Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis_OTL_DDS_Extras


  • This topic is locked This topic is locked
2 replies to this topic

#1 Gleebo

Gleebo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 07 October 2012 - 11:51 AM

Please see my logs below, I'm not sure if I'm on a witch hunt, but please let me know if I found something or not. I've run Hijackthis, OTL, and DDS. Of which I've zipped them. Please let me know that I did find something. I believe I have, but can't seem to get it removed. I did read that Hijack this, isn't working very well with windows 7 and trendmicro isn't working to help it. Thanks for the review.

Not sure if you need to know, but this is from an MSI i5 a6200 laptop. 4gb Ram, 320gb two partition hard drive. Not sure why it was setup that way.

LR222000....
 
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Sharon at 10:08:39 on 2012-10-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3886.2697 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://msi.msn.com
mDefault_Page_URL = hxxp://msi.msn.com
mStart Page = hxxp://msi.msn.com
mWinlogon: Userinit=userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: !{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {75E0046F-2275-4BCE-9AFD-D8DA19ABDF0B} - No File
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
TCP: DhcpNameServer = 205.171.3.25 205.171.2.25
TCP: Interfaces\{B03BEFB5-99B0-45C4-A640-4FD81EE2EE93} : DhcpNameServer = 205.171.3.25 205.171.2.25
TCP: Interfaces\{B03BEFB5-99B0-45C4-A640-4FD81EE2EE93}\05275636963796F6E6 : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{B03BEFB5-99B0-45C4-A640-4FD81EE2EE93}\3427163786E4245727E6 : DhcpNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{B03BEFB5-99B0-45C4-A640-4FD81EE2EE93}\3516D616E6478616 : DhcpNameServer = 64.68.252.10 64.68.248.10 64.68.244.250
TCP: Interfaces\{B03BEFB5-99B0-45C4-A640-4FD81EE2EE93}\355707562783F51313 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B03BEFB5-99B0-45C4-A640-4FD81EE2EE93}\D41696E6C49626D27457563747 : DhcpNameServer = 10.1.10.1
TCP: Interfaces\{B03BEFB5-99B0-45C4-A640-4FD81EE2EE93}\E4D42585 : DhcpNameServer = 216.136.95.2 64.132.94.250
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {75E0046F-2275-4BCE-9AFD-D8DA19ABDF0B} - No File
.
============= SERVICES / DRIVERS ===============
.
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
S0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
S1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-6-19 3048136]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
S3 BTMCOM;Bluetooth Serial Port;C:\windows\system32\Drivers\btmcom.sys --> C:\windows\system32\Drivers\btmcom.sys [?]
S3 EUCR;EUCR;C:\windows\system32\DRIVERS\EUCR6SK.SYS --> C:\windows\system32\DRIVERS\EUCR6SK.SYS [?]
S3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
S3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETw5s64.sys --> C:\windows\system32\DRIVERS\NETw5s64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\system32\DRIVERS\netw5v64.sys --> C:\windows\system32\DRIVERS\netw5v64.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-13 250288]
S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-10-6 1028096]
S4 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-2-3 2320920]
.
=============== Created Last 30 ================
.
2012-10-07 14:09:26 376688 ----a-w- C:\windows\System32\drivers\netio.sys
2012-10-07 14:09:26 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2012-10-07 14:09:26 1913200 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-10-07 14:08:46 514560 ----a-w- C:\windows\SysWow64\qdvd.dll
2012-10-07 14:08:46 366592 ----a-w- C:\windows\System32\qdvd.dll
2012-10-07 14:08:45 950128 ----a-w- C:\windows\System32\drivers\ndis.sys
2012-10-07 14:08:45 41472 ----a-w- C:\windows\System32\drivers\RNDISMP.sys
2012-10-07 14:08:42 197120 ----a-w- C:\windows\System32\d3d10_1.dll
2012-10-07 14:08:42 161792 ----a-w- C:\windows\SysWow64\d3d10_1.dll
2012-10-07 14:08:39 245760 ----a-w- C:\windows\System32\OxpsConverter.exe
2012-10-07 14:02:06 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1F7379DA-6461-46FE-A0CD-50F40BEAC8BA}\mpengine.dll
2012-10-07 13:48:05 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-07 04:36:34 2560 ----a-w- C:\windows\System32\drivers\en-US\rdpwd.sys.mui
2012-10-07 04:36:16 3072 ----a-w- C:\windows\System32\drivers\en-US\tsusbflt.sys.mui
2012-10-07 04:35:10 6144 ----a-w- C:\windows\System32\drivers\en-US\IPMIDrv.sys.mui
2012-10-07 04:35:09 4608 ----a-w- C:\windows\System32\drivers\en-US\kbdclass.sys.mui
2012-10-07 04:10:59 84992 ----a-w- C:\windows\System32\Mcx2Svc.dll
2012-10-07 04:09:59 345088 ----a-w- C:\windows\SysWow64\intl.cpl
2012-10-07 04:08:59 93696 ----a-w- C:\windows\SysWow64\fms.dll
2012-10-07 04:07:56 -------- d-----w- C:\windows\System32\SPReview
2012-10-07 04:07:10 -------- d-----w- C:\windows\System32\EventProviders
2012-10-06 22:59:29 -------- d-----w- C:\Users\Sharon\AppData\Roaming\Auslogics
2012-10-06 20:33:15 -------- d-----w- C:\Users\Sharon\AppData\Roaming\Runscanner.net
2012-10-06 20:07:14 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-10-06 20:07:00 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-06 19:14:13 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-10-06 19:13:20 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-10-06 16:27:11 52736 ----a-w- C:\windows\System32\drivers\btmcom.sys
2012-10-06 16:26:25 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared
2012-10-06 16:26:10 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2012-10-06 15:49:18 -------- d-sh--w- C:\found.000
2012-10-06 14:24:04 -------- d-----w- C:\Users\Sharon\AppData\Roaming\Malwarebytes
2012-10-06 14:23:35 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-05 22:11:24 -------- d-----w- C:\Users\Sharon\AppData\Roaming\SUPERAntiSpyware.com
2012-10-05 22:11:00 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-10-05 21:53:19 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7EEDD908-12D1-4684-B8CE-1EE4E0D216C9}\gapaengine.dll
2012-10-05 21:39:28 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-10-05 21:36:42 -------- d-----w- C:\Program Files\CCleaner
2012-10-03 01:52:21 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-13 01:56:09 574464 ----a-w- C:\windows\System32\d3d10level9.dll
2012-09-13 01:56:08 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll
.
==================== Find3M ====================
.
2012-10-07 04:45:15 175616 ----a-w- C:\windows\System32\msclmd.dll
2012-10-07 04:45:15 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
2012-10-06 20:06:30 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-09-22 20:12:11 73136 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-22 20:12:11 696240 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-08-31 04:03:48 228768 ----a-w- C:\windows\System32\drivers\MpFilter.sys
2012-08-31 04:03:48 128456 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys
2012-08-24 10:31:32 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-07-18 18:15:06 3148800 ----a-w- C:\windows\System32\win32k.sys
.
============= FINISH: 10:09:33.32 ===============
 
OTL Extras logfile created on: 10/7/2012 10:11:09 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sharon\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.79 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 68.07% Memory free
3.79 Gb Paging File | 2.63 Gb Available in Paging File | 69.35% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 147.85 Gb Total Space | 101.45 Gb Free Space | 68.62% Space Free | Partition Type: NTFS
Drive D: | 138.14 Gb Total Space | 137.11 Gb Free Space | 99.26% Space Free | Partition Type: NTFS

Computer Name: SHARON-MSI | User Name: Sharon | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0643B987-A80F-479A-B1F9-BE0AA2062565}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1890A67B-2561-41C4-B8DA-D72D4643D8D9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1DDDBABA-053D-4322-B6E0-09141C02B249}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{20F339F4-BB30-476E-B942-F46B69ACEC8C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2978976A-B01A-44CA-8104-21A831DEB578}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2AC86FDA-DF1E-4414-867F-5BDF0E83BD96}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2F509157-D622-4292-A3C9-564E99545A7B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{364BC201-A8BF-46BD-AFA5-C5EEB3AD1371}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{400A3805-C4B3-446A-8DB7-547A7CC5C9B2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4D6D1B6D-1E40-47E7-8455-133139FD1E7E}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4DDA747A-4A88-4F77-B78E-8929A5F97FD4}" = lport=10244 | protocol=6 | dir=in | app=system |
"{4E55042E-1645-4D4B-B8A7-FAD622637A84}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{527511FF-9287-4145-B57F-AF051D0EF33A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{527C5C0B-C7F8-4072-8E3F-19B74EE82B8C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5B9BD611-AD3C-4E3B-A2C7-79D36519CDDC}" = lport=445 | protocol=6 | dir=in | app=system |
"{6DFFEA04-1060-48E6-8B5A-9123625FF64A}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{6EF9B69C-1AF4-4EBC-B19E-975E1DACCACB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7166D9C1-0D01-47D8-9442-F0A74C01D983}" = rport=138 | protocol=17 | dir=out | app=system |
"{7221E4B6-0443-4CC1-964D-58D06CC7596D}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{763D977A-59E2-4E6D-9BC3-7D0AB78DDD82}" = rport=445 | protocol=6 | dir=out | app=system |
"{7A71EF20-6A16-4912-B45B-09FB1EEFAA2A}" = lport=137 | protocol=17 | dir=in | app=system |
"{7C4A1021-035E-494D-8DFD-1F0DBF03FC39}" = rport=139 | protocol=6 | dir=out | app=system |
"{7C594FFF-F1C7-43B5-BF6C-83F57F0B1CEA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{83334745-D0C6-4AB1-B314-1E81E655DAB4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{841CF209-96AC-45CA-B1B9-4F10A4AB9892}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85DAD6B2-5390-4353-85DA-CB616E8332FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{86CBF789-0E01-4F87-926B-A43842089FDA}" = lport=3390 | protocol=6 | dir=in | app=system |
"{88D0DBA9-5830-4710-A1C2-92A6CDDB6C47}" = lport=2869 | protocol=6 | dir=in | app=system |
"{91A68224-F4A1-4783-A8D4-657BE2BB4A34}" = lport=3390 | protocol=6 | dir=in | app=system |
"{92155646-7FB1-4829-BAE9-9CE46B327AF5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{97920B09-1B66-4A47-8CAA-3B9A039F1EC6}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A25C2037-3EEB-465D-BAE9-5B2B0D51452F}" = lport=138 | protocol=17 | dir=in | app=system |
"{A46E6682-5BD1-4AFC-9607-128F64C07DCA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A5653914-5EC1-4864-B98F-E5092E724710}" = rport=137 | protocol=17 | dir=out | app=system |
"{A5E5E98D-B560-464A-9328-7DF8E5E952D7}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{B2259D08-3FDE-4C33-BFB0-D9448D81E221}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BA378A91-DBF9-4A8C-A270-B1E515B934EA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BDD487BA-0CBF-49B4-82D0-A74148B3DE5E}" = lport=139 | protocol=6 | dir=in | app=system |
"{C041A42D-1F46-4FE1-B816-F19F7C6BCB6D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C9652E4E-E110-4BD0-BE3F-93C94BF71234}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D44480DC-F6D1-4D50-869D-4FCF71F8D71E}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{D8E53AA4-E39B-4237-A6F3-7BC949CD10B8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DCF5FD65-6D97-497C-9372-A67B72377833}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DF73C869-36D7-4E36-B3E9-7E559E12DD44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EAC6DDEA-68DC-4C25-A770-C39A127EA97B}" = lport=10244 | protocol=6 | dir=in | app=system |
"{F36E767E-3709-4E3C-84B0-8A6B903F8CAD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F78102FA-17D8-4F7B-86E4-7BE31CD510FB}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07FD502C-C45D-4148-88DD-B04D4C792493}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2DADF709-5E62-4234-898F-EDEEA236A3E7}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{39EA0825-DC45-4836-BB48-98EC6BFDD320}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3FD1B2FF-B7F1-46D0-96B5-A633499024A1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{408AC7AE-9822-4D15-8E7F-BDDBC276E5EA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4275B314-C92B-4F45-85A9-47CA20E8894D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{43519517-587E-4CF6-8A03-6FBB943D619A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4B88C0FB-E824-4AE6-9EFE-52FC1167752E}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{5D1E5AA8-D76E-43DC-9CCF-DA08B77AF9D2}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5DC0AAE5-5CC5-4824-934D-F882E05FDCFC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{61437596-96B1-4F29-B3B7-6185496CEECE}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{7F75E3BC-0800-4D22-AE7C-6F897FF2BDA5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7FDDCED6-CF64-4622-9039-35EFFF728237}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9CEA2480-90B9-4BFB-B30A-52184926482B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A303498A-3E30-4A14-8778-5637D4C23550}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{A357DBD8-B2C3-41E0-9C9F-115A92DF5A46}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AB4BA9E6-2508-462D-9726-2C2E015E457C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AB67B47D-E909-41B5-B6F2-25C880BCDAEA}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{AC09790B-A362-4E8F-B07A-67963BFFAE4F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BE9FBBA8-12FE-4324-B983-E986A83CDB07}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C1B28EBF-329D-4597-8326-81691FBEE080}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{C720333E-3E37-4249-9D90-48B9980B5244}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CEE5832F-7835-4D55-A364-D28EDE7FB4DB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CFD31665-C573-4297-9658-E46515285A34}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D06EDE47-5B9E-4858-AF1A-DFF32040C1DA}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D081232A-260A-4A83-B794-E834B6D63F8F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D1204CCC-AD70-4ABE-A7FE-0346211F27A6}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{D1EEA50C-B99A-462A-A55E-9AF72AF34A30}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{DBD7019D-A237-45EA-B819-9FFD8DA454DE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DD47CEAD-43A7-435C-9A2F-64C11BDCB735}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E4E22CA2-619C-492F-8873-CE499E101289}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{E754FC64-785B-49EA-B249-5B80475B30D4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{ED771C8B-BC6F-4A3B-8EDA-10F8CB782587}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EE11683D-5962-4BCE-9E6D-EDBE9C720E5D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF66A936-FD73-40F6-B552-C62D190C67B4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F7F637C9-DBD1-4900-A767-BF01C94C3C62}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FB346BD4-2DD6-4563-BEB7-3EBF885C79BB}" = protocol=6 | dir=out | app=system |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25478065-4CB1-448C-80E4-8C4529017EE3}" = ArcSoft WebCam Companion 3
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CE47E6B-AE27-4E40-AC54-329EED96B933}" = ArcSoft Print Creations - Funhouse II
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}" = ArcSoft Print Creations - Poster Creator
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E90189A-A5D4-4C0E-A908-06C4236F98EE}" = ArcSoft Magic-i Visual Effects 2
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_HOMESTUDENTR_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_HOMESTUDENTR_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_HOMESTUDENTR_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_HOMESTUDENTR_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-040C-1000-0000000FF1CE}_HOMESTUDENTR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0C0A-1000-0000000FF1CE}_HOMESTUDENTR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{95F875CC-1B85-43E6-B3E0-13EA04F3D995}" = ArcSoft Print Creations - Photo Prints
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A760067A-C07E-1033-0000-A764AC000010}" = Avery Template
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C5D7039E-0803-4FE8-976D-156DE1147E4F}" = ArcSoft Print Creations
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Graboid Video" = Graboid Video 3.11
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Revo Uninstaller" = Revo Uninstaller 1.94
"VLC media player" = VLC media player 1.0.1
"WinRAR archiver" = WinRAR archiver

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/5/2012 6:54:50 PM | Computer Name = Sharon-msi | Source = Windows Search Service | ID = 7042
Description =

Error - 10/6/2012 2:41:47 AM | Computer Name = Sharon-msi | Source = Windows Search Service | ID = 9000
Description =

Error - 10/6/2012 2:41:47 AM | Computer Name = Sharon-msi | Source = Windows Search Service | ID = 7040
Description =

Error - 10/6/2012 2:41:47 AM | Computer Name = Sharon-msi | Source = Windows Search Service | ID = 9002
Description =

Error - 10/6/2012 2:41:47 AM | Computer Name = Sharon-msi | Source = Windows Search Service | ID = 3029
Description =

Error - 10/6/2012 2:41:48 AM | Computer Name = Sharon-msi | Source = Windows Search Service | ID = 3029
Description =

Error - 10/6/2012 2:41:48 AM | Computer Name = Sharon-msi | Source = Windows Search Service | ID = 3028
Description =

Error - 10/6/2012 2:41:48 AM | Computer Name = Sharon-msi | Source = Windows Search Service | ID = 3058
Description =

Error - 10/6/2012 2:41:48 AM | Computer Name = Sharon-msi | Source = Windows Search Service | ID = 7010
Description =

Error - 10/6/2012 2:41:48 AM | Computer Name = Sharon-msi | Source = Windows Search Service | ID = 7042
Description =

[ Media Center Events ]
Error - 9/16/2012 11:07:32 AM | Computer Name = Sharon-msi | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description =

Error - 9/16/2012 3:19:58 PM | Computer Name = Sharon-msi | Source = MCUpdate | ID = 0
Description = 1:10:34 PM - Error connecting to the internet. 1:10:34 PM - Unable
to contact server..

Error - 9/16/2012 4:20:05 PM | Computer Name = Sharon-msi | Source = MCUpdate | ID = 0
Description = 2:20:02 PM - Error connecting to the internet. 2:20:02 PM - Unable
to contact server..

Error - 10/5/2012 5:33:50 PM | Computer Name = Sharon-msi | Source = MCUpdate | ID = 0
Description = 3:33:50 PM - Error connecting to the internet. 3:33:50 PM - Unable
to contact server..

Error - 10/5/2012 5:34:13 PM | Computer Name = Sharon-msi | Source = MCUpdate | ID = 0
Description = 3:33:56 PM - Error connecting to the internet. 3:33:56 PM - Unable
to contact server..

Error - 10/6/2012 10:06:49 AM | Computer Name = Sharon-msi | Source = MCUpdate | ID = 0
Description = 8:06:48 AM - Error connecting to the internet. 8:06:49 AM - Unable
to contact server..

Error - 10/6/2012 10:07:02 AM | Computer Name = Sharon-msi | Source = MCUpdate | ID = 0
Description = 8:06:54 AM - Error connecting to the internet. 8:06:54 AM - Unable
to contact server..

Error - 10/6/2012 11:40:43 AM | Computer Name = Sharon-msi | Source = MCUpdate | ID = 0
Description = 9:40:42 AM - Error connecting to the internet. 9:40:42 AM - Unable
to contact server..

Error - 10/6/2012 11:41:01 AM | Computer Name = Sharon-msi | Source = MCUpdate | ID = 0
Description = 9:40:48 AM - Error connecting to the internet. 9:40:48 AM - Unable
to contact server..

[ System Events ]
Error - 10/6/2012 11:28:00 AM | Computer Name = Sharon-msi | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/6/2012 11:29:18 AM | Computer Name = Sharon-msi | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/6/2012 11:29:18 AM | Computer Name = Sharon-msi | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/6/2012 11:29:18 AM | Computer Name = Sharon-msi | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/6/2012 11:33:03 AM | Computer Name = Sharon-msi | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 10/6/2012 11:35:18 AM | Computer Name = Sharon-msi | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 10/6/2012 11:35:18 AM | Computer Name = Sharon-msi | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 10/6/2012 11:36:55 AM | Computer Name = Sharon-msi | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Windows 7 for x64-based Systems (KB976422).

Error - 10/6/2012 11:52:53 AM | Computer Name = Sharon-msi | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 10/6/2012 12:14:16 PM | Computer Name = Sharon-msi | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL


< End of report >

Attached Files


Edited by jntkwx, 08 October 2012 - 11:22 AM.
Included logs in post (easier to read)


BC AdBot (Login to Remove)

 


#2 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:00 PM

Posted 08 October 2012 - 11:23 AM

Hello Gleebo and welcome to BleepingComputer forums.

Please make sure to restart the system fresh, and to have it in normal mode Windows --- NOT Safe mode.
Then re-run DDS
and then do NOT attach logs. Always Copy and Paste all the contents within (inside) the main-body of reply box.

Copy & paste the new DDS.txt + Attach.txt
Use separate replies for each if easier for you.

Give some details on what / how/ why you think there is a malware issue.

Did you do a full system scan with your antivirus program ?
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#3 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:00 PM

Posted 18 October 2012 - 08:22 AM

Closed due to lack of response.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users