Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with W32.Mabezat.C.worm


  • This topic is locked This topic is locked
5 replies to this topic

#1 Dylanz Of Dylanz

Dylanz Of Dylanz

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 08 October 2012 - 09:46 AM

just installed panda global protection 2013 today and did a full system scan.
Thousands of mazebat.c.worm was found.most of them was disinfected and removed except for some which unable to be removed.nothing's wrong with my pc so far,it was working fine.anyway,my pc is running intel core 2 duo,windows 7 ultimate 32-bit.

the file size for gmer was too big and long and i'm unable to post it

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:12 PM

Posted 09 October 2012 - 08:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
===

Please run the DDS tool and submit a fresh log for my review.

Include the other logs and let me know of any issues with this computer.

#3 Dylanz Of Dylanz

Dylanz Of Dylanz
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 09 October 2012 - 12:22 PM

ComboFix 12-10-09.01 - dylan 10/10/2012 0:54.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2046.1210 [GMT 8:00]
Running from: c:\users\dylan\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\desktop.ini
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\NetMonInstaller.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\programdata\1349619015.bdinstall.bin
c:\programdata\SPL1C5.tmp
c:\users\dylan\AppData\Roaming\AdVantage
c:\users\dylan\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp
c:\users\dylan\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
c:\users\dylan\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe
c:\users\dylan\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
c:\users\dylan\AppData\Roaming\Microsoft\Windows\Recent\exec.sys
c:\users\dylan\AppData\Roaming\Microsoft\Windows\Recent\fan.dll
c:\users\dylan\AppData\Roaming\Microsoft\Windows\Recent\FW.dll
c:\users\dylan\AppData\Roaming\Microsoft\Windows\Recent\FW.drv
c:\users\dylan\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp
c:\users\dylan\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
c:\users\dylan\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
c:\users\dylan\AppData\Roaming\Microsoft\Windows\Recent\pal.exe
c:\users\dylan\AppData\Roaming\Microsoft\Windows\Recent\pal.sys
c:\users\dylan\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\dylan\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\dylan\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv
c:\users\dylan\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
c:\users\dylan\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys
c:\windows\system32\DEBUG.log
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\pthreadVC.dll
c:\windows\system32\roboot.exe
c:\windows\system32\service
c:\windows\system32\service\10052010_TIS17_SfFniAU.log
c:\windows\system32\service\15052010_TIS17_SfFniAU.log
c:\windows\system32\SET8FDD.tmp
c:\windows\system32\SET927E.tmp
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\usgwmt
c:\windows\usgwmt\BReWErS.dll
C:\zPharaoh.exe
D:\install.exe
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-09-09 to 2012-10-09 )))))))))))))))))))))))))))))))
.
.
2012-10-09 17:03 . 2012-10-09 17:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-08 15:45 . 2012-10-08 15:45 -------- d-----w- C:\Panda Software
2012-10-08 09:34 . 2010-05-09 15:38 123856 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-10-08 09:17 . 2010-05-09 15:38 41680 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-10-08 09:17 . 2012-10-08 09:17 -------- d-----w- c:\program files\Sun
2012-10-08 08:54 . 2012-10-08 08:54 -------- d-----w- c:\users\dylan\AppData\Roaming\AceBIT
2012-10-08 08:47 . 2012-10-08 08:47 -------- d-----w- c:\program files\Panda USB Vaccine
2012-10-08 08:26 . 2012-10-09 07:32 -------- d-----w- c:\program files\Panda Security
2012-10-07 15:17 . 2012-10-07 15:17 -------- d-----w- c:\program files\Auslogics Software
2012-10-07 14:18 . 2012-10-07 14:18 -------- d-----w- c:\users\dylan\AppData\Roaming\QuickScan
2012-10-07 14:04 . 2012-10-07 16:44 -------- d-----w- c:\program files\Common Files\Auslogics Software
2012-10-07 14:04 . 2012-10-07 14:04 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-10-07 11:49 . 2012-10-09 09:51 -------- d-----w- c:\users\Public\Lover (2005) [Bon99.com]
2012-10-07 06:26 . 2012-10-07 06:26 -------- d-----w- c:\programdata\WinMaximizer
2012-10-05 11:25 . 2012-10-05 11:25 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-10-03 08:43 . 2012-10-03 08:49 -------- d-----w- c:\program files\PCSX2 1.0.0
2012-10-03 07:54 . 2012-10-03 07:54 -------- d-----w- c:\program files\Fly on Desktop Screensaver
2012-10-03 07:54 . 2011-04-18 06:43 975360 ----a-w- c:\windows\system32\FlyOnDesktop.scr
2012-10-03 07:26 . 2012-10-03 07:26 -------- d-----w- c:\program files\DVD Decrypter
2012-10-03 07:24 . 2012-10-03 07:24 -------- d-----w- c:\program files\1ClickDownload
2012-09-22 05:56 . 2012-09-22 06:04 -------- d-----w- c:\users\dylan\AppData\Roaming\Mp3tag
2012-09-22 05:55 . 2012-09-22 05:55 -------- d-----w- c:\program files\Mp3tag
2012-09-22 03:09 . 2012-09-22 15:18 -------- d-----w- c:\users\dylan\AppData\Roaming\KuGou8
2012-09-22 03:09 . 2012-09-22 05:25 -------- d-----w- c:\program files\KuGou
2012-09-22 03:02 . 2012-09-22 03:02 -------- d-----w- c:\users\dylan\AppData\Roaming\Baidu
2012-09-22 03:01 . 2012-09-22 03:01 -------- d-----w- c:\programdata\Baidu
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 08:50 . 2012-03-30 03:19 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 08:50 . 2011-06-10 08:05 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-03 07:08 . 2012-04-19 03:40 17488 ----a-w- c:\windows\gdrv.sys
2012-09-21 06:00 . 2011-08-15 09:41 266240 ----a-w- c:\windows\PromptService.exe
2012-10-05 11:25 . 2011-06-11 09:12 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-11-12 06:29 . 2011-03-13 14:34 36864 ----a-w- c:\program files\mozilla firefox\components\NsThunderLoader.dll
2008-11-12 06:29 . 2011-03-13 14:34 53248 ----a-w- c:\program files\mozilla firefox\components\ThunderComponent.dll
2006-05-03 03:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 04:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 06:30 216064 --sha-r- c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2012-05-31 445624]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-07-20 3487128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-20 6711840]
"PromptService"="c:\windows\PromptService.exe" [2012-09-21 266240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"GarenaCIG"="c:\programdata\GarenaCIG\2.0.794\GarenaCIG.exe" [2012-09-03 435512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0rmmabez.nt
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinFPdrv.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^dylan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PPS.lnk]
path=c:\users\dylan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnk
backup=c:\windows\pss\PPS.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^dylan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Real Desktop.lnk]
path=c:\users\dylan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Real Desktop.lnk
backup=c:\windows\pss\Real Desktop.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^dylan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ViiKiiDesktopPlugin.lnk]
path=c:\users\dylan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk
backup=c:\windows\pss\ViiKiiDesktopPlugin.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-05 19:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 06:54 91520 ----a-w- d:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-09-12 08:37 138096 ----atw- c:\users\dylan\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-05-27 13:02 136176 ----atw- c:\users\dylan\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kuaiwan]
2012-10-08 08:03 1086856 ----a-w- c:\program files\Kuaiwan\Kuaiwan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnamon]
2010-02-03 20:05 16040 ----a-w- c:\program files\Lexmark 2600 Series\lxdnamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnmon.exe]
2010-02-03 20:05 660136 ----a-w- c:\program files\Lexmark 2600 Series\lxdnmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 02:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-10-08 08:35 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPS Accelerator]
2012-10-08 10:10 214408 ----a-w- d:\pps.tv\PPStream\PPSAP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QvodTerminal]
2011-08-20 12:52 1025936 ----a-w- d:\program files\QvodPlayer\QvodTerminal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-01-30 07:32 737656 ----a-w- d:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-07-14 01:14 65024 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
R2 SKLService;Run software as Windows service;c:\windows\system32\KAward\aklservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 apf001;apf001;d:\program files\Softnyx\RakionIS\Bin\apf001.sys [x]
R3 cpuz135;cpuz135;d:\program files\CPUID\PC Wizard 2012\pcwiz_x32.sys [x]
R3 GarenaPEngine;GarenaPEngine;c:\users\dylan\AppData\Local\Temp\LTGEA7D.tmp [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;d:\program files\Garena Messenger\Room\safedrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 Mkd2Bthf;Mkd2Bthf;c:\windows\system32\drivers\Mkd2Bthf.sys [x]
R3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNt.sys [x]
R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 Nbdrv;NetBalancer Service;c:\windows\system32\DRIVERS\nbdrv.sys [x]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [x]
R3 PSSDKLBF;PSSDKLBF;c:\windows\system32\Drivers\pssdklbf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [x]
R3 scncap;scncap;c:\windows\system32\DRIVERS\scncap.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 WinFPdrv;WinFPdrv;c:\windows\system32\WinFPdrv.sys [x]
S2 GarenaCIG;Garena Cafe Service;c:\programdata\GarenaCIG\2.0.794\GarenaCIG.exe --service [x]
S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [x]
S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [x]
S3 IOMap;IOMap;c:\windows\system32\drivers\IOMap.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 09:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 08:50]
.
2012-10-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4176525892-722382709-2256025234-1001Core.job
- c:\users\dylan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-28 08:37]
.
2012-10-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4176525892-722382709-2256025234-1001UA.job
- c:\users\dylan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-28 08:37]
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-25 16:56]
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-25 16:56]
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4176525892-722382709-2256025234-1001Core.job
- c:\users\dylan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-27 13:02]
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4176525892-722382709-2256025234-1001UA.job
- c:\users\dylan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-27 13:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com/
mStart Page = hxxp://www.p2pover.com/
uInternet Settings,ProxyOverride = local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - d:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
Trusted Zone: khidmatnegara.gov.my\www
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{13C75001-B5E6-483F-957B-EF948E58374E}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{E24BDC2C-BD0F-4B42-82F2-B11A50461A14}: NameServer = 212.19.48.14
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\progra~1\KuGou\KGMusic\KUGOO3~1.OCX
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\progra~1\KuGou\KGMusic\KUGOO3~1.OCX
FF - ProfilePath - c:\users\dylan\AppData\Roaming\Mozilla\Firefox\Profiles\0i6c7xvh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2832595&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
MSConfigStartUp-AdobeCS5ServiceManager - c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-BitComet - c:\program files\BitComet\BitComet.exe
MSConfigStartUp-F - c:\users\dylan\Local Settings\Apps\F.lux\flux.exe
MSConfigStartUp-FlashGet 3 - d:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
MSConfigStartUp-Malwarebytes Anti-Malware (reboot) - d:\program files\Malwarebytes' Anti-Malware\mbam.exe
MSConfigStartUp-PPAP - c:\program files\Common Files\PPLiveNetwork\PPAP.EXE
MSConfigStartUp-Real Desktop - d:\program files\Real Desktop\Real Desktop.exe
MSConfigStartUp-RocketDock - d:\program files\RocketDock\RocketDock.exe
AddRemove-ActiveScan 2.0 - c:\program files\Panda Security\ActiveScan 2.0\as2uninst.exe
AddRemove-Driver San Francisco - d:\program files\Driver San Francisco\Uninstall\Uninstall.exe
AddRemove-ObjectDock Plus 2 - c:\programdata\{0F4A7EFE-5950-4389-BF36-1E625D72456B}\shareware.exe
AddRemove-PC Wizard 2012_is1 - d:\program files\CPUID\PC Wizard 2012\unins000.exe
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe
AddRemove-{980A182F-E0A2-4A40-94C1-AE0C1235902E} - c:\program files\Pando Networks\Media Booster\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\c:\users\dylan\AppData\Local\Temp\LTGEA7D.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}"=hex:51,66,7a,6c,4c,1d,38,12,4a,94,5d,
df,2a,bb,93,08,e3,6a,3b,f5,24,5d,8e,ad
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{0055C089-8582-441B-A0BF-17B458C2A3A8}"=hex:51,66,7a,6c,4c,1d,38,12,e7,c3,46,
04,b0,cb,75,01,df,a9,54,f4,5d,9c,e7,bc
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,
02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7
"{64182481-4F71-486B-A045-B233BD0DA8FC}"=hex:51,66,7a,6c,4c,1d,38,12,ef,27,0b,
60,43,01,05,0d,df,53,f1,73,b8,53,ec,e8
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{94C3E4BB-A261-4A83-B437-EA6F7A28CA68}"=hex:51,66,7a,6c,4c,1d,38,12,d5,e7,d0,
90,53,ec,ed,0f,cb,21,a9,2f,7f,76,8e,7c
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}"=hex:51,66,7a,6c,4c,1d,38,12,3a,a3,f7,
fd,83,a7,ad,0e,fc,b5,35,e1,ab,2d,25,64
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
"{929801A8-4AEF-4D12-BE31-D85BF666452B}"=hex:51,66,7a,6c,4c,1d,38,12,c6,02,8b,
96,dd,04,7c,08,c1,27,9b,1b,f3,38,01,3f
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e7,fd,94,27,f9,3a,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f4,e2,fc,85,06,35,df,4e,a9,18,af,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f4,e2,fc,85,06,35,df,4e,a9,18,af,\
.
[HKEY_USERS\S-1-5-21-4176525892-722382709-2256025234-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92CABA12-5011-D368-47DC-55DC195426F9}*]
"hajjdeadclgpaalm"=hex:69,61,6c,65,66,66,70,64,67,66,61,6d,64,62,64,6f,65,69,
00,dc
"gaahmpfndoldll"=hex:61,63,6c,65,62,67,6c,6f,6f,67,6a,61,6f,69,6c,70,6e,6e,67,
69,65,64,61,6b,6a,62,61,6d,62,6b,6a,61,6a,6c,6c,6d,6f,68,70,6e,69,6d,6d,6c,\
"iapjffonlmnphjccfn"=hex:69,61,6c,65,66,66,70,64,67,66,61,6d,64,62,64,6f,65,69,
00,dc
.
[HKEY_USERS\S-1-5-21-4176525892-722382709-2256025234-1001_Classes\CLSID\{5d791201-577e-4d32-9160-ba0e948b857c}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000124
"Therad"=dword:00000031
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,3d,f6,71,65,13,40,c1,17,d0,67,6d,f7,42,f7,77,f6,72,7e,3e,36,ab,14,\
.
[HKEY_USERS\S-1-5-21-4176525892-722382709-2256025234-1001_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):b2,e0,cd,ec,d1,0b,a9,fd,d5,36,e2,e1,68,f0,c4,13,9e,2c,a6,c3,de,
e7,87,05,d9,a5,e5,f5,5f,a4,d2,27,23,52,c8,31,1d,98,21,67,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-4176525892-722382709-2256025234-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):39,2f,46,63,6c,a5,be,6a,f2,58,ef,b8,b7,68,71,5a,91,8b,49,fb,71,
e7,6f,9d,cb,45,96,18,10,46,0d,ce,7f,7f,bb,86,4d,ff,c8,8b,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-4176525892-722382709-2256025234-1001_Classes\CLSID\{ba36ed27-6147-492c-ab69-301a899565e4}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000df
"Therad"=dword:00000017
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\System32\ASDR.exe
c:\windows\system32\taskhost.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Panda USB Vaccine\USBVaccine.exe
c:\program files\ASUS\SmartDoctor\SmartDoctor.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2012-10-10 01:10:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-09 17:10
ComboFix2.txt 2010-04-18 03:49
.
Pre-Run: 13,986,955,264 bytes free
Post-Run: 17,997,361,152 bytes free
.
- - End Of File - - EB84D0891174C928F0FC3EA82AA3FE4D


Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Panda Cloud Cleaner
Java™ 6 Update 33
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (15.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````



# AdwCleaner v2.004 - Logfile created 10/10/2012 at 01:13:27
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : dylan - DYLAN-PC
# Boot Mode : Normal
# Running from : C:\Users\dylan\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\dylan\AppData\Roaming\Mozilla\Firefox\Profiles\0i6c7xvh.default\searchplugins\Askcom.xml
File Deleted : C:\Users\dylan\AppData\Roaming\Mozilla\Firefox\Profiles\0i6c7xvh.default\searchplugins\Conduit.xml
File Deleted : C:\Users\dylan\AppData\Roaming\Mozilla\Firefox\Profiles\0i6c7xvh.default\searchplugins\search.xml
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\dylan\AppData\Local\Babylon
Folder Deleted : C:\Users\dylan\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\dylan\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\dylan\AppData\Roaming\Babylon
Folder Deleted : C:\Users\dylan\AppData\Roaming\Mozilla\Firefox\Profiles\0i6c7xvh.default\Conduit
Folder Deleted : C:\Users\dylan\AppData\Roaming\Mozilla\Firefox\Profiles\0i6c7xvh.default\CT2438727
Folder Deleted : C:\Users\dylan\AppData\Roaming\Mozilla\Firefox\Profiles\0i6c7xvh.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
Folder Deleted : C:\Users\dylan\AppData\Roaming\Mozilla\Firefox\Profiles\0i6c7xvh.default\extensions\toolbar@ask.com
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-GB)

Profile name : default
File : C:\Users\dylan\AppData\Roaming\Mozilla\Firefox\Profiles\0i6c7xvh.default\prefs.js

Deleted : user_pref("CT2438727..clientLogIsEnabled", true);
Deleted : user_pref("CT2438727..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2438727..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2438727.AppTrackingLastCheckTime", "Tue May 31 2011 21:12:28 GMT+0800 (Malay Peninsula [...]
Deleted : user_pref("CT2438727.CT2438727", "CT2438727");
Deleted : user_pref("CT2438727.CurrentServerDate", "31-5-2011");
Deleted : user_pref("CT2438727.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2438727.DialogsGetterLastCheckTime", "Tue May 31 2011 21:12:17 GMT+0800 (Malay Peninsul[...]
Deleted : user_pref("CT2438727.DownloadReferralCookieData", "");
Deleted : user_pref("CT2438727.EnableSearchHistory", false);
Deleted : user_pref("CT2438727.EnableSearchSuggest", false);
Deleted : user_pref("CT2438727.FirstServerDate", "31-5-2011");
Deleted : user_pref("CT2438727.FirstTime", true);
Deleted : user_pref("CT2438727.FirstTimeFF3", true);
Deleted : user_pref("CT2438727.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2438727.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2438727.HasUserGlobalKeys", true);
Deleted : user_pref("CT2438727.Initialize", true);
Deleted : user_pref("CT2438727.InitializeCommonPrefs", true);
Deleted : user_pref("CT2438727.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2438727.InstalledDate", "Tue May 31 2011 21:12:18 GMT+0800 (Malay Peninsula Standard Ti[...]
Deleted : user_pref("CT2438727.IsGrouping", false);
Deleted : user_pref("CT2438727.IsMulticommunity", false);
Deleted : user_pref("CT2438727.IsOpenThankYouPage", true);
Deleted : user_pref("CT2438727.IsOpenUninstallPage", true);
Deleted : user_pref("CT2438727.LanguagePackLastCheckTime", "Tue May 31 2011 21:12:17 GMT+0800 (Malay Peninsula[...]
Deleted : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2438727.LastLogin_3.3.5.1", "Tue May 31 2011 21:12:16 GMT+0800 (Malay Peninsula Standar[...]
Deleted : user_pref("CT2438727.LatestVersion", "3.3.5.1");
Deleted : user_pref("CT2438727.Locale", "en");
Deleted : user_pref("CT2438727.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2438727.MCDetectTooltipShow", false);
Deleted : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2438727.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2438727.SearchBackToDefaultEngine", false);
Deleted : user_pref("CT2438727.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Deleted : user_pref("CT2438727.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Tue May 31 2011 21:12:16 GMT+0800 (Malay Peninsu[...]
Deleted : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2438727.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2438727.ServiceMapLastCheckTime", "Tue May 31 2011 21:12:15 GMT+0800 (Malay Peninsula S[...]
Deleted : user_pref("CT2438727.SettingsLastCheckTime", "Tue May 31 2011 23:22:34 GMT+0800 (Malay Peninsula Sta[...]
Deleted : user_pref("CT2438727.SettingsLastUpdate", "1306530423");
Deleted : user_pref("CT2438727.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Tue May 31 2011 21:12:15 GMT+0800 (Malay Penin[...]
Deleted : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1246786978");
Deleted : user_pref("CT2438727.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2438727");
Deleted : user_pref("CT2438727.UserID", "UN91588159004065863");
Deleted : user_pref("CT2438727.alertChannelId", "832836");
Deleted : user_pref("CT2438727.approveUntrustedApps", true);
Deleted : user_pref("CT2438727.components.1000034", false);
Deleted : user_pref("CT2438727.components.1000082", false);
Deleted : user_pref("CT2438727.components.1000234", false);
Deleted : user_pref("CT2438727.components.1000515", false);
Deleted : user_pref("CT2438727.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Deleted : user_pref("CT2438727.globalFirstTimeInfoLastCheckTime", "Tue May 31 2011 21:12:16 GMT+0800 (Malay Pe[...]
Deleted : user_pref("CT2438727.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2438727.myStuffEnabled", true);
Deleted : user_pref("CT2438727.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2438727.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2438727.testingCtid", "");
Deleted : user_pref("CT2438727.toolbarAppMetaDataLastCheckTime", "Tue May 31 2011 21:12:16 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2438727.toolbarContextMenuLastCheckTime", "Tue May 31 2011 21:12:17 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CT2438727.usageEnabled", false);
Deleted : user_pref("CT2438727.usagesFlag", 2);
Deleted : user_pref("CT2857573.IsMulticommunity", false);
Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2438727");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/832836/828639/MY", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2438727", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2438727",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2438727/CT2438727[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/27/243/CT2438727/Images/Blank.png", "\"2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?ei=utf-8&[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2438727");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue May 31 2011 21:12:17 GMT+08[...]
Deleted : user_pref("CommunityToolbar.alert.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue May 31 2011 21:12:26 GMT+0800 (Malay[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue May 31 2011 21:12:11 GMT+0800 (Malay Pen[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "da671664-068c-42c4-b0dd-712ebead7d33");
Deleted : user_pref("CommunityToolbar.globalUserId", "69030dcb-02dd-4857-a959-e4c1f09b9888");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Facemoods Search");
Deleted : user_pref("browser.search.defaultthis.engineName", "InnoGames International Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2832595&Sea[...]
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.asktb.cbid", "F3");
Deleted : user_pref("extensions.asktb.crumb", "2011.03.13+20.54.35-toolbar003iad-US-RnJlbW9udCxDQSxVbml0ZWQgU3[...]
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Deleted : user_pref("extensions.asktb.dtid", "YYYYYYYYUS");
Deleted : user_pref("extensions.asktb.fresh-install", false);
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1300074878348");
Deleted : user_pref("extensions.asktb.locale", "en_US");
Deleted : user_pref("extensions.asktb.o", "101703");
Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.r", "4");
Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Deleted : user_pref("extensions.facemoods.aflt", "_#w7th");
Deleted : user_pref("extensions.facemoods.firstRun", false);
Deleted : user_pref("extensions.facemoods.lastActv", "26");
Deleted : user_pref("extensions.ffxtlbr@Facemoods.com.install-event-fired", true);
Deleted : user_pref("extensions.toolbar@ask.com.install-event-fired", true);

-\\ Google Chrome v22.0.1229.92

File : C:\Users\dylan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v11.0.1156.0

File : C:\Users\dylan\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [15316 octets] - [10/10/2012 01:13:27]

########## EOF - C:\AdwCleaner[S1].txt - [15377 octets] ##########



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by dylan at 1:16:03 on 2012-10-10
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2046.1230 [GMT 8:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\UnsignedThemesSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\System32\ASDR.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\ProgramData\GarenaCIG\2.0.794\GarenaCIG.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\lxdncoms.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Skype\Updater\Updater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PromptService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\GarenaCIG\2.0.794\GarenaCIG.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://uk.yahoo.com/
mStart Page = hxxp://www.p2pover.com/
uInternet Settings,ProxyOverride = local
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - d:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [Sony PC Companion] "c:\program files\sony\sony pc companion\PCCompanion.exe" /Background
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [PromptService] c:\windows\PromptService.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GarenaCIG] "c:\programdata\garenacig\2.0.794\GarenaCIG.exe" --tray
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - d:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
Trusted Zone: khidmatnegara.gov.my\www
Trusted Zone: kuaiche.com\software
DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} - hxxp://ahnlabdownload.nefficient.co.kr/aos/plugin/aosmgr.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{13C75001-B5E6-483F-957B-EF948E58374E} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{13C75001-B5E6-483F-957B-EF948E58374E} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E24BDC2C-BD0F-4B42-82F2-B11A50461A14} : NameServer = 212.19.48.14
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\progra~1\kugou\kgmusic\KUGOO3~1.OCX
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\progra~1\kugou\kgmusic\KUGOO3~1.OCX
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
STS: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - No File
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\progra~1\micros~2\office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dylan\appdata\roaming\mozilla\firefox\profiles\0i6c7xvh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\ahnlab\asp\components\aosmgr\npaosmgr.dll
FF - plugin: c:\program files\ahnlab\asp\mykeydefense 2.5\npmkd25aos.dll
FF - plugin: c:\program files\ahnlab\asp\mykeydefense 2.5\npmkd25sp.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\kuaiwan\npKuaiWanGame.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\dylan\appdata\local\facebook\messenger\2.1.4651.0\npFbDesktopPlugin.dll
FF - plugin: c:\users\dylan\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\dylan\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - plugin: d:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: d:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: d:\program files\baidu\baiduplayer\npbdyy.dll
FF - plugin: d:\program files\baidu\baiduplayer\npffax.dll
FF - plugin: d:\program files\qvodplayer\npQvodInsert.dll
.
============= SERVICES / DRIVERS ===============
.
R1 WinFPdrv;WinFPdrv;c:\windows\system32\WinFPdrv.sys [2011-8-15 19456]
R2 GarenaCIG;Garena Cafe Service;c:\programdata\garenacig\2.0.794\GarenaCIG.exe [2012-9-3 435512]
R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2012-4-11 542552]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2012-4-23 96056]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-5-3 158856]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-29 382272]
R2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-7-13 21096]
R2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-7-13 25448]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-11 50688]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-4-18 148800]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-4-23 27632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-26 136176]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2010-7-10 8192]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-3-15 2348352]
S2 SKLService;Run software as Windows service;c:\windows\system32\kaward\aklservice.exe [2011-7-7 106496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 250808]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-4-23 13224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-26 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31160424]
S3 Mkd2Bthf;Mkd2Bthf;c:\windows\system32\drivers\Mkd2BthF.sys [2011-2-1 79984]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2011-2-1 142320]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2011-2-1 88304]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-30 114144]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2011-2-1 38976]
S3 PSSDKLBF;PSSDKLBF;c:\windows\system32\drivers\pssdklbf.sys [2011-2-1 53312]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-1 15872]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2011-3-9 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2011-3-9 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2011-3-9 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2011-3-9 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2011-3-9 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2011-3-9 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2011-3-9 109864]
S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2012-5-18 155320]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-3-27 23552]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-22 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2012-10-09 17:03:56 -------- d-----w- c:\users\dylan\appdata\local\temp
2012-10-09 17:01:10 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8688d23b-1837-4a82-b73f-bfde211387c5}\offreg.dll
2012-10-09 16:54:23 -------- d-----w- C:\$RECYCLE.BIN
2012-10-09 16:52:29 -------- d-----w- C:\ComboFix
2012-10-09 16:33:57 98816 ----a-w- c:\windows\sed.exe
2012-10-09 16:33:57 518144 ----a-w- c:\windows\SWREG.exe
2012-10-09 16:33:57 256000 ----a-w- c:\windows\PEV.exe
2012-10-09 16:33:57 208896 ----a-w- c:\windows\MBR.exe
2012-10-08 15:45:48 -------- d-----w- C:\Panda Software
2012-10-08 09:34:32 123856 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-10-08 09:17:22 41680 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-10-08 09:17:14 -------- d-----w- c:\program files\Sun
2012-10-08 08:54:48 -------- d-----w- c:\users\dylan\appdata\roaming\AceBIT
2012-10-08 08:47:19 -------- d-----w- c:\program files\Panda USB Vaccine
2012-10-08 08:26:27 -------- d-----w- c:\program files\Panda Security
2012-10-07 15:17:55 -------- d-----w- c:\program files\Auslogics Software
2012-10-07 14:18:20 -------- d-----w- c:\users\dylan\appdata\roaming\QuickScan
2012-10-07 14:04:57 -------- d-----w- c:\program files\common files\Auslogics Software
2012-10-07 14:04:25 -------- d-----w- c:\program files\common files\Bitdefender
2012-10-07 06:26:56 -------- d-----w- c:\programdata\WinMaximizer
2012-10-05 11:25:27 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-10-03 08:43:17 -------- d-----w- c:\program files\PCSX2 1.0.0
2012-10-03 07:54:18 975360 ----a-w- c:\windows\system32\FlyOnDesktop.scr
2012-10-03 07:54:18 -------- d-----w- c:\program files\Fly on Desktop Screensaver
2012-10-03 07:26:32 -------- d-----w- c:\program files\DVD Decrypter
2012-10-03 07:24:09 -------- d-----w- c:\program files\1ClickDownload
2012-09-22 05:56:56 -------- d-----w- c:\users\dylan\appdata\roaming\Mp3tag
2012-09-22 05:55:34 -------- d-----w- c:\program files\Mp3tag
2012-09-22 03:09:13 -------- d-----w- c:\users\dylan\appdata\roaming\KuGou8
2012-09-22 03:09:10 -------- d-----w- c:\program files\KuGou
2012-09-22 03:02:05 -------- d-----w- c:\users\dylan\appdata\roaming\Baidu
2012-09-22 03:01:36 -------- d-----w- c:\programdata\Baidu
.
==================== Find3M ====================
.
2012-10-09 08:50:12 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 08:50:12 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-03 07:08:08 17488 ----a-w- c:\windows\gdrv.sys
2012-09-21 06:00:33 266240 ----a-w- c:\windows\PromptService.exe
2006-05-03 03:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 04:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 06:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
.
============= FINISH: 1:17:51.79 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 22/4/2010 8:35:49 PM
System Uptime: 10/10/2012 1:14:55 AM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | G31M-ES2L
Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz | Socket 775 | 2933/266mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 59 GiB total, 16.824 GiB free.
D: is FIXED (NTFS) - 90 GiB total, 24.491 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: TAP-Win32 Adapter V8
Device ID: ROOT\NET\0001
Manufacturer: TAP-Win32 Provider
Name: TAP-Win32 Adapter V8
PNP Device ID: ROOT\NET\0001
Service: tap0801
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
?? 5.0.72
????1.0.21.58
????2012
¿ìÍæ V2.4.0.6
7-Zip 4.65
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader 8
Adobe Shockwave Player 11.6
Advertising Center
Age of Empires III
Age of Empires III - The Asian Dynasties
Age of Empires III - The WarChiefs
AhnLab Online Security
Angry Birds Space v1.0.0.2 Full
ASUS nVidia Driver
ASUS Smart Doctor
µTorrent
AVI ReComp 1.5.3
AviSynth 2.5
Cheat Engine 6.1
Counter-Strike Source DZ
Crysis 2
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup
DolbyFiles
Driver Sweeper version 3.2.0
DVD Decrypter (Remove Only)
Facebook Messenger 2.1.4651.0
Facebook Update Helper
Facebook Video Calling 1.2.0.159
Fly on Desktop Screensaver 1.2
Foxit Reader
Fraps (remove only)
FreeOCR 3.0
Game Booster
Garena - Heroes of Newerth
Garena 2010
GarenaMaster
Google Chrome
Google Earth Plug-in
Google Update Helper
Grand Theft Auto: Episodes from Liberty City
Half-Life 2 (Addon) DZ
Hotspot Shield 2.53
ImagXpress
Intel® Graphics Media Accelerator Driver
Internet Download Manager
Java Auto Updater
Java™ 6 Update 33
K-Lite Codec Pack 8.4.0 (Full)
Lexmark 2600 Series
LightScribe System Software 1.10.13.1
LOST PLANET 2
MediaCoder 0.7.5.4720
Menu Templates - Starter Kit
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Help Viewer 1.0
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 15.0.1 (x86 en-GB)
Mozilla Maintenance Service
Mp3tag v2.52
MSVCRT
MSVCRT Redists
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Trial
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero StartSmart
NeroBurningROM
NeroExpress
neroxml
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 296.10
NVIDIA 3D Vision Driver 296.10
NVIDIA 3D Vision Video Player
NVIDIA Control Panel 296.10
NVIDIA Graphics Driver 296.10
NVIDIA HD Audio Driver 1.3.12.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.7.11
NVIDIA Update Components
Opera 11.00
Panda Cloud Cleaner
Panda USB Vaccine 1.0.1.16
PCSX2 - Playstation 2 Emulator
PPS?? V2.7.0.1374 ???
PVSonyDll
Realtek High Definition Audio Driver
Resident Evil: Operation Raccoon City
Runtime Files Pack 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Simple Port Forwarding
Skype Click to Call
Skype™ 5.9
Sony Ericsson Themes Creator 4.12.2.4
Sony Ericsson Update Service
Sony PC Companion 2.10.094
Steam
Subtitle Workshop 2.51
Sun VirtualBox
SUPER ?v2011.build.48 (April 23, 2011) version v2011.build.48
swMSM
System Requirements Lab
System Requirements Lab CYRI
System Requirements Lab for Intel
Ultra Defragmenter
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Utility
UxStyle Core Beta
Visual Basic 4 Runtime Files
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 2.0.2
Windows 7 Upgrade Advisor
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Sync
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinMaximizer
Xilisoft Audio Converter Pro
Xilisoft Audio Maker
XviD MPEG-4 Video Codec
Xvid Video Codec
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
9/10/2012 4:36:48 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/10/2012 4:36:47 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
9/10/2012 4:36:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/10/2012 4:36:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/10/2012 4:36:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/10/2012 4:36:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/10/2012 4:36:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr VBoxDrv VBoxUSBMon Wanarpv6 WinFPdrv
9/10/2012 3:28:11 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.2. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer.
9/10/2012 3:13:31 PM, Error: Service Control Manager [7000] - The SoftPerfect Research Service service failed to start due to the following error: The system cannot find the file specified.
9/10/2012 3:13:31 PM, Error: Service Control Manager [7000] - The NetBalancer Service service failed to start due to the following error: The system cannot find the file specified.
9/10/2012 3:13:31 PM, Error: Service Control Manager [7000] - The Bandwidth Controller kernel component service failed to start due to the following error: The system cannot find the file specified.
8/10/2012 4:27:37 PM, Error: Service Control Manager [7030] - The Panda Software Controller service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/10/2012 11:45:42 PM, Error: Service Control Manager [7023] - The Panda On-Access Anti-Malware Service service terminated with the following error: Incorrect function.
6/10/2012 9:18:32 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
6/10/2012 7:45:51 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer IVAN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{13C75001-B5E6-483F-957B-EF948E5837. The master browser is stopping or an election is being forced.
5/10/2012 5:59:35 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
3/10/2012 5:03:05 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
3/10/2012 5:03:05 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
3/10/2012 5:03:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
3/10/2012 3:08:08 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147014847
10/10/2012 12:52:08 AM, Error: Service Control Manager [7031] - The Garena Cafe Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
10/10/2012 1:17:20 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/10/2012 1:17:20 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
10/10/2012 1:14:59 AM, Error: Application Popup [875] - Driver tap0801.sys has been blocked from loading.
10/10/2012 1:05:55 AM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
10/10/2012 1:00:47 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================


nothing's wrong with this computer except for some slow browsing speeds.the internet is connected but sometimes an error comes out when trying to display a webpage.it's like im disconnected from the internet while i'm not.i need to refresh the page a few times before it displays

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:12 PM

Posted 10 October 2012 - 08:27 AM

Looking good.

This is a keyloger If you did not installed this we can remove it.
S2 SKLService;Run software as Windows service;c:\windows\system32\kaward\aklservice.exe

I think it comes from this software. If I'm wrong please advice.
http://www.award-soft.com/content/view/39/70/
<<<>>>

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 33


===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

Please let me know of any other issues with this computer.

#5 Dylanz Of Dylanz

Dylanz Of Dylanz
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 11 October 2012 - 01:51 AM

thanks....now i need some advice on which antivirus software to use.i want a free one and it mustn't slow down my pc.thx!

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:12 PM

Posted 11 October 2012 - 09:33 AM

Free virus programs

Microsoft Security Essentials
http://windows.microsoft.com/en-US/windows/products/security-essentials

This will disable your Windows Defender when running. You can run Defender independently.
===

Other Free programs

All of the following are excellent free versions of commercial antiviruses. Be sure to only install one.
AVG.
avast!.
AVAST will install the Google Chrome if not already installed. If you do not want to keep it just remove it using the Add/Remove Programs list.
AntiVir

===

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

Delete the other tools we used.

Surf Safely, and Think Prevention!
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users