFE8}.install-event-fired - true
FF - user.js: extensions.{ba14329e-9550-4989-b3f2-9732e92d17cc}.install-event-fired - true
FF - user.js: extentions.y2layers.installId - d4dd716d-96c2-487b-82de-764bd9830697
FF - user.js: fvd.display.search - false
FF - user.js: fvd.display.tab_preview - true
FF - user.js: fvd.download.window_height - 650
FF - user.js: fvd.download.window_width - 650
FF - user.js: fvd.install_date - Sat Aug 06 2011 18:50 GMT-0400 (Eastern Daylight Time)
FF - user.js: fvd.is_single_user - false
FF - user.js: fvd.search.see_queries - false
FF - user.js: fvd.storage.last_clearing_time - 1312760501479
FF - user.js: fvd.supported_sites.check_interval - 2332891448
FF - user.js: fvd.supported_sites.last_check - Sat, 06 Aug 2011 23:17 GMT
FF - user.js: fvd.toolbar.dont_display_features_hint - false
FF - user.js: fvd.toolbar.hook.pages_errors - false
FF - user.js: fvd.updater.last_check - Sat, 06 Aug 2011 23:17 GMT
FF - user.js: fvd_single.counters.youtube - 4
FF - user.js: fvd_single.download.folder - c:\\Documents and Settings\\ADMIN\\My Documents\\Golf
FF - user.js: fvd_single.fvd_toolbar_guid_wait - {9051303c-7e41-4311-a783-d6fe5ef2832d}
FF - user.js: fvd_single.install_date - Tue Aug 02 2011 10:12 GMT-0400 (Eastern Daylight Time)
FF - user.js: fvd_single.license.usage.agree - true
FF - user.js: fvd_single.single.dont_display_features_hint - true
FF - user.js: fvd_single.supported_sites.check_interval - 2420314685
FF - user.js: fvd_single.supported_sites.last_check - Tue, 14 Jun 2011 16:41 GMT
FF - user.js: general.useragent.extra.microsoftdotnet - (.NET CLR 3.5.30729)
FF - user.js: idle.lastDailyNotification - 1315309177
FF - user.js: intl.charsetmenu.browser.cache - windows-1251, UTF-8, us-ascii, windows-1252, ISO-8859-1
FF - user.js: keyword.URL - hxxp://www.bing.com/search?pc=Z045&form=ZGAADF&q=
FF - user.js: microsoft.CLR.auto_install - false
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: places.database.lastMaintenance - 1315309177
FF - user.js: places.history.expiration.transient_current_max_pages - 64358
FF - user.js: places.last_vacuum - 1299768956
FF - user.js: pref.browser.homepage.disable_button.restore_default - false
FF - user.js: print.print_printer - PrimoPDF
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_bgcolor - false
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_bgimages - false
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_command -
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_downloadfonts - false
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_edge_bottom - 0
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_edge_left - 0
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_edge_right - 0
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_edge_top - 0
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_evenpages - true
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_footercenter -
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_footerleft - &PT
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_footerright - &D
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_headercenter -
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_headerleft - &T
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_headerright - &U
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_in_color - true
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_margin_bottom - 0.5
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_margin_left - 0.5
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_margin_right - 0.5
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_margin_top - 0.5
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_oddpages - true
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_orientation - 0
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_pagedelay - 500
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_paper_data - 1
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_paper_height - 11.00
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_paper_size_type - 0
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_paper_size_unit - 0
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_paper_width - 8.50
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_reversed - false
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_scaling - 1.00
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_shrink_to_fit - true
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_to_file - false
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_to_filename -
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_unwriteable_margin_bottom - 0
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_unwriteable_margin_left - 0
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_unwriteable_margin_right - 0
FF - user.js: print.printer_HP_Officejet_4500_G510n-z.print_unwriteable_margin_top - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_bgcolor - false
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_bgimages - false
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_command -
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_downloadfonts - false
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_edge_bottom - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_edge_left - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_edge_right - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_edge_top - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_evenpages - true
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_footercenter -
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_footerleft - &PT
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_footerright - &D
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_headercenter -
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_headerleft - &T
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_headerright - &U
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_in_color - true
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_margin_bottom - 0.5
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_margin_left - 0.5
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_margin_right - 0.5
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_margin_top - 0.5
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_oddpages - true
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_orientation - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_page_delay - 50
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_pagedelay - 500
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_paper_data - 1
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_paper_height - 11.00
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_paper_size_type - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_paper_size_unit - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_paper_width - 8.50
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_reversed - false
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_scaling - 1.00
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_shrink_to_fit - true
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_to_file - false
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_to_filename -
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_unwriteable_margin_bottom - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_unwriteable_margin_left - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_unwriteable_margin_right - 0
FF - user.js: print.printer_Nitro_PDF_Creator_(Reader).print_unwriteable_margin_top - 0
FF - user.js: print.printer_PrimoPDF.print_bgcolor - false
FF - user.js: print.printer_PrimoPDF.print_bgimages - false
FF - user.js: print.printer_PrimoPDF.print_command -
FF - user.js: print.printer_PrimoPDF.print_downloadfonts - false
FF - user.js: print.printer_PrimoPDF.print_edge_bottom - 0
FF - user.js: print.printer_PrimoPDF.print_edge_left - 0
FF - user.js: print.printer_PrimoPDF.print_edge_right - 0
FF - user.js: print.printer_PrimoPDF.print_edge_top - 0
FF - user.js: print.printer_PrimoPDF.print_evenpages - true
FF - user.js: print.printer_PrimoPDF.print_footercenter -
FF - user.js: print.printer_PrimoPDF.print_footerleft - &PT
FF - user.js: print.printer_PrimoPDF.print_footerright - &D
FF - user.js: print.printer_PrimoPDF.print_headercenter -
FF - user.js: print.printer_PrimoPDF.print_headerleft - &T
FF - user.js: print.printer_PrimoPDF.print_headerright - &U
FF - user.js: print.printer_PrimoPDF.print_in_color - true
FF - user.js: print.printer_PrimoPDF.print_margin_bottom - 0.5
FF - user.js: print.printer_PrimoPDF.print_margin_left - 0.5
FF - user.js: print.printer_PrimoPDF.print_margin_right - 0.5
FF - user.js: print.printer_PrimoPDF.print_margin_top - 0.5
FF - user.js: print.printer_PrimoPDF.print_oddpages - true
FF - user.js: print.printer_PrimoPDF.print_orientation - 0
FF - user.js: print.printer_PrimoPDF.print_page_delay - 50
FF - user.js: print.printer_PrimoPDF.print_pagedelay - 500
FF - user.js: print.printer_PrimoPDF.print_paper_data - 1
FF - user.js: print.printer_PrimoPDF.print_paper_height - 11.00
FF - user.js: print.printer_PrimoPDF.print_paper_size_type - 0
FF - user.js: print.printer_PrimoPDF.print_paper_size_unit - 0
FF - user.js: print.printer_PrimoPDF.print_paper_width - 8.50
FF - user.js: print.printer_PrimoPDF.print_reversed - false
FF - user.js: print.printer_PrimoPDF.print_scaling - 1.00
FF - user.js: print.printer_PrimoPDF.print_shrink_to_fit - true
FF - user.js: print.printer_PrimoPDF.print_to_file - false
FF - user.js: print.printer_PrimoPDF.print_to_filename -
FF - user.js: print.printer_PrimoPDF.print_unwriteable_margin_bottom - 0
FF - user.js: print.printer_PrimoPDF.print_unwriteable_margin_left - 0
FF - user.js: print.printer_PrimoPDF.print_unwriteable_margin_right - 0
FF - user.js: print.printer_PrimoPDF.print_unwriteable_margin_top - 0
FF - user.js: print_printer - PrimoPDF
FF - user.js: printer_PrimoPDF.print_bgcolor - false
FF - user.js: printer_PrimoPDF.print_bgimages - false
FF - user.js: printer_PrimoPDF.print_colorspace -
FF - user.js: printer_PrimoPDF.print_command -
FF - user.js: printer_PrimoPDF.print_downloadfonts - false
FF - user.js: printer_PrimoPDF.print_edge_bottom - 0
FF - user.js: printer_PrimoPDF.print_edge_left - 0
FF - user.js: printer_PrimoPDF.print_edge_right - 0
FF - user.js: printer_PrimoPDF.print_edge_top - 0
FF - user.js: printer_PrimoPDF.print_evenpages - true
FF - user.js: printer_PrimoPDF.print_footercenter -
FF - user.js: printer_PrimoPDF.print_footerleft - &PT
FF - user.js: printer_PrimoPDF.print_footerright - &D
FF - user.js: printer_PrimoPDF.print_headercenter -
FF - user.js: printer_PrimoPDF.print_headerleft - &T
FF - user.js: printer_PrimoPDF.print_headerright - &U
FF - user.js: printer_PrimoPDF.print_in_color - true
FF - user.js: printer_PrimoPDF.print_margin_bottom - 0.5
FF - user.js: printer_PrimoPDF.print_margin_left - 0.5
FF - user.js: printer_PrimoPDF.print_margin_right - 0.5
FF - user.js: printer_PrimoPDF.print_margin_top - 0.5
FF - user.js: printer_PrimoPDF.print_oddpages - true
FF - user.js: printer_PrimoPDF.print_orientation - 0
FF - user.js: printer_PrimoPDF.print_page_delay - 50
FF - user.js: printer_PrimoPDF.print_paper_data - 1
FF - user.js: printer_PrimoPDF.print_paper_height - 11.00
FF - user.js: printer_PrimoPDF.print_paper_name -
FF - user.js: printer_PrimoPDF.print_paper_size_type - 0
FF - user.js: printer_PrimoPDF.print_paper_size_unit - 0
FF - user.js: printer_PrimoPDF.print_paper_width - 8.50
FF - user.js: printer_PrimoPDF.print_plex_name -
FF - user.js: printer_PrimoPDF.print_resolution_name -
FF - user.js: printer_PrimoPDF.print_reversed - false
FF - user.js: printer_PrimoPDF.print_scaling - 1.00
FF - user.js: printer_PrimoPDF.print_shrink_to_fit - true
FF - user.js: printer_PrimoPDF.print_to_file - false
FF - user.js: printer_PrimoPDF.print_to_filename -
FF - user.js: printer_PrimoPDF.print_unwriteable_margin_bottom - 0
FF - user.js: printer_PrimoPDF.print_unwriteable_margin_left - 0
FF - user.js: printer_PrimoPDF.print_unwriteable_margin_right - 0
FF - user.js: printer_PrimoPDF.print_unwriteable_margin_top - 0
FF - user.js: privacy.cpd.sessions - false
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: privacy.sanitize.timeSpan - 4
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: services.sync.clients.lastSync - 0
FF - user.js: services.sync.clients.lastSyncLocal - 0
FF - user.js: services.sync.migrated - true
FF - user.js: services.sync.tabs.lastSync - 0
FF - user.js: services.sync.tabs.lastSyncLocal - 0
FF - user.js: storage.vacuum.last.index - 1
FF - user.js: storage.vacuum.last.places.sqlite - 1312726207
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1317900224
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.36 -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-28 14:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a4,12,e0,5b,12,83,54,42,80,7d,cc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a4,12,e0,5b,12,83,54,42,80,7d,cc,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a4,12,e0,5b,12,83,54,42,80,7d,cc,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(244)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(368)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2011-12-28 14:27:35
ComboFix-quarantined-files.txt 2011-12-28 19:27
ComboFix2.txt 2011-12-27 15:25
.
Pre-Run: 13,056,892,928 bytes free
Post-Run: 13,119,799,296 bytes free
.
- - End Of File - - 237ED103EBCC2D85F6F1C979A40EC772


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.28.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ADMIN :: KASS [administrator]

12/28/2011 2:33:02 PM
mbam-log-2011-12-28 (14-33-02).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 261530
Time elapsed: 7 hour(s), 57 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#9 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 29 December 2011 - 11:56 AM

lkass:

How is your computer running now? Please do this next:

Posted Image Go to Start > Run and copy/paste the contents of the codebox below into the Run box and click OK:

cmd /c rd "c:\documents and settings\All Users\Application Data\cP21712OhPmO21712"
A DOS window may briefly open and close again, this is normal.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Go to this page to download the latest version. Press the download button under JRE and follow the prompts. Accept the agreement and choose the Windows x86 offline option.
  • Run the insatller you just downloaded
Posted Image Please go to here to run an online scan with ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
    • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • How is the computer running now?
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#10 lkass

lkass
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 30 December 2011 - 09:24 AM

I did the above. The computer is running without the symptoms of XP Security 2012 and Security Sphere. It is much slower than in the past. I wonder how much of that is due to the cd emulator drivers being disabled?

Here are the Eset results:


C:\Documents and Settings\ADMIN\Application Data\OpenCandy\OpenCandy_660755DF36054CC1A5381D5AFC4CFD61\registrybooster(4).exe a variant of Win32/RegistryBooster application
C:\Documents and Settings\ADMIN\Application Data\OpenCandy\OpenCandy_B7C4FB60AC8C49DA96D0810A5F3E9568\LatestDLMgr.exe Win32/OpenCandy application
C:\Documents and Settings\ADMIN\My Documents\Downloads\cnet_mp3mymp3install_exe.exe a variant of Win32/InstallCore.D application
C:\Documents and Settings\ADMIN\My Documents\Downloads\cnet_SopCast_zip.exe a variant of Win32/InstallCore.D application
C:\Documents and Settings\ADMIN\My Documents\Downloads\InternationalPrimoPDF(1).exe Win32/OpenCandy application
C:\Documents and Settings\ADMIN\My Documents\Downloads\InternationalPrimoPDF.exe Win32/OpenCandy application
C:\Documents and Settings\ADMIN\My Documents\Temp\defragsetup.exe a variant of Win32/Toolbar.Widgi application
C:\System Volume Information\_restore{A029713B-E857-4A3D-A355-5CD912F2C3D8}\RP305\A0057944.manifest Win32/TrojanDownloader.Tracur.F trojan


Should I re-run Eset and remove the threats?

#11 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 30 December 2011 - 11:50 AM

lkass:

The only one of those ESET detections that is very concerning is already in the ComboFix quarantine. Those other applications are being flagged as adware because they may come with toolbars or possibly collect information from your PC. See this link for a more detailed explanation. If you want to get rid of them, just uninstall the applications via Control Panel > Add/Remove Programs or use Revo Uninstaller for a more complete uninstall. Just removing the exe with ESET will leave a lot behind.

Other than those your logs look good. All I have left for you is some very important cleanup. If it still seems slow after these steps try working through the steps in this post:

Posted Image To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.
Your Emulation drivers are now re-enabled.

Posted Image Uninstall ComboFix
  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall
Posted Image

Posted Image Delete the following tools along with any other logs you saved from our work:
  • DDS
  • GMER
  • DeFogger
Posted Image Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Avoid using P2P programs. Refer back to my earlier post for more information.
  • Please read this post for some helpful information.
Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#12 lkass

lkass
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 30 December 2011 - 04:51 PM

I am all set. Thank you very much for all of your help!

#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 30 December 2011 - 11:40 PM

You're welcome, lkass. Happy New Year!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 31 December 2011 - 04:36 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users