InterviewSolution
Saved Bookmarks
InterviewSolution
This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.
| 4701. |
Solve : Brand new MSI windtop with a virus?? |
|
Answer» Hey guys, |
|
| 4702. |
Solve : Scan could not complete!? |
|
Answer» hello everyone, i have a laptop ASUS K40ij model. |
|
| 4703. |
Solve : Application cannnot be executed. The file rundll32.exe is infected.? |
|
Answer» Please help when my computer starts up I get popups that report Application cannot be executed. The file rundll32.exe is infected. When I try to open Anti-virus, spyware programs they are closed out immediately. Also I'm unable to get online and have to use another computer to download programs like OTL and highjackthis |
|
| 4704. |
Solve : Is my baby on her deathbed?? |
|
Answer» Here's goes: |
|
| 4705. |
Solve : pc freezes , but my security checks ok? |
|
Answer» my pc will freeze while on the web ( xp ie8 ) for maybe 10 min's then work for 1/2 hour and refreeze and so on
=============================== Please go to Jotti's malware scan (If more than one file needs scanned they must be done separately and links posted for each one) * Copy the file path in the below Code box: Code: [Select]c:\windows\popcinfo.dat * At the upload site, click once inside the window next to Browse. * Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window. * Next click Submit file * Your file will possibly be entered into a queue which normally takes less than a minute to clear. * This will perform a scan across multiple different virus scanning engines. * Important: Wait for all of the scanning engines to complete. * Once the scan is finished, Copy and then Paste the link in the address bar into your next reply. thanks dave , avast updated , do you think me running security would freeze my pc the only one that works in real time is avast but you must turn on scan yourself Filename: popcinfo.dat Status: Scan finished. 0 out of 19 scanners reported malware. Scan taken on: Sat 19 Jun 2010 21:13:53 (CET) Permalink ComboFix 10-06-18.03 - harold mullan 19/06/2010 20:21:51.6.1 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1247.838 [GMT 1:00] Running from: c:\documents and settings\harold mullan\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\harold mullan\My Documents\CFScript.txt AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2010-05-19 to 2010-06-19 ))))))))))))))))))))))))))))))) . 2010-06-17 18:41 . 2010-06-17 18:41--------d-----w-C:\e8f5ee8649f1ddee98 2010-06-14 23:16 . 2010-05-06 10:41743424------w-c:\windows\system32\dllcache\iedvtool.dll 2010-06-09 17:11 . 2010-06-09 17:12--------d-----w-c:\documents and settings\harold mullan\Screenshots 2010-06-01 19:00 . 2010-06-01 19:00--------d-----w-c:\documents and settings\All Users\Application Data\SSScanAppDataDir 2010-06-01 19:00 . 2010-06-01 19:00--------d-----w-c:\documents and settings\All Users\Application Data\MSScanAppDataDir 2010-05-28 19:33 . 2010-05-28 19:33--------d-----w-c:\program files\WhatPulse . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-15 22:48 . 2010-03-27 23:3410----a-w-c:\windows\popcinfo.dat 2010-06-09 18:32 . 2010-02-23 22:5016636416----a-w-c:\documents and settings\harold mullan\Application Data\[emailprotected]\FahCore_b4.exe 2010-05-18 22:09 . 2010-05-18 22:0986016----a-w-c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe 2010-05-18 21:41 . 2010-05-18 21:41--------d-----w-c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-05-18 21:38 . 2010-05-18 21:38--------d-----w-c:\program files\Apple Software Update 2010-05-18 21:31 . 2010-05-18 21:31--------d-----w-c:\program files\Bonjour 2010-05-18 20:54 . 2010-05-18 20:54--------d-----w-c:\program files\DevalVR 2010-05-09 16:50 . 2010-05-09 16:5063488----a-w-c:\documents and settings\harold mullan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-05-09 16:49 . 2010-04-22 19:20117760----a-w-c:\documents and settings\harold mullan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-05-06 20:59 . 2010-03-10 21:1538848----a-w-c:\windows\system32\avastSS.scr 2010-05-06 20:59 . 2010-03-10 21:15165032----a-w-c:\windows\system32\aswBoot.exe 2010-05-06 20:39 . 2010-03-10 21:1546672----a-w-c:\windows\system32\drivers\aswTdi.sys 2010-05-06 20:39 . 2010-03-10 21:15164048----a-w-c:\windows\system32\drivers\aswSP.sys 2010-05-06 20:34 . 2010-03-10 21:1523376----a-w-c:\windows\system32\drivers\aswRdr.sys 2010-05-06 20:34 . 2010-03-10 21:15100432----a-w-c:\windows\system32\drivers\aswmon2.sys 2010-05-06 20:33 . 2010-03-10 21:1594800----a-w-c:\windows\system32\drivers\aswmon.sys 2010-05-06 20:33 . 2010-03-10 21:1519024----a-w-c:\windows\system32\drivers\aswFsBlk.sys 2010-05-06 20:33 . 2010-03-10 21:1528880----a-w-c:\windows\system32\drivers\aavmker4.sys 2010-05-06 10:41 . 2006-06-23 10:33916480----a-w-c:\windows\system32\wininet.dll 2010-05-02 05:22 . 2002-09-23 08:041851264----a-w-c:\windows\system32\win32k.sys 2010-04-22 19:20 . 2010-04-22 19:2052224----a-w-c:\documents and settings\harold mullan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-04-22 19:18 . 2010-04-22 19:17--------d-----w-c:\program files\Common Files\Wise Installation Wizard 2010-04-20 05:30 . 2002-09-23 08:02285696----a-w-c:\windows\system32\atmfd.dll 2010-04-12 16:29 . 2010-04-15 19:49411368----a-w-c:\windows\system32\deployJava1.dll 2010-04-08 12:20 . 2010-04-08 12:2091424----a-w-c:\windows\system32\dnssd.dll 2010-04-08 12:20 . 2010-04-08 12:20107808----a-w-c:\windows\system32\dns-sd.exe 2010-03-29 23:46 . 2008-07-23 23:0738224----a-w-c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-29 23:45 . 2008-05-08 22:5620824----a-w-c:\windows\system32\drivers\mbam.sys . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\e8f5ee8649f1ddee98 ---- 2010-05-28 11:53 . 2010-05-28 11:531237650----a-w-c:\e8f5ee8649f1ddee98\mrt.exe._p 2010-05-28 11:37 . 2010-05-28 11:3758312----a-w-c:\e8f5ee8649f1ddee98\mrtstub.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768] "EPSON Stylus Photo RX520 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE" [2005-04-07 98304] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-14 2403568] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192] "YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\harold mullan\Start Menu\Programs\Startup\ [emailprotected] - c:\documents and settings\harold mullan\Application Data\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_2377D972A0372FCB34E3F7.exe [2009-5-7 98477] WhatPulse.lnk - c:\program files\WhatPulse\WhatPulse.exe [2009-4-8 2814976] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 14:21548352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPASTATUS] 2003-02-26 15:18620032------w-c:\program files\Internet Explorer\Connection Wizard\status.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2010-06-14 18:492403568----a-w-c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\System32\\dpnsvr.exe"= "c:\\WINDOWS\\System32\\dxdiag.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\System32\\mmc.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/03/2010 22:15 164048] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11:15 67656] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/03/2010 22:15 19024] R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [12/03/2009 10:44 184968] S2 gupdate1c99aa9e4bae958;Google Update Service (gupdate1c99aa9e4bae958);c:\program files\Google\Update\GoogleUpdate.exe [01/03/2009 20:11 133104] S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11:15 12872] S3 Vsp;Vsp;\??\c:\windows\System32\drivers\Vsp.sys --> c:\windows\System32\drivers\Vsp.sys [?] . Contents of the 'Scheduled Tasks' folder 2010-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 19:10] 2010-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 19:10] 2010-06-19 c:\windows\Tasks\User_Feed_Synchronization-{1A739318-BA51-42B7-9915-386C8BE06B4B}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] 2010-05-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50] . . ------- Supplementary Scan ------- . uStart Page = hxxp://uk.yahoo.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {5D2CF9D0-113A-476B-986F-288B54571614} - hxxp://www.devalvr.com/instalacion/plugin/devalvrplugin.php . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-19 20:32 Windows 5.1.2600 Service Pack 3 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2485982703-2457388570-1893012673-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(712) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(3820) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\windows\IME\SPGRMR.DLL c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\[emailprotected]\[emailprotected]\[emailprotected] c:\documents and settings\harold mullan\Application Data\[emailprotected]\FahCore_b4.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe . ************************************************************************** . Completion time: 2010-06-19 20:36:44 - machine was rebooted ComboFix-quarantined-files.txt 2010-06-19 19:36 ComboFix2.txt 2010-06-18 20:11 Pre-Run: 50,448,072,704 bytes free Post-Run: 50,490,998,784 bytes free - - End Of File - - 70F04D4CE097F9DCD6E43B96D15AB6CE Quote do you think me running security would freeze my pc the only one that works in real time is avast but you must turn on scan yourselfIt's beginning to look as if the freezing problem is not caused by malware. I'll run two more scans. If they come up empty, perhaps you should post in a software or hardware forum. I'd like us to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
•Click the button. •Accept any security warnings from your browser. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt ========================= * Go to Start > Run and type mrt.exe then press Enter on the keyboard). * (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard. * Click Next. * Choose Full Scan and click Next. * Once the scan is finished click View detailed results of the scan. Look through the list and let me know if anything was found infected. hi dave , what a scan that microsoft one was , 7 hours 16 mins it took and checked 1,716 , 453 files and guess what it found nothing eset would not open i went to the web and tried 3/4 times still no good btw when the scan was on i could do nothing on the pc so like you i think my pc is clean and it must be hardware/software problem Scan your computer with Panda ActiveScan * Once you are on the Panda site click the Scan your PC now button. * A new window will open...click the Scan Now button. * If it wants to install an ActiveX component allow it. * It will start downloading the files it requires for the scan. (Note: It may take a couple of minutes) * You may get a warning from Internet Explorer that Panda is ready to install, please allow it. * The scan will begin. Please be patient as it can take an hour or more to complete. * When the scan completes, if anything malicious is detected, click the Export to: button (looks like a little Notepad). * Save the ActiveScan.txt to a convenient location like your desktop. * Note: You do not need to select any of the DISINFECT options. We will remove any threats manually. * Post the contents of the ActiveScan report in your next reply.dave , it has been sitting at 28% for 4 hours i seems to be stuck i turned it of , i'm going to bed any others i can try , harryHave you run any diagnostics on your hard drive? Could it be a problem with heating?huh , no dave how di i go about it pleaseYou can download a diagnostic program for your HD from the manufacturer's site. There are also generic diagnostic programs for the motherboard and your RAM also. |
|
| 4706. |
Solve : Annoying *censored* Virus :(? |
|
Answer» Hey GUYS, I have a virus/spyware/marware or something I can't get RID off. It BASICALLY removed my control panel, my run program and my right click. It also has taken away my administrator rights, so I can't access anything (EVEN my calender) I had lots of anti-virus stuff that hasn't removed it. They are: |
|
| 4707. |
Solve : windows update related virus?? |
|
Answer» to be specific, I ran chkdsk C: /f, restarted my computer and ALLOWED it to check my disk, but no luck. So I decided to try chkdsk c: /r, and as I suspected my disk was repaired and now works fine. But, if you BELIEVE there is more to do, I will be more than happy to do it.I would like to get ComboFix to run and produce a log. Let's try this: |
|
| 4708. |
Solve : Application cannot be executed. The file **** is infected? |
|
Answer» didnt have to run rkill, when i logged on my user just now( haven't been on it since yesterday ) no viruses were popping up.
www.malwarebytes.org Database version: 4266 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 7/1/2010 10:08:09 PM mbam-log-2010-07-01 (22-08-09).txt Scan type: Quick scan Objects scanned: 139308 Time elapsed: 6 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Users\Peterr\AppData\Local\Temp\H8SRTde7a.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Peterr\downloads\SydneyMS(2).exe (Trojan.Mapler) -> Quarantined and deleted successfully. C:\Users\Peterr\downloads\SydneyMS(3).exe (Trojan.Mapler) -> Quarantined and deleted successfully. C:\ProgramData\sysReserve.ini (Malware.Trace) -> Quarantined and deleted successfully. GMER Note about this tool:
Before scanning, make sure all other running PROGRAMS are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan. Double-click gmer.exe. The program will begin to run. **Caution** These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised! If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
Then, download RootkitUnhooker and save the setup to your Desktop.
|
|
| 4709. |
Solve : Application cannot be executed. The file wuauclt.exe is infected? |
|
Answer» The scan turned up with no threats. I'm guessing that may be why there was no log, or was there something i missed?Ok. That looks good. If there are no other issues, it's time for some clean-up. |
|
| 4710. |
Solve : Interesting Kaspersky Internet Security issue? |
|
Answer» I've been using Kaspersky Internet Security for about 2 year now. Never had an issue with it, in fact I'm quite pleased with it... until recently. On all of my computers using KIS2011 (I have 3 running it) I have a little problem. |
|
| 4711. |
Solve : Antivir Solution Pro removal? |
|
Answer» Hello, it seems I have gotten another virus and I've come BACK to my favorite place. |
|
| 4712. |
Solve : Is my HJT log OK?? |
|
Answer» P2P - I see you have P2P software installed on your machine. (uTorrent) We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation. Please note: Even if you are using a "safe" P2P PROGRAM, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares. I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs. =============================== Re-running ComboFix to remove infections:
I'd like us to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
•Click the button. •Accept any security warnings from your browser. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Hi SuperDave, I'm back. I had to go away for a little while but I managed to get most of the work done for you. I HOPE it all turned out OK. I saw lots of little things in there that looked like viruses that nothing else captured. So these programs and the sequence that is set out, is just the thing to clean up a computer. There was only the last one that I didn't get a chance to get done before I had to leave. I'll set that up to run later tonight (AUS time) OK. So far the slowness has definitely disappeared and my computer is running fine. Can't thank you enough for your patience SuperDave. Do you want me to post any log from the last online check that you suggested? Thanks ImnoGuru.Quote Do you want me to post any log from the last online check that you suggested?Yes please. ESET will produce a log. Please post it.Thank you for all your help SuperDave. Sorry I took so long to finish with this, a substantial piece of life took up some of my time. I ran the last of these scans tonight, and this last scan caught another potential. Here is the log of the scan from ESET. I must say at this point, that the computer did speed up during this whole process and appeared to be cured, but for anyone else following the sequence of scans, it is important to COMPLETE ALL THE SCANS. Just because it seemed to "be fixed" doesn't mean that you should stop doing all the other parts of the process. It is in your best interests to complete the process. SuperDave , maybe when you get the chance, would you take the time to EXPLAIN the contents of some of the scans results to me? Doing these scans blindly is OK, knowing they will most likely be successful in removing the threats on the computer, but for myself I would like to know a little something about the results of the scans, like what to look for in the logs. Thank you ImnoGuru. [recovering disk space - old attachment deleted by admin]Quote but for anyone else following the sequence of scans, it is important to COMPLETE ALL THE SCANS.Negative on that. No two computers are the same. If anyone has problems, it's important to get help for their computer only. Quote maybe when you get the chance, would you take the time to explain the contents of some of the scans results to me?All I will tell you is that all these scans are to detect malware on the computer. I won't go into this any deeper on an open forum because a lot of the people reading these forums are the very people who are making up these malicious programs. Quote but for myself I would like to know a little something about the results of the scans, like what to look for in the logs.The only way you will learn more is to take courses in malware removal. Almost every forum has a link where you can go to get information about training. Here's our link. If there are no other issues, it's time for some clean-up * Click START then RUN - Vista users press the Windows Key and the R keys for the Run box. * Now type Combofix /uninstall in the runbox * Make sure there's a space between Combofix and /Uninstall * Then hit Enter * The above procedure will: * Delete the following: * ComboFix and its associated files and folders. * Reset the clock settings. * Hide file extensions, if required. * Hide System/Hidden files, if required. * Set a new, clean Restore Point. ============================== Download OTC by OldTimer and save it to your desktop. 1. Double-click OTC to run it. 2. Click the CleanUp! button. 3. Select Yes when the "Begin cleanup Process?" prompt appears. 4. If you are prompted to Reboot during the cleanup, select Yes 5. OTC should delete itself once it finishes, if not delete it yourself. ============================== Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ============================= Looking over your log it seems you don't have any evidence of a third party firewall. Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors. Remember only install ONE firewall 1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one) 2) Online Armor 3) Agnitum Outpost 4) PC Tools Firewall Plus If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time. ============================= Use the Secunia Software Inspector to check for out of DATE software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX CONTROLS are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing!OOPS!! Sorry SuperDave . I didnt think of individual computers like that. I thought that the sequence would have been a typical routine. I am wrong. I see. My bad.. Listen to your administrator and follow instructions then. |
|
| 4713. |
Solve : I too have AV security suite and Trojan AV issue, windows security alert, etc? |
|
Answer» I just got a window which said I'm low on MEMORY, and that I should close some files... |
|
| 4714. |
Solve : best virus remover software?? |
|
Answer» Tell me name of this.Quote from: keyboardboy1 on JULY 21, 2010, 12:11:11 AM Tell me name of this. None.Try out KASPERSKY Antivirus, http://kaspersky.com |
|
| 4715. |
Solve : Kaspersky scanning? |
|
Answer» If I deep scan a file (say, a .zip/.rar file with .zip .rar files in it) with Kaspersky, fully updated to the minute (latest update) and Kaspersky yields me a 'no threats' report of the scan, does this really mean the file is 100% harmless? |
|
| 4716. |
Solve : McAfee scan running extremely slow? |
|
Answer» I have the McAfee Security Center on my PC, and I THINK its supposed to have a scheduled SCAN every 30 days. Well every 3-5 days it tells me it has not preformed the scheduled scan in 30 days or less, and that my computer is not fully PROTECTED.. So I need to RUN the scan to "fix" it so its protected again.. |
|
| 4717. |
Solve : Antivirus programs must be updated!? |
|
Answer» My Intel Celeron [emailprotected] GHz computer using Windows Vista Home Premium suffered a crashing hard DISK drive failure last weekend due to a virus. I stupidly failed to update my antivirus software program (Avira AntiVir Personal Free) and am now forced to purchase a new computer. I am NOT a novice at computers either! I use them on a daily basis and have even advised people I know to keep their antivirus programs up-to-date. Apparently, I should have been paying closer attention to what I was saying. It took a crash and the total loss of ALL of my program files and folders, everything I had stored on my PC to remind me of the importance to update, update, update. I hope everyone who reads this will remember to do the same. After all, an antivirus program is only effective if it's up-to-date. A word to my very wise colleagues. |
|
| 4718. |
Solve : pretty sure my son loaded a virus from a gamimg websit? |
|
Answer» My 11 yr old played a game online and then after trying to clean with microsoft maicious virus remover it crashed. Now it will not COME on, the monitor is on but nothing from the PC...no idea what to do now Are you getting "no signal" on the monitor? Do you HEAR any beeps when it's trying to start? You will have to check all the wiring to ensure you're getting POWER to the CPU and perhaps opening the box and CHECKING to ensure EVERYTHING is secured inside. |
|
| 4719. |
Solve : installing kaspersky 2011 problems? |
|
Answer» Hi there I am having problems installing KASPERSKY 2011 at the moment. I have removed my mcafee and trying to install kaspersky but it is saying my computer is infected and will not let me install. Kaspersky has a remove tool which is a seperate program i ran that and it detected 9 trojans and i deleted them. I uninstalled that and tryed to install the kaspersky 2011 ANTI VIRUS but it still will not let me oh and I have also ran spybot and ad ware REMOVER and they have deleted stuff aswell what should I do?why not use microsoft essentials which is installed with win7 |
|
| 4720. |
Solve : Remove startup error win7? |
|
Answer» Quote from: Frejoh466 on July 17, 2010, 06:16:58 AM Every time I startup my computer I get 2 AsusSetup error "C:\Users\My name\AppData\local\Temp\052245log.iniis lost" and I don't know how to get rid of them. I made a new account, deleted the temp files, reinstalled the program and was trying to find anything in C:\ if I could find where it read it on the startup. Broni told me to do a post in this forum, I don't know why because it's not a virus but I will not argue with someone who has the title "Mastermind" so I do a post here and see what will happen. yea I should mention that the error is from when I installed my drivers, then it needed a restart, then it could not find the CD, I removed it and downloaded and install the drivers from the Asus homepage.Hi, Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
%systemroot%\system32\*.dll /lockedfiles %systemroot%\system32\*.exe /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.sys %systemroot%\system32\drivers\*.dll %systemroot%\system32\drivers\*.ini %systemroot%\system32\drivers\*.exe %SYSTEMDRIVE%\*.* %PROGRAMFILES%\*. %appdata%\*.* netsvcs msconfig safebootminimal safebootnetwork activex drivers32 /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys disk.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys mv61xx.sys usbstor.sys /md5stop CREATERESTOREPOINT HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scrCode: [Select]OTL logfile created on: 2010-07-18 08:09:05 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\****\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 71,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,83 Gb Total Space | 11,09 Gb Free Space | 22,71% Space Free | Partition Type: NTFS Drive D: | 2122,07 Gb Total Space | 172,10 Gb Free Space | 59,06% Space Free | Partition Type: NTFS Drive E: | 2127,19 Gb Total Space | 139,38 Gb Free Space | 30,97% Space Free | Partition Type: NTFS F: Drive not present or media not loaded Drive G: | 1597,26 Gb Total Space | 1277,47 Gb Free Space | 91,43% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ****-PC Current User Name: ***** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-07-18 08:08:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe PRC - [2010-07-02 15:29:38 | 000,716,024 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe PRC - [2010-07-01 14:40:53 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010-06-24 22:01:55 | 000,910,296 | ---- | M] (Mozilla CORPORATION) -- D:\Program\Mozilla Firefox\firefox.exe PRC - [2010-06-07 17:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010-05-29 13:07:51 | 000,322,352 | ---- | M] (BitTorrent, Inc.) -- D:\Program\utorrent.exe PRC - [2009-09-29 14:03:46 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe PRC - [2009-08-19 21:02:06 | 000,034,816 | ---- | M] (Stefan Sundin) -- C:\Program Files (x86)\SuperF4\SuperF4.exe PRC - [2009-08-09 11:49:26 | 003,986,552 | ---- | M] (Almico Software (www.almico.com)) -- D:\Program\SpeedFan\speedfan.exe PRC - [2009-07-20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe PRC - [2009-04-02 06:27:27 | 000,090,112 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe PRC - [2009-03-30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-07-18 08:08:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe MOD - [2009-07-20 05:00:00 | 000,057,344 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\GameHook.dll MOD - [2009-07-20 05:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll MOD - [2009-07-20 05:00:00 | 000,010,752 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\IMHook.dll MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009-07-14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll MOD - [2009-06-10 23:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA) SRV:[b]64bit:[/b] - [2009-09-29 14:11:14 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV:[b]64bit:[/b] - [2009-09-29 14:03:46 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV:[b]64bit:[/b] - [2009-07-20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\cscsvc.dll -- (CscService) SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2010-07-02 15:29:38 | 000,716,024 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2010-07-01 14:40:53 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010-06-07 17:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010-03-30 11:16:14 | 001,823,112 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010-03-18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-07-16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009-07-14 03:16:19 | 000,348,672 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2009-04-02 06:27:27 | 000,090,112 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2008-10-25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV:[b]64bit:[/b] - [2010-06-09 22:02:48 | 000,023,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter) DRV:[b]64bit:[/b] - [2010-03-04 13:43:00 | 000,346,144 | R--- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2010-03-01 18:48:16 | 000,314,016 | R--- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:[b]64bit:[/b] - [2010-03-01 18:48:16 | 000,043,680 | R--- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:[b]64bit:[/b] - [2010-02-02 18:53:08 | 000,834,544 | R--- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2009-12-30 12:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt) DRV:[b]64bit:[/b] - [2009-09-29 14:06:16 | 000,123,200 | R--- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr) DRV:[b]64bit:[/b] - [2009-09-29 14:03:00 | 000,136,584 | R--- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:[b]64bit:[/b] - [2009-09-29 13:56:36 | 000,144,824 | R--- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon) DRV:[b]64bit:[/b] - [2009-09-23 10:42:58 | 000,033,856 | RH-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:[b]64bit:[/b] - [2009-09-16 07:02:42 | 000,031,232 | R--- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,106,576 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,028,752 | R--- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | R--- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | R--- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,077,888 | R--- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,200,272 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,046,672 | R--- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,034,896 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | R--- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 01:42:58 | 000,006,656 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap) DRV:[b]64bit:[/b] - [2009-07-14 01:42:44 | 000,021,760 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID) DRV:[b]64bit:[/b] - [2009-07-14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC) DRV:[b]64bit:[/b] - [2009-06-17 18:54:38 | 000,112,144 | R--- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE) DRV:[b]64bit:[/b] - [2009-06-17 18:54:30 | 000,057,872 | R--- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:[b]64bit:[/b] - [2009-06-17 18:54:22 | 000,055,312 | R--- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:[b]64bit:[/b] - [2009-06-17 18:53:42 | 000,089,616 | R--- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou) DRV:[b]64bit:[/b] - [2009-06-10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-05-14 10:26:24 | 000,015,416 | R--- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:[b]64bit:[/b] - [2009-05-04 18:30:28 | 000,016,440 | R--- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV - [2007-02-07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8B 4A 5C 2D 6B 1B CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 66.167.100.59:6649 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.blackcats-games.net" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.4 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.7 FF - prefs.js..extensions.enabledItems: [emailprotected]:4.0.0 FF - prefs.js..extensions.enabledItems: {2E481B23-66AC-313F-D6A8-A81DDDF26249}:0.8.1 FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=IMB&o=15785&locale=en_US&q=" FF - prefs.js..network.proxy.backup.ftp: "173.29.101.30" FF - prefs.js..network.proxy.backup.ftp_port: 8085 FF - prefs.js..network.proxy.backup.gopher: "173.29.101.30" FF - prefs.js..network.proxy.backup.gopher_port: 8085 FF - prefs.js..network.proxy.backup.socks: "173.29.101.30" FF - prefs.js..network.proxy.backup.socks_port: 8085 FF - prefs.js..network.proxy.backup.ssl: "173.29.101.30" FF - prefs.js..network.proxy.backup.ssl_port: 8085 FF - prefs.js..network.proxy.ftp: "207.44.255.163" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.gopher: "207.44.255.163" FF - prefs.js..network.proxy.gopher_port: 3128 FF - prefs.js..network.proxy.http: "207.44.255.163" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "207.44.255.163" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "207.44.255.163" FF - prefs.js..network.proxy.ssl_port: 3128 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: D:\Program\Mozilla Firefox\components [2010-06-26 20:44:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: D:\Program\Mozilla Firefox\plugins [2010-07-17 12:46:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\[emailprotected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-02-02 19:40:16 | 000,000,000 | ---D | M] [2010-02-02 20:01:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla\Extensions [2010-07-18 08:04:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\pchnbazt.default\extensions [2010-07-06 11:30:07 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\pchnbazt.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010-07-01 08:28:26 | 000,000,000 | ---D | M] (Fierr) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\pchnbazt.default\extensions\{2E481B23-66AC-313F-D6A8-A81DDDF26249} [2010-07-13 11:39:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\pchnbazt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010-07-10 12:00:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\pchnbazt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-07-18 08:04:31 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\pchnbazt.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010-02-04 14:53:24 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\pchnbazt.default\extensions\[emailprotected] [2010-02-02 20:15:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2009-12-17 15:25:02 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Bluetooth Connection Assistant] File not found O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:[b]64bit:[/b] - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC) O4 - HKCU..\Run: [SuperF4] C:\Program Files (x86)\SuperF4\SuperF4.exe (Stefan Sundin) O4 - HKCU..\Run: [uTorrent] D:\Program\uTorrent.exe (BitTorrent, Inc.) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.bat - Shortcut.LNK = D:\Program\SpeedFan\SpeedFan.bat () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.62.0.cab (SysInfo Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:[b]64bit:[/b] - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O29:[b]64bit:[/b] - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-02-02 15:06:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{06f357b0-8f76-11df-81ac-9bf85c9342bb}\Shell - "" = AutoRun O33 - MountPoints2\{06f357b0-8f76-11df-81ac-9bf85c9342bb}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{06f357b8-8f76-11df-81ac-9bf85c9342bb}\Shell - "" = AutoRun O33 - MountPoints2\{06f357b8-8f76-11df-81ac-9bf85c9342bb}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{06f357c8-8f76-11df-81ac-9bf85c9342bb}\Shell - "" = AutoRun O33 - MountPoints2\{06f357c8-8f76-11df-81ac-9bf85c9342bb}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{06f357ca-8f76-11df-81ac-9bf85c9342bb}\Shell - "" = AutoRun O33 - MountPoints2\{06f357ca-8f76-11df-81ac-9bf85c9342bb}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{8770aab6-101d-11df-81e3-90e6ba4e15d7}\Shell - "" = AutoRun O33 - MountPoints2\{8770aab6-101d-11df-81e3-90e6ba4e15d7}\Shell\AutoRun\command - "" = I:\setup\rsrc\Autorun.exe -- File not found O33 - MountPoints2\{8770aab6-101d-11df-81e3-90e6ba4e15d7}\Shell\dinstall\command - "" = I:\Directx\dxsetup.exe -- File not found O33 - MountPoints2\{94c8b710-3752-11df-9827-90e6ba4e15d7}\Shell - "" = AutoRun O33 - MountPoints2\{94c8b710-3752-11df-9827-90e6ba4e15d7}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\{d5c7b7ba-8f77-11df-8a9f-e50ff7a46cb8}\Shell - "" = AutoRun O33 - MountPoints2\{d5c7b7ba-8f77-11df-8a9f-e50ff7a46cb8}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{d5c7b7bc-8f77-11df-8a9f-e50ff7a46cb8}\Shell - "" = AutoRun O33 - MountPoints2\{d5c7b7bc-8f77-11df-8a9f-e50ff7a46cb8}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^Users^****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrering.lnk - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe - (LEADER Technologies/Logitech) MsConfig:64bit - StartUpReg: [b]Adobe ARM[/b] - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: [b]LogMeIn Hamachi Ui[/b] - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) MsConfig:64bit - StartUpReg: [b]Microsoft Pinyin IME Migration[/b] - hkey= - key= - C:\Program Files\Common Files\Microsoft Shared\IME12\IMESC\IMSCMIG.EXE (Microsoft Corporation) MsConfig:64bit - StartUpReg: [b]RtHDVCpl[/b] - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) MsConfig:64bit - StartUpReg: [b]Skytel[/b] - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) MsConfig:64bit - StartUpReg: [b]Steam[/b] - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) MsConfig:64bit - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: [b]TurboV[/b] - hkey= - key= - C:\Program Files\ASUS\TurboV\TurboV.exe () MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "bootini" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] Base - Driver Group SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group SafeBootMin:[b]64bit:[/b] File system - Driver Group SafeBootMin:[b]64bit:[/b] Filter - Driver Group SafeBootMin:[b]64bit:[/b] HelpSvc - Service SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group SafeBootMin:[b]64bit:[/b] sacsvr - Service SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] vmms - Service SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] Base - Driver Group SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group SafeBootNet:[b]64bit:[/b] File system - Driver Group SafeBootNet:[b]64bit:[/b] Filter - Driver Group SafeBootNet:[b]64bit:[/b] HelpSvc - Service SafeBootNet:[b]64bit:[/b] Messenger - Service SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group SafeBootNet:[b]64bit:[/b] Network - Driver Group SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group SafeBootNet:[b]64bit:[/b] rdsessmgr - Service SafeBootNet:[b]64bit:[/b] sacsvr - Service SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] TDI - Driver Group SafeBootNet:[b]64bit:[/b] vmms - Service SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:[b]64bit:[/b] {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:[b]64bit:[/b] >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:[b]64bit:[/b] >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:[b]64bit:[/b] aux - wdmaud.drv (Microsoft Corporation) Drivers32:[b]64bit:[/b] midi - wdmaud.drv (Microsoft Corporation) Drivers32:[b]64bit:[/b] midimapper - midimap.dll (Microsoft Corporation) Drivers32:[b]64bit:[/b] mixer - wdmaud.drv (Microsoft Corporation) Drivers32:[b]64bit:[/b] msacm.imaadpcm - imaadp32.acm (Microsoft Corporation) Drivers32:[b]64bit:[/b] msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:[b]64bit:[/b] msacm.msadpcm - msadp32.acm (Microsoft Corporation) Drivers32:[b]64bit:[/b] msacm.msg711 - msg711.acm (Microsoft Corporation) Drivers32:[b]64bit:[/b] msacm.msgsm610 - msgsm32.acm (Microsoft Corporation) Drivers32:[b]64bit:[/b] wave - wdmaud.drv (Microsoft Corporation) Drivers32:[b]64bit:[/b] wavemapper - msacm32.drv (Microsoft Corporation) Drivers32:[b]64bit:[/b] vidc.i420 - iyuv_32.dll (Microsoft Corporation) Drivers32:[b]64bit:[/b] vidc.iyuv - iyuv_32.dll (Microsoft Corporation) Drivers32:[b]64bit:[/b] vidc.mrle - msrle32.dll (Microsoft Corporation) Drivers32:[b]64bit:[/b] vidc.msvc - msvidc32.dll (Microsoft Corporation) Drivers32:[b]64bit:[/b] vidc.uyvy - msyuv.dll (Microsoft Corporation) Drivers32:[b]64bit:[/b] VIDC.XFR1 - xfcodec64.dll () Drivers32:[b]64bit:[/b] vidc.yuy2 - msyuv.dll (Microsoft Corporation) Drivers32:[b]64bit:[/b] vidc.yvu9 - tsbyuv.dll (Microsoft Corporation) Drivers32:[b]64bit:[/b] vidc.yvyu - msyuv.dll (Microsoft Corporation) Drivers32: aux - wdmaud.drv (Microsoft Corporation) Drivers32: midi - wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - midimap.dll (Microsoft Corporation) Drivers32: mixer - wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation) Drivers32: wave - wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - msacm32.drv (Microsoft Corporation) Drivers32: vidc.cvid - iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation) Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation) Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation) Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation) Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-07-18 08:06:32 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2010-07-17 12:45:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010-07-17 12:45:14 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2010-07-17 12:43:58 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Adobe [2010-07-16 17:22:47 | 000,000,000 | R--D | C] -- C:\All Users [2010-07-16 16:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS [2010-07-16 15:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Tunngle [2010-07-15 20:49:04 | 000,000,000 | ---D | C] -- D:\Program\Documents\Visual Studio 2005 [2010-07-14 20:33:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Huawei technologies [2010-07-13 10:27:06 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\id Software [2010-07-10 11:48:22 | 000,000,000 | ---D | C] -- D:\Program\Documents\Singularity [2010-07-10 11:46:48 | 000,000,000 | ---D | C] -- C:\Windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP [2010-07-09 11:28:31 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe [2010-07-08 15:31:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2010-07-08 15:31:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2010-07-07 15:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer [2010-07-07 15:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2010-07-07 15:18:14 | 006,824,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2010-07-07 15:18:14 | 004,967,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2010-07-07 15:18:14 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2010-07-07 15:18:14 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2010-07-07 15:18:14 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd [2010-07-07 15:18:13 | 021,662,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2010-07-07 15:18:13 | 015,764,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2010-07-07 15:18:13 | 003,184,744 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvencodemft.dll [2010-07-07 15:18:13 | 002,890,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvencodemft.dll [2010-07-07 15:18:13 | 000,405,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll [2010-07-07 15:18:13 | 000,332,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll [2010-07-07 15:18:11 | 012,338,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2010-07-07 15:18:11 | 002,867,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2010-07-07 15:18:11 | 002,291,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2010-07-07 15:18:11 | 002,145,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2010-07-07 15:18:10 | 010,263,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2010-07-07 15:18:10 | 006,065,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2010-07-07 15:18:10 | 004,513,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2010-07-07 15:18:10 | 002,632,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2010-07-07 15:18:09 | 014,511,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2010-07-07 15:18:09 | 000,255,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1921.dll [2010-07-07 15:18:09 | 000,255,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll [2010-07-05 21:46:43 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\GlobalSCAPE [2010-07-05 21:46:43 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\GlobalSCAPE [2010-07-05 21:40:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GlobalSCAPE [2010-07-04 10:09:05 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\VS Revo Group [2010-07-04 08:29:56 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Apps [2010-07-01 13:36:13 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache [2010-06-30 21:00:37 | 001,391,616 | ---- | C] (Irfan Skiljan) -- C:\Users\****\Desktop\iview427_setup.exe [2010-06-28 19:49:26 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\SystemRequirementsLab [2010-06-27 13:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BPFTP Server [2010-06-25 17:31:53 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Microsoft Games [2010-06-24 07:26:11 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll [2010-06-24 07:26:11 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe [2010-06-24 07:26:11 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe [2010-06-24 07:26:11 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll [2010-06-24 07:26:11 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll [2010-06-24 07:26:11 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll [2010-06-24 07:26:10 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll [2010-06-24 07:26:10 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll [2010-06-23 08:02:40 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2010-06-23 08:02:27 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2010-06-23 08:02:27 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2010-06-23 08:02:26 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax [2010-06-23 08:02:25 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll [2010-06-23 08:02:25 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2010-06-23 08:02:25 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2010-06-23 08:02:25 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax [2010-06-22 12:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs [2010-06-20 19:20:31 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\ElevatedDiagnostics [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-07-18 08:12:07 | 002,097,152 | -HS- | M] () -- C:\Users\****\NTUSER.DAT [2010-07-18 08:08:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2010-07-18 08:01:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010-07-18 08:01:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010-07-18 08:01:38 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys [2010-07-17 22:43:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat [2010-07-17 22:43:07 | 013,201,467 | -H-- | M] () -- C:\Users\****\AppData\Local\IconCache.db [2010-07-17 20:41:38 | 005,292,054 | ---- | M] () -- C:\Users\****\Desktop\New Bitmap Image.bmp [2010-07-17 19:42:52 | 000,018,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010-07-17 19:42:52 | 000,018,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010-07-17 16:57:29 | 000,730,384 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010-07-17 16:57:29 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010-07-17 16:57:29 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010-07-17 16:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At1.job [2010-07-16 17:02:22 | 000,031,323 | ---- | M] () -- C:\Windows\Ascd_log.ini [2010-07-16 16:57:38 | 000,000,656 | ---- | M] () -- C:\Windows\setup.iss [2010-07-16 16:54:49 | 000,023,444 | ---- | M] () -- C:\Windows\Ascd_tmp.ini [2010-07-14 14:55:58 | 000,007,600 | ---- | M] () -- C:\Users\****\AppData\Local\resmon.resmoncfg [2010-07-14 10:02:51 | 000,734,810 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010-07-11 11:58:27 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010-07-10 11:46:54 | 000,000,747 | ---- | M] () -- C:\Users\Public\Desktop\Singularity(TM).lnk [2010-07-09 21:39:19 | 000,114,616 | ---- | M] () -- C:\Users\****\AppData\Local\GDIPFONTCACHEV1.DAT [2010-07-09 13:04:10 | 000,434,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010-07-08 19:24:24 | 001,909,153 | ---- | M] () -- C:\Users\****\Desktop\pown_2618.swf [2010-07-07 20:16:31 | 000,051,744 | ---- | M] () -- C:\Users\****\Desktop\namnlös.JPG [2010-07-01 14:40:53 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010-07-01 14:30:43 | 000,000,571 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Multiplayer.lnk [2010-07-01 14:28:51 | 000,000,300 | ---- | M] () -- C:\Windows\game.ini [2010-06-30 21:00:46 | 001,391,616 | ---- | M] (Irfan Skiljan) -- C:\Users\****\Desktop\iview427_setup.exe [2010-06-30 17:01:10 | 000,001,792 | ---- | M] () -- C:\Windows\TSearch.INI [2010-06-28 13:53:19 | 000,000,652 | ---- | M] () -- C:\Users\Public\Desktop\Dungeon Siege 2.lnk [2010-06-26 08:55:23 | 000,000,057 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-07-17 20:41:33 | 005,292,054 | ---- | C] () -- C:\Users\****\Desktop\New Bitmap Image.bmp [2010-07-16 16:57:11 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2010-07-16 16:57:11 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2010-07-16 16:56:45 | 000,000,496 | ---- | C] () -- C:\Windows\usetup.iss [2010-07-14 10:02:51 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010-07-10 11:46:54 | 000,000,747 | ---- | C] () -- C:\Users\Public\Desktop\Singularity(TM).lnk [2010-07-08 19:24:23 | 001,909,153 | ---- | C] () -- C:\Users\****\Desktop\pown_2618.swf [2010-07-07 20:06:05 | 000,051,744 | ---- | C] () -- C:\Users\****\Desktop\namnlös.JPG [2010-07-07 13:26:40 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010-07-01 14:30:43 | 000,000,571 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Multiplayer.lnk [2010-07-01 13:46:00 | 000,000,300 | ---- | C] () -- C:\Windows\game.ini [2010-06-30 17:01:10 | 000,001,792 | ---- | C] () -- C:\Windows\TSearch.INI [2010-06-28 13:53:19 | 000,000,652 | ---- | C] () -- C:\Users\Public\Desktop\Dungeon Siege 2.lnk [2010-06-28 12:54:46 | 000,019,248 | ---- | C] () -- C:\Users\****\Desktop\asx-ds2_For_v2.2.exe [2010-05-08 11:38:13 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2010-04-02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010-03-27 00:07:22 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2010-03-09 08:03:35 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2010-02-03 07:26:08 | 000,031,323 | ---- | C] () -- C:\Windows\Ascd_log.ini [2010-02-03 07:25:42 | 000,023,444 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2010-02-03 06:28:50 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2010-02-03 06:28:50 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2010-02-03 06:22:47 | 000,015,872 | ---- | C] () -- C:\Windows\AsTaskSched.dll [2010-02-03 06:22:45 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2007-12-28 09:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\system32\*.exe /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color] [color=#A23BEC]< %systemroot%\system32\*.sys >[/color] [2007-02-07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\SysWOW64\speedfan.sys [color=#A23BEC]< %systemroot%\system32\drivers\*.dll >[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.ini >[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.exe >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color] [2010-02-02 15:06:33 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-02-02 15:02:40 | 000,000,194 | -H-- | M] () -- C:\Boot.BAK [2010-02-03 03:14:42 | 000,000,338 | RHS- | M] () -- C:\Boot.ini.saved [2001-09-28 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2009-07-14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2010-02-03 03:14:42 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010-02-02 15:06:33 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010-02-02 18:49:09 | 000,203,316 | RHS- | M] () -- C:\grldr [2010-07-18 08:01:38 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys [2010-02-02 15:06:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-02-02 15:06:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2002-08-28 21:08:54 | 000,047,580 | RHS- | M] () -- C:\NTDETECT.COM [2002-08-29 01:05:46 | 000,234,144 | RHS- | M] () -- C:\ntldr [2010-07-18 08:01:38 | 4294,107,136 | -HS- | M] () -- C:\pagefile.sys [2010-02-02 18:49:22 | 000,000,003 | RHS- | M] () -- C:\win7ldr [color=#A23BEC]< %PROGRAMFILES%\*. >[/color] [2010-02-11 18:43:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe [2010-07-16 16:57:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ASUS [2010-02-03 07:42:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies [2010-04-04 09:29:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AutoHotkey [2010-06-05 18:58:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bit Che [2010-07-10 08:44:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BPFTP Server [2010-07-08 15:31:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files [2010-05-17 05:48:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DAEMON Tools Lite [2010-02-02 18:46:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\*censored* NFO Viewer [2010-07-11 11:54:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Garena [2010-07-05 21:40:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GlobalSCAPE [2010-07-14 20:57:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Huawei technologies [2010-07-16 16:57:45 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information [2010-07-07 22:06:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer [2010-04-19 20:14:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java [2010-03-30 15:35:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LogMeIn Hamachi [2010-05-10 05:25:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 [2010-04-16 16:50:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2010-05-09 14:25:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office [2010-05-09 14:25:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio Code: [Select] | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2010-05-10 05:24:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works [2010-06-26 08:57:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET [2010-02-02 20:16:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox [2010-05-09 14:25:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild [2010-03-26 17:28:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSECache [2010-07-08 23:12:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation [2010-03-17 12:09:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QS [2010-02-03 06:24:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek [2009-07-14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies [2010-02-02 20:22:11 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype [2010-02-02 20:10:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SpeedFan [2010-02-25 11:17:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spotify [2010-07-13 11:23:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam [2010-02-04 15:12:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SuperF4 [2010-07-07 17:27:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SystemRequirementsLab [2010-02-03 06:24:27 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp [2010-07-05 19:02:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Tunngle [2010-04-27 20:04:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ubisoft [2009-07-14 06:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information [2010-05-15 15:40:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN [2009-07-14 07:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender [2010-05-12 17:19:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail [2010-02-02 19:51:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player [2009-07-14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT [2009-07-14 07:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer [2009-07-14 07:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices [2010-02-03 06:09:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinRAR [color=#A23BEC]< %appdata%\*.* >[/color] [2010-03-12 22:09:14 | 000,000,039 | ---- | M] () -- C:\Users\****\AppData\Roaming\trafikcfg.ini [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color] [2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009-07-14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll [color=#A23BEC]< MD5 for: DISK.SYS >[/color] [2009-07-14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys [2009-07-14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys [color=#A23BEC]< MD5 for: IASTORV.SYS >[/color] [2009-07-14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009-07-14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2009-07-14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009-07-14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009-07-14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009-07-14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll [color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color] [2009-07-14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009-07-14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2009-07-14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009-07-14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009-07-14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009-07-14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [color=#A23BEC]< MD5 for: USBSTOR.SYS >[/color] [2009-07-14 02:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\SysWow64\DriverStore\FileRepository\usbstor.inf_amd64_neutral_c301b770e0bfb179\USBSTOR.SYS [2009-07-14 02:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_a47b405db18421ea\USBSTOR.SYS [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color] < End of report > Code: [Select]OTL Extras logfile created on: 2010-07-18 08:09:05 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\****\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 71,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,83 Gb Total Space | 11,09 Gb Free Space | 22,71% Space Free | Partition Type: NTFS Drive D: | 2122,07 Gb Total Space | 172,10 Gb Free Space | 59,06% Space Free | Partition Type: NTFS Drive E: | 2127,19 Gb Total Space | 139,38 Gb Free Space | 30,97% Space Free | Partition Type: NTFS F: Drive not present or media not loaded Drive G: | 1597,26 Gb Total Space | 1277,47 Gb Free Space | 91,43% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ****-PC Current User Name: **** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- Reg Error: Key error. File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- D:\Program\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- Reg Error: Key error. htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- Reg Error: Key error. CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- Reg Error: Key error. htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- Reg Error: Key error. CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error. [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0+ (r404) "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{3428D45E-785A-147C-9BB6-018C1D9EAF43}" = ATI Catalyst Install Manager "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{4183655A-5FC6-4A23-A804-7764145EC57C}" = ESET NOD32 Antivirus "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.2.0 "{90120000-0028-0404-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007 "{90120000-0028-0411-1000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2007 "{90120000-0028-0412-1000-0000000FF1CE}" = Microsoft Office IME (Korean) 2007 "{90120000-0028-0804-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2007 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18 "{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale "{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Activision(R) "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi "{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007 "{90120000-001F-0401-0000-0000000FF1CE}_PROOFKIT_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0402-0000-0000000FF1CE}" = Microsoft Office Proof (Bulgarian) 2007 "{90120000-001F-0402-0000-0000000FF1CE}_PROOFKIT_{FB4EE5BD-7C0B-4B5C-ACEC-D1F160BE9B47}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007 "{90120000-001F-0403-0000-0000000FF1CE}_PROOFKIT_{4B47C31E-46B0-462B-BEE4-DC383B6A1F2A}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2007 "{90120000-001F-0404-0000-0000000FF1CE}_PROOFKIT_{33FA7680-10ED-444E-BC72-214064317283}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007 "{90120000-001F-0405-0000-0000000FF1CE}_PROOFKIT_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0406-0000-0000000FF1CE}" = Microsoft Office Proof (Danish) 2007 "{90120000-001F-0406-0000-0000000FF1CE}_PROOFKIT_{25E093C2-374E-44A9-9BCE-3881BD442F3F}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROOFKIT_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0408-0000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2007 "{90120000-001F-0408-0000-0000000FF1CE}_PROOFKIT_{3C7DCB2F-8EA1-4558-B8F5-1107C4055A0B}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040B-0000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2007 "{90120000-001F-040B-0000-0000000FF1CE}_PROOFKIT_{8C00DF3E-E8BD-4C6A-B86F-0135E11DAF1C}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040D-0000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2007 "{90120000-001F-040D-0000-0000000FF1CE}_PROOFKIT_{D51DB996-6D46-4195-B495-5E96F61A3CB9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2007 "{90120000-001F-040E-0000-0000000FF1CE}_PROOFKIT_{573CA1BB-C8A3-46C4-993E-DB4043D9BFCD}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROOFKIT_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0411-0000-0000000FF1CE}" = Microsoft Office Proof (Japanese) 2007 "{90120000-001F-0411-0000-0000000FF1CE}_PROOFKIT_{09FD8ECF-B585-47FD-8E53-68BB8741DA65}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0412-0000-0000000FF1CE}" = Microsoft Office Proof (Korean) 2007 "{90120000-001F-0412-0000-0000000FF1CE}_PROOFKIT_{B017C4D5-E774-4A94-A8E3-380489B86F47}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007 "{90120000-001F-0413-0000-0000000FF1CE}_PROOFKIT_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0414-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Bokmål)) 2007 "{90120000-001F-0414-0000-0000000FF1CE}_PROOFKIT_{D3413506-02DD-4918-AB8B-A9939A14C2E8}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_PROOFKIT_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007 "{90120000-001F-0416-0000-0000000FF1CE}_PROOFKIT_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0418-0000-0000000FF1CE}" = Microsoft Office Proof (Romanian) 2007 "{90120000-001F-0418-0000-0000000FF1CE}_PROOFKIT_{6E3398C5-9A81-4054-B474-8B23A60F5048}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2007 "{90120000-001F-0419-0000-0000000FF1CE}_PROOFKIT_{57A92C5E-E76A-49CC-9EC2-A7B6CE1255EA}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-041A-0000-0000000FF1CE}" = Microsoft Office Proof (Croatian) 2007 "{90120000-001F-041A-0000-0000000FF1CE}_PROOFKIT_{C9CC66D9-D7D3-46C1-A485-9601E4DE8D28}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007 "{90120000-001F-041B-0000-0000000FF1CE}_PROOFKIT_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-041D-0000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2007 "{90120000-001F-041D-0000-0000000FF1CE}_PROOFKIT_{43722AA8-ACEA-4F54-9B83-2467D376EF8A}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-041E-0000-0000000FF1CE}" = Microsoft Office Proof (Thai) 2007 "{90120000-001F-041E-0000-0000000FF1CE}_PROOFKIT_{0ED7C31A-FB21-4F8E-BD16-921A5E69B2C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-041F-0000-0000000FF1CE}" = Microsoft Office Proof (Turkish) 2007 "{90120000-001F-041F-0000-0000000FF1CE}_PROOFKIT_{CB71F1CB-4CC3-47DE-B003-40413E64FE10}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0420-0000-0000000FF1CE}" = Microsoft Office Proof (Urdu) 2007 "{90120000-001F-0422-0000-0000000FF1CE}" = Microsoft Office Proof (Ukrainian) 2007 "{90120000-001F-0422-0000-0000000FF1CE}_PROOFKIT_{6F177D09-F21D-4F50-9436-353972D1D232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0424-0000-0000000FF1CE}" = Microsoft Office Proof (Slovenian) 2007 "{90120000-001F-0424-0000-0000000FF1CE}_PROOFKIT_{6E8DFF8D-F7D1-4451-952A-61CAB73A59E2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0425-0000-0000000FF1CE}" = Microsoft Office Proof (Estonian) 2007 "{90120000-001F-0425-0000-0000000FF1CE}_PROOFKIT_{198E4A56-E02D-4594-AA6A-B25D83F50A81}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0426-0000-0000000FF1CE}" = Microsoft Office Proof (Latvian) 2007 "{90120000-001F-0426-0000-0000000FF1CE}_PROOFKIT_{1B3EDDDA-158A-4AFB-A493-57446AC5964D}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0427-0000-0000000FF1CE}" = Microsoft Office Proof (Lithuanian) 2007 "{90120000-001F-0427-0000-0000000FF1CE}_PROOFKIT_{15B60D1E-FBD2-4659-A159-ADB32FA4105D}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007 "{90120000-001F-0439-0000-0000000FF1CE}" = Microsoft Office Proof (Hindi) 2007 "{90120000-001F-0439-0000-0000000FF1CE}_PROOFKIT_{B0126B90-3F42-404B-8435-DE45FBC3BE45}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0446-0000-0000000FF1CE}" = Microsoft Office Proof (Punjabi) 2007 "{90120000-001F-0447-0000-0000000FF1CE}" = Microsoft Office Proof (Gujarati) 2007 "{90120000-001F-0449-0000-0000000FF1CE}" = Microsoft Office Proof (Tamil) 2007 "{90120000-001F-044A-0000-0000000FF1CE}" = Microsoft Office Proof (Telugu) 2007 "{90120000-001F-044B-0000-0000000FF1CE}" = Microsoft Office Proof (Kannada) 2007 "{90120000-001F-044E-0000-0000000FF1CE}" = Microsoft Office Proof (Marathi) 2007 "{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007 "{90120000-001F-0804-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Simplified)) 2007 "{90120000-001F-0804-0000-0000000FF1CE}_PROOFKIT_{82E853AD-6911-4EA9-9EB0-2F9BE7747878}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0814-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Nynorsk)) 2007 "{90120000-001F-0814-0000-0000000FF1CE}_PROOFKIT_{1B70EF07-15AB-483B-B7DE-C60584A3F518}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2007 "{90120000-001F-0816-0000-0000000FF1CE}_PROOFKIT_{C312E1CD-EC19-4270-A072-F36F634DFF79}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-081A-0000-0000000FF1CE}" = Microsoft Office Proof (Serbian (Latin)) 2007 "{90120000-001F-081A-0000-0000000FF1CE}_PROOFKIT_{5D31A216-8A77-4993-AAF4-A747E3E81B35}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007 "{90120000-0028-0404-0000-0000000FF1CE}_PROOFKIT_{5E6C6E79-40BE-491B-9ABF-C665667E1B07}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0028-0404-1000-0000000FF1CE}_PROOFKIT_{1252D255-DB26-4F85-9F0F-D59B9DFE339E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0028-0411-0000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2007 "{90120000-0028-0411-0000-0000000FF1CE}_PROOFKIT_{85644C8B-569F-4998-9A4F-0845AA579E9E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0028-0411-1000-0000000FF1CE}_PROOFKIT_{71FF7F2B-813F-421A-AAC0-616FB5048E3D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0028-0412-0000-0000000FF1CE}" = Microsoft Office IME (Korean) 2007 "{90120000-0028-0412-0000-0000000FF1CE}_PROOFKIT_{15281683-B481-47B8-A981-7043F35441FF}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0028-0412-1000-0000000FF1CE}_PROOFKIT_{D0A5685F-34E9-4B67-B32C-262263E55098}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0028-0804-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2007 "{90120000-0028-0804-0000-0000000FF1CE}_PROOFKIT_{4029CB10-E410-41AD-BB3F-052C95243407}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0028-0804-1000-0000000FF1CE}_PROOFKIT_{B45C4BDA-CDBB-4D65-8970-6ABB35BE81B8}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0048-0409-0000-0000000FF1CE}" = Microsoft Office ProofMUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0103-0000-0000-0000000FF1CE}" = Microsoft Office Proofing Kit 2007 "{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab "{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{AC76BA86-7AD7-1053-7B44-A93000000001}" = Adobe Reader 9.3.3 - Svenska "{B3491D28-DCF7-0D3E-1B3F-28E6FCDE659F}" = HydraVision "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D9DA5C41-964F-455F-B5E7-3664519440E8}_is1" = Bit Che "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AutoHotkey" = AutoHotkey 1.0.48.05 "Bonniers Trafikskola 2010" = Bonniers Trafikskola 2010 "BulletProof FTP Server_is1" = BulletProof FTP Server (remove only) "DungeonSiege2" = Dungeon Siege 2 "ENTERPRISE" = Microsoft Office Enterprise 2007 "Garena" = Garena 2010 "InstallShield_{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Singularity(TM) "InstallShield_{91C514E8-C92E-48E4-BDEE-DE3407837194}" = Wolfenstein(TM) 1.2 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "LogMeIn Hamachi" = LogMeIn Hamachi "Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4) "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "PROOFKIT" = Microsoft Office Proofing Tools Kit 2007 "PunkBusterSvc" = PunkBuster Services "SpeedFan" = SpeedFan (remove only) "Spotify" = Spotify "Steam App 41010" = Serious Sam HD: The Second Encounter "SuperF4" = SuperF4 "SystemRequirementsLab" = System Requirements Lab "Tunngle beta_is1" = Tunngle beta "uTorrent" = µTorrent "WinRAR archiver" = WinRAR archiver "VLC media player" = VLC media player 1.0.5 [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Modern Paintball CoD4 Version 2.0" = Modern Paintball CoD4 Version 2.0 [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-07-14 03:26:00 | Computer Name = ****-PC | Source = Application Error | ID = 1000 Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp: 0x4445c334 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0, time stamp: 0x47e2d72b Exception code: 0xc0000005 Fault offset: 0x0033553e Faulting process id: 0xaf4 Faulting application start time: 0x01cb2323a1fd99ae Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Counter Strike Source\hl2.exe Faulting module path: filesystem_steam.dll Report Id: 0caef55a-8f19-11df-910c-d403f5e8a6b2 Error - 2010-07-14 03:27:35 | Computer Name = ****-PC | Source = Windows Search Service | ID = 1019 Description = Error - 2010-07-14 09:06:17 | Computer Name = ****-PC | Source = Windows Search Service | ID = 1019 Description = [ System Events ] Error - 2010-07-17 06:33:11 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001 Description = The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: %%1058 Error - 2010-07-17 06:33:25 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001 Description = The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: %%1058 Error - 2010-07-17 06:33:25 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001 Description = The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: %%1058 Error - 2010-07-17 06:33:25 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001 Description = The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: %%1058 Error - 2010-07-17 08:03:41 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001 Description = The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: %%1058 Error - 2010-07-17 08:03:42 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001 Description = The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: %%1058 Error - 2010-07-17 13:36:12 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001 Description = The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: %%1058 Error - 2010-07-17 13:36:12 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001 Description = The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: %%1058 Error - 2010-07-18 02:02:02 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001 Description = The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: %%1058 Error - 2010-07-18 02:02:07 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001 Description = The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: %%1058 < End of report > Hi, Please download Malwarebytes Anti-Malware from here. Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.Page not found. Edit: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 2010-07-19 10:12:31 mbam-log-2010-07-19 (10-12-31).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 282702 Time elapsed: 21 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected)Nvm, I reinstalled the computer, but still it kinda strange that my AMD_Chipset is ATI Catalyst Install Manager.Hi, You reformatted the computer? Yea, the problem was the ATI Catalyst Install Manager, (and I thought it was ATI graphic card drivers) but even if I reformatted the computer I got a other error, but with some copy and rename I got it to work, well kinda, I don't know what will happen when the temp folder get deleted... So I made a backup just in case I get the error again. But thanks for trying to help me Ah, I see, you're welcome. |
|
| 4721. |
Solve : Is this guide for deleting a virus safe?? |
|
Answer» Something called anti malware doctor (FAKE virus scanner) installed itself on my machine. I found this guide here: |
|
| 4722. |
Solve : Multiple IRP Complete Requests? |
|
Answer» Good morning, |
|
| 4723. |
Solve : IE8 problems? |
|
Answer» This doesn't sound LIKE a malware-produced PROBLEM. I WOULD suggest that you start a thread in the appropriate software forum to get help for this. Don't forget to MENTION that you've been to this forum.Thank you! |
|
| 4724. |
Solve : Need of Fake Antivirus Removal? |
|
Answer» Have you tried Network setup Wizard in Control Panel?Just did, doesn't work still I'm afraid I can't help you much in that aspect. Perhaps it would be better to start a new thread in the MicroSoft Windows forum. I'm sure some there could help you. Please post back here to let me know if you were successful.Save these instructions so you can have access to them while in Safe Mode.
Quote Autoscan: completed 30 minutes ago (events: 7, objects: 1500, time: 01:06:59)Ok. Now try to run the ESET scan again.I don't have internet on that computer So... Is your PC hard-wired to the router or wireless? You can try this. If it still doesn't work you should start a thread in the software forum. Download the Fix IE Utility to your desktop. Before running the utility, make sure that all your Internet Explorer windows are closed! * Extract the contents of the .zip file to your desktop. * Double click the Fix IE Utility button to run the tool. * Click Run Utility * Click OK when you see 'Re-registered all files' * Open Internet Explorer and see how it works. It's not a browser it says "Trying to acquire ip address" or something like that I've done everything I can and all the things the PEOPLE in the "windows" section could. I release and renewed the address on my router and I got the internet to work. (I'm on the (hopefully not anymore) infected pc)Quote I release and renewed the address on my router and I got the internet to work.Well, I'm really glad for you. Please try running ESET now. |
|
| 4725. |
Solve : New trojan variant in mails with "Look my CV. Thank you!"? |
|
Answer» Pay attention to the subject "LOOK my CV. Thank you! MyID NR4557547.",it is a new trojan variant in emails and Ax3soft intercepts it. |
|
| 4726. |
Solve : Infected/Hacked?? |
|
Answer» # version=7 |
|
| 4727. |
Solve : Multiple threats detected by AVG (jridea.exe & jxk.exe)? |
|
Answer» Sorry for the delay but my job has RELOCATED me to another city/state 'again' , So the desktop PC in QUESTION here will be arriving sometime in the near future. I'm presently down to one of my NOTEBOOKS and hotel wi-fi. So I beg you for your patience and will post BACK to this thread when I get the sick patient back on the operating table. |
|
| 4728. |
Solve : My Windows XP is running really weird.? |
|
Answer» Active X is fine. I don't suggest the use of Registry tools because they are dangerous.Hmmm, I always thought that a CLEAN tidy registry MADE for a better running machine. Am I wrong??Why I don’t use registry cleaners Registry Cleaners, not recommendedWow, learn something new EVERYDAY. Thanks again, JIMEvil: I've got a similar problem. Are you still there? |
|
| 4729. |
Solve : csrss.exe & smss.exe - Infected Machine?? |
|
Answer» I am trying to clean a business machine of a PARTICULARLY nasty virus. The machine isn't actually mine - I was given it and told the owner had no idea what was wrong with it. Initial diagnosis showed the browser hadn't been hijacked, and no ads presented themselves. There were sporadic slowdowns, which were helped by a RAM upgrade, but a strange screen blanking at boot just prior to the initialisation of the VZAccess Manager (The machine is a laptop and uses 3G broadband as the primary connection. I am continuing to use this as I am not willing to risk my home network by connecting to it.) I updated the Manager, which resolved this problem. However, when I looking at the Task manager I noticed a couple programs I haven't seen before - csrss.exe and smss.exe. Further research proved that they were likely viruses. So I began my time consuming routine of running as many (free) antivirus utilities I could. Below is the list of those I've done ALREADY. |
|
| 4730. |
Solve : OTL download link has been hacked - don't use it? |
|
Answer» I posted more info here: HTTP://www.techspot.com/vb/topic150628.htmlThe HOST SITE (GeeksToGo) is back ONLINE and the download is safe again. |
|
| 4731. |
Solve : Hijackthis log...any advice?? |
|
Answer» Logfile of HIJACKTHIS v1.97.7 |
|
| 4732. |
Solve : Application cannot be executed...please help? |
|
Answer» Logfile of Trend Micro HijackThis v2.0.2
•Click the button. •Accept any security warnings from your browser. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and BEGIN scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt |
|
| 4733. |
Solve : Bios Virus? Keyboard missing keys, screen rotated - HELP? |
|
Answer» Hi Guys, |
|
| 4734. |
Solve : UACd.sys Virus and Vista services not starting? |
|
Answer» SUPERAntiSpyware |
|
| 4735. |
Solve : trojan horse blocked? |
|
Answer» Quote from: becca on September 16, 2010, 10:00:23 PM bc_programmer: i just found this info which seems to explain the issue! That definitely looks like it's the case, good sleuthing! Quote from: becca on September 16, 2010, 09:37:50 PM thanks for a real reply! (and btw, was i right in my responses to "mr. adware," as you called him? i may be a "rookie" as far as this stuff is concerned, but i'm no idiot. but if i was wrong, i WOULD feel bad for getting annoyed with him.)I'd say so. His replies barely touched on any of your questions, preferring instead to ramble about adware and how symantec has malware that get's left on your PC, and providing the proof in the form of a mirror of a adware detection page from symantec about Download Accelerator PLUS (or something). Quote (i previously used symantec).Quote i am not having a problem with pop-up ads. i was getting the avast pop-up notifying me of a trojan horse. an issue which i have already EXPLAINED has been cleared up. It's hard to believe that none of the 42 products available on the online service don't have a generic signature able to detect the ROGUE code, which leaves just one explanation – they're fouled by that valid Symantec signature. Quoted from --> http://news.softpedia.com/news/Infected-File-Signed-by-Symantec-Outlines-Industry-Problem-152120.shtml |
|
| 4736. |
Solve : once badly infected-not sure what now? |
||||||||||||||||||||||||||||||||
|
Answer» Can you point me in a direction to help ensure a good clean drive to start with?? I have reinstalled once, and now days later here I am. And thank you for the advice about the virut...I keep thinking I can beat it. I'm giving up. But, is that software viewer able to help one successfully achieve eradication of Virut?Most experts agree that you can't clean a Virut infection. Quote Can you point me in a direction to help ensure a good clean drive to start with??If you do not know how to perform a fresh INSTALL, use this website -> www.windowsreinstall.com/ If you want to try a few more scans before reformatting, try these. These is one list in Reply#16. It's called Avira AntiVir rescue CD or Dr Web LIVE CD * Go to Start > Run and type mrt.exe then press Enter on the keyboard). * (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard. * Click Next. * Choose Full Scan and click Next. * Once the scan is finished click View detailed results of the scan. Look through the list and let me know if anything was found infected.Hi Dave, remember me?? I am in the process of a complete from scratch reinstall. I wanted to run my user32.dll file through the Virus Total process to ensure I had clean install. I have a validated Windows Insallation disk. That is the only thing that has been on hard drive except for the floppy disk that was used to enable the brand new hard drive for use. Virus Total indicates a trojan patched by the Hacker. the scan I did on last user32.dll file was a Win32.Banker by esafe. I need some understanding on what the contents of the url as raised below and what direction I go now since apparently either the infection is on my installation disk or...? Please!!! THIS IS THE URL THAT I COPIED AND PASTED IN NOTEPAD; Please look at part where it says that "Virus Total's website has changed and that they need new translations... and do you want to help community" http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> VirusTotal - Free Online Virus, Malware and URL Scanner http://blog.hispasec.com/virustotal/rss20.xml" /> http://virustotal.hispasecsistemas.netdna-cdn.com/img/favicon.ico" type="image/x-icon" /> http://virustotal.hispasecsistemas.netdna-cdn.com/css/virustotal-min.css" /> http://virustotal.hispasecsistemas.netdna-cdn.com/css/custom-theme/jquery-ui-1.7.2.custom-min.css" rel="stylesheet" /> http://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js"> http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js"> http://virustotal.hispasecsistemas.netdna-cdn.com/js/common-min.js">
VirusTotal's website has changed, we need new translations, do you feel like helping the community? [/url] Sign in to VT Community Safety ratings and user comments (disinfection, in-the-wild locations,
Edit my profile[/url] View my profile[/url] Inbox[/url]
Compact[/url] Print results[/url]
VT Community 0
Add your comment... Remember that when you write comments as an anonymous user they receive the lowest possible reputation. So if you have not signed in yet don't forget to do so. How to MARKUP your comments? You can add basic styles to your comments using the following accepted bbcode tags: text -- bold text -- italics text -- underline text -- strikethrough Code: [Select]text -- preformatted text You can also ADDRESS comments to particular users using the "@" twitter-like mode. By prepending a "#" symbol to a word you can add custom tags to your comment, tags that can then be searched for. Goodware Malware Spam attachment/link P2P download Propagating via IM Network worm Drive-by-download
Preview comment Edit comment Post comment Posting comment... http://virustotal.hispasecsistemas.netdna-cdn.com/img/loading.gif" /> Comment successfully posted
VirusTotal © http://www.hispasec.com/" target="_blank">Hispasec Sistemas[/url] - http://blog.hispasec.com/virustotal/rss20.xml"> [/url] http://blog.hispasec.com/virustotal/" target="_blank"> Blog[/url] - http://www.twitter.com/virustotalnews" target="_blank"> [/url] http://www.twitter.com/virustotalnews" target="_blank">Twitter[/url] - Contact: [/url] - Terms of Service & Privacy Policy[/url] THIS IS THE URL http://virustotal.hispasecsistemas.netdna-cdn.com/js/filereportDynamic-min.js"> http://virustotal.hispasecsistemas.netdna-cdn.com/js/jquery.pagination.js"> http://virustotal.hispasecsistemas.netdna-cdn.com/js/comments-min.js"> http://www.virustotal.com/file-scan/report.html?id=380797a1d74b8c5cc0972f61d546666eb509950be94256a1fbdbc06244bb564a-1284631124One in 43 is nothing to worry about. Go ahead with your reformat and reinstall your OS. |
|||||||||||||||||||||||||||||||||
| 4737. |
Solve : malware experts please take look? |
|
Answer» ComboFix 10-07-27.05 - MIke 28/07/2010 21:13:13.1.2 - x86 R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648] R3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-07-24 1116656] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-23 12872] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-13 1343400] R3 XG762_VS;ZyXEL 802.11g XG762 1211 Vista Driver;c:\windows\system32\DRIVERS\WlanGZG.sys [2007-08-20 873472] S0 SahdIa32;HDD Filter Driver;c:\windows\System32\Drivers\SahdIa32.sys [2009-06-02 21488] S0 SaibIa32;Volume Filter Driver;c:\windows\System32\Drivers\SaibIa32.sys [2009-06-02 15856] S1 aswSP;avast! Self Protection; S1 SaibVd32;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVd32.sys [2009-06-02 25584] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-23 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-07-16 67656] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2009-06-02 457200] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560] S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-01-12 185640] S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] --- Other Services/Drivers In Memory --- *Deregistered* - cmdGuard *Deregistered* - cmdHlp *Deregistered* - inspect *Deregistered* - MBAMProtector [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-07-18 17:53451872----a-w-c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder 2010-07-28 c:\windows\Tasks\d3572b34.job - c:\users\MIke\AppData\Roaming\d3572b34.exe [2005-05-14 00:00] 2010-07-28 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-08 12:43] 2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 08:34] 2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 08:34] 2010-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108769527-2725615563-1048934146-1000Core.job - c:\users\MIke\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-13 08:34] 2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108769527-2725615563-1048934146-1000UA.job - c:\users\MIke\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-13 08:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://tiscali.co.uk/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902} TCP: 030313630313142314736414 = 156.154.70.22,156.154.71.22 TCP: 14572756F6C6D284F64756C6 = 156.154.70.22,156.154.71.22 TCP: 244564F4E4 = 156.154.70.22,156.154.71.22 TCP: 2445F40756E6A7F6E656 = 156.154.70.22,156.154.71.22 TCP: 377796373736F6D6 = 156.154.70.22,156.154.71.22 TCP: A5978554C4 = 156.154.70.22,156.154.71.22 . - - - - ORPHANS REMOVED - - - - Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-108769527-2725615563-1048934146-1000\Software\YourCompanyName\YourProductName\Version*] "VersionData"=hex:e2,c9,d3,19,1d,de,68,b5,98,11,33,59,b6,5c,9c,45,2b,d9,BB,d0, f7,a7,f5,52,76,95,6d,e4,ec,0e,aa,81,02,f6,28,02,7c,c7,51,4f,a1,41,7b,dc,f2,\ [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\ASUS\ATK Hotkey\HControl.exe c:\windows\system32\conhost.exe c:\windows\system32\taskhost.exe c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe c:\program files\P4G\BatteryLife.exe c:\windows\system32\ASTSRV.EXE c:\program files\ASUS\ATK Hotkey\ATKOSD.exe c:\program files\ASUS\ATK Hotkey\KBFiltr.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\ASUS\ATK Hotkey\WDC.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\Alwil Software\Avast4\ashDisp.exe c:\program files\ASUS\NB Probe\SPM\spmgr.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\windows\servicing\TrustedInstaller.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\taskhost.exe . ************************************************************************** . Completion time: 2010-07-28 21:45:01 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-28 20:45 Pre-Run: 201,904,472,064 bytes free Post-Run: 201,422,614,528 bytes free - - End Of File - - E87A98F7B84E2E9894D550C11ABD3E01 See these links for more info on the situation: Relevant link 1: http://forums.malwarebytes.org/index.php?showtopic=30989&view=findpost&p=157535 Relevant link 2: http://forums.malwarebytes.org/index.php?showtopic=30989&view=findpost&p=158735 I recommend to change your security program to something more trusted, but that option is up to you. If you would like help finding a new security program, please let me know. ======= Re-running ComboFix to remove infections:
Problem solved ,backed up files etc ,reinstalled windows 7 ,there were under lying issues that are also solved nothing to do with viruses Put files and docs back on ,couple of hours back to normal job done oftrOk. Thanks for letting me know |
|
| 4738. |
Solve : Infected laptop? |
|
Answer» Hey guys, Folders Infected: Did you let Malwarebytes fix this after copying the log? If not then please update and run it again letting MBAM fix/remove that file. ---------- You have Viewpoint installed. Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". More information: * ViewMgr.exe - Useless * Viewpoint to Plunge Into Adware It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present. * Viewpoint * Viewpoint Manager * Viewpoint Media Player * Viewpoint Toolbar * Viewpoint Experience Technology ---------- Right click HijackThis and choose Run as Administrator Next select Do a system scan only Place a check mark next to the following entries: (if there)
Important: Close all open windows except for HijackThis and then click Fix checked. Once completed, exit HijackThis. ---------- Go to Start > Run and type Notepad.exe then click OK. Copy and paste the following text within the code box into the new Notepad file. Code: [Select]@ECHO OFF sc stop "CVGWULIWOJ" sc delete "CVGWULIWOJ" exit In Notepad select File and Save as Choose the Save to location to be the Desktop and for the File name: type in fixme.bat making sure that the Save as type field says All files. Next double click fixservice.bat to run it. A black box should open and close after a short time, this is normal. Do not continue until the black box has closed Delete fixservice.bat from the Desktop. ---------- If you already have ComboFix be sure to delete it and download a new copy. Download ComboFix© by sUBs from one of the below links. Be sure to save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFixAye on Malware, I had it clean all of the files that got flagged. Removed Viewpoint, and deleted both 'R1' and 'O2' with HijackThis. Notepad ran fine, then followed with ComboFix. Here's the log it generated. (Quick note, after running CF I couldn't open my internet explorer. I kept getting a message that the registry key was marked for deletion. I restarted the laptop and it opened fine. Not sure if that was expected or not but thought I'd at least mention it.) ComboFix 10-09-12.01 - Whitney 09/12/2010 14:32:48.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.921 [GMT -7:00] Running from: c:\users\Whitney\Desktop\ComboFix.exe SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((( Files Created from 2010-08-12 to 2010-09-12 ))))))))))))))))))))))))))))))) . 2010-09-12 21:45 . 2010-09-12 21:45--------d-----w-c:\users\Public\AppData\Local\temp 2010-09-12 21:45 . 2010-09-12 21:45--------d-----w-c:\users\Default\AppData\Local\temp 2010-09-11 17:20 . 2010-09-11 17:20388096----a-r-c:\users\Whitney\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-09-11 17:20 . 2010-09-11 17:20--------d-----w-c:\program files\Trend Micro 2010-09-10 18:58 . 2010-09-10 18:5863488----a-w-c:\users\Whitney\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-09-10 18:58 . 2010-09-10 18:5852224----a-w-c:\users\Whitney\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-09-10 18:58 . 2010-09-10 18:58117760----a-w-c:\users\Whitney\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-09-10 18:58 . 2010-09-10 18:58--------d-----w-c:\users\Whitney\AppData\Roaming\SUPERAntiSpyware.com 2010-09-10 18:58 . 2010-09-10 18:58--------d-----w-c:\programdata\SUPERAntiSpyware.com 2010-09-10 18:58 . 2010-09-10 18:58--------d-----w-c:\program files\SUPERAntiSpyware 2010-09-10 18:27 . 2010-09-10 18:2756---ha-w-c:\windows\system32\ezsidmv.dat 2010-09-09 03:13 . 2010-09-09 03:14--------d-----w-c:\programdata\PrevxCSI 2010-09-07 17:06 . 2010-09-07 17:06314880----a-w-c:\programdata\comsnap32.dll 2010-09-06 23:00 . 2010-09-06 22:5953632----a-w-c:\users\Whitney\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-09-06 22:59 . 2010-09-06 22:59--------d-----w-c:\programdata\Electronic Arts 2010-09-06 22:58 . 2010-09-06 22:5953632----a-w-c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-09-06 22:58 . 2010-09-06 23:00--------d-----w-c:\program files\Common Files\Adobe AIR 2010-09-06 22:56 . 2010-09-06 22:56--------d-----w-c:\program files\Electronic Arts 2010-09-06 22:45 . 2010-09-06 22:451180----a-w-c:\windows\system32\ealregsnapshot1.reg 2010-09-06 22:04 . 2010-09-06 22:04--------d-----w-c:\program files\EA Games 2010-09-06 18:04 . 2010-09-06 18:04--------d-----w-c:\programdata\Media Center Programs 2010-09-06 17:53 . 2010-09-06 17:53--------d-----w-c:\program files\Codemasters 2010-09-02 01:29 . 2010-09-02 01:29--------d-----w-c:\program files\iPod 2010-09-02 01:21 . 2010-09-02 01:2173000----a-w-c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe 2010-08-29 07:07 . 2010-08-29 07:07--------d-----w-c:\users\Whitney\AppData\Roaming\LolClient 2010-08-29 04:42 . 2008-07-31 17:4168616----a-w-c:\windows\system32\XAPOFX1_1.dll 2010-08-29 04:42 . 2008-07-31 17:40509448----a-w-c:\windows\system32\XAudio2_2.dll 2010-08-29 04:42 . 2008-07-12 15:18467984----a-w-c:\windows\system32\d3dx10_39.dll 2010-08-29 04:42 . 2008-07-12 15:181493528----a-w-c:\windows\system32\D3DCompiler_39.dll 2010-08-29 04:42 . 2008-07-12 15:183851784----a-w-c:\windows\system32\D3DX9_39.dll 2010-08-29 04:36 . 2010-08-29 04:36--------d-----w-C:\Riot Games 2010-08-27 07:03 . 2010-08-27 07:31--------d-----w-c:\program files\SWGANH Client 2010-08-27 06:32 . 2010-08-27 06:32--------d-----w-c:\users\Whitney\AppData\Local\LaunchpadEnhanced 2010-08-26 08:26 . 2010-08-27 07:05--------d-----w-C:\SWGEmu 2010-08-26 08:26 . 2010-08-26 08:26--------d-----w-c:\users\Whitney\AppData\Roaming\LPECommon 2010-08-26 08:25 . 2010-08-26 08:26--------d-----w-c:\program files\Launchpad Enhanced 2010-08-26 08:24 . 2010-09-06 22:44--------d-----w-c:\users\Whitney\AppData\Local\Downloaded Installations 2010-08-26 08:12 . 2010-08-27 07:25--------d-----w-c:\program files\StarWarsGalaxies 2010-08-25 21:27 . 2010-08-25 21:27--------d-----w-c:\program files\Sony 2010-08-19 07:31 . 2010-08-19 07:31--------d-----w-C:\$AVG 2010-08-19 07:17 . 2010-09-12 19:41--------d-----w-c:\windows\system32\drivers\Avg 2010-08-19 07:17 . 2010-08-19 07:1712536----a-w-c:\windows\system32\avgrsstx.dll 2010-08-19 07:15 . 2010-08-19 07:15216400----a-w-c:\windows\system32\drivers\avgldx86.sys 2010-08-19 07:15 . 2010-08-19 07:1529584----a-w-c:\windows\system32\drivers\avgmfx86.sys 2010-08-19 07:14 . 2010-08-19 07:14--------d-----w-c:\program files\AVG 2010-08-19 07:13 . 2010-09-09 04:29--------d-----w-c:\programdata\avg9 2010-08-19 06:51 . 2010-08-19 06:510----a-w-c:\users\Whitney\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe 2010-08-19 06:48 . 2010-08-19 17:05--------d-----w-c:\users\Whitney\AppData\Roaming\FrostWire 2010-08-17 08:43 . 2010-08-17 08:50--------d-----w-c:\program files\Spybot - Search & Destroy 2010-08-17 08:22 . 2007-11-07 02:151140056------w-c:\programdata\HP\Installer\Temp\hpzmsi01.exe 2010-08-16 17:00 . 2010-08-16 17:00--------d-----w-c:\program files\Common Files\Skype . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-12 21:24 . 2007-06-27 03:02--------d-----w-c:\programdata\Viewpoint 2010-09-12 19:43 . 2008-02-19 03:31--------d-----w-c:\users\Whitney\AppData\Roaming\Skype 2010-09-12 19:43 . 2008-02-19 03:33--------d-----w-c:\users\Whitney\AppData\Roaming\skypePM 2010-09-11 06:11 . 2007-04-19 19:43--------d-----w-c:\program files\Common Files\Java 2010-09-11 06:11 . 2007-04-19 19:43--------d-----w-c:\program files\Java 2010-09-10 18:55 . 2008-01-01 01:17--------d-----w-c:\programdata\Spybot - Search & Destroy 2010-09-08 07:30 . 2009-07-08 07:06--------d-----w-c:\program files\Microsoft Silverlight 2010-09-06 22:57 . 2007-04-19 18:17--------d--h--w-c:\program files\InstallShield Installation Information 2010-09-06 18:18 . 2010-01-07 20:20--------d-----w-c:\program files\AGEIA Technologies 2010-09-06 18:18 . 2010-01-07 20:20--------d-----w-c:\program files\Common Files\Wise Installation Wizard 2010-09-06 18:06 . 2010-01-07 20:36107888----a-w-c:\windows\system32\CmdLineExt.dll 2010-09-02 01:30 . 2010-06-28 03:33--------d-----w-c:\program files\iTunes 2010-09-02 01:28 . 2007-09-21 02:35--------d-----w-c:\program files\Common Files\Apple 2010-08-30 02:28 . 2010-08-30 02:280----a-w-c:\users\Whitney\AppData\Roaming\E337.tmp 2010-08-30 02:28 . 2010-08-30 02:280----a-w-c:\users\Whitney\AppData\Roaming\E336.tmp 2010-08-29 04:00 . 2008-12-29 05:09--------d-----w-c:\programdata\PMB Files 2010-08-22 09:52 . 2010-08-22 09:520----a-w-c:\users\Whitney\AppData\Roaming\5022.tmp 2010-08-21 03:44 . 2010-08-21 03:440----a-w-c:\users\Whitney\AppData\Roaming\2043.tmp 2010-08-21 03:44 . 2010-08-21 03:440----a-w-c:\users\Whitney\AppData\Roaming\1F39.tmp 2010-08-18 15:10 . 2009-01-08 08:57--------d-----w-c:\program files\Malwarebytes' Anti-Malware 2010-08-16 17:00 . 2008-02-19 03:30--------d-----r-c:\program files\Skype 2010-08-16 17:00 . 2008-02-19 03:30--------d-----w-c:\programdata\Skype 2010-08-13 10:03 . 2007-04-19 18:46--------d-----w-c:\programdata\Microsoft Help 2010-08-13 10:02 . 2006-11-02 11:18--------d-----w-c:\program files\Windows Mail 2010-08-05 21:04 . 2010-03-22 05:51765952----a-w-c:\programdata\NexonUS\NGM\NGMDll.dll 2010-08-05 16:52 . 2007-04-19 18:14--------d-----w-c:\program files\Hewlett-Packard 2010-07-17 12:00 . 2010-06-28 04:47423656----a-w-c:\windows\system32\deployJava1.dll 2010-06-27 20:49 . 2007-09-23 00:31680----a-w-c:\users\Whitney\AppData\Local\d3d9caps.dat 2010-06-26 06:05 . 2010-08-12 22:17916480----a-w-c:\windows\system32\wininet.dll 2010-06-26 06:02 . 2010-08-12 22:1771680----a-w-c:\windows\system32\iesetup.dll 2010-06-26 06:02 . 2010-08-12 22:17109056----a-w-c:\windows\system32\iesysprep.dll 2010-06-26 04:25 . 2010-08-12 22:17133632----a-w-c:\windows\system32\ieUnatt.exe 2010-06-21 13:37 . 2010-08-12 22:172037760----a-w-c:\windows\system32\win32k.sys 2010-06-18 17:31 . 2010-08-12 22:1736864----a-w-c:\windows\system32\rtutils.dll 2010-06-18 15:04 . 2010-08-12 22:17302080----a-w-c:\windows\system32\drivers\srv.sys 2010-06-18 15:04 . 2010-08-12 22:17144896----a-w-c:\windows\system32\drivers\srv2.sys 2010-06-16 16:04 . 2010-08-12 22:17905088----a-w-c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-22 2937528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 154392] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 133912] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744] "HostManager"="c:\program files\Common Files\AOL\1182913076\ee\AOLSoftware.exe" [2006-09-26 50736] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-13 517768] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-19 2065760] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128] c:\users\Whitney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 AhnRptTfFRegFNT;AhnRptTfFRegFNT;c:\users\Whitney\AppData\Local\Temp\nsb66F5.tmp\TfFRegNt.sys R3 CVGWULIWOJ;CVGWULIWOJ;c:\users\Whitney\AppData\Local\Temp\CVGWULIWOJ.exe R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-19 216400] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-19 308136] S2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 1213728] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonationREG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder 2010-08-24 c:\windows\Tasks\HPCeeScheduleForWhitney.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-19 21:23] 2010-09-12 c:\windows\Tasks\User_Feed_Synchronization-{B03C6987-6114-4E67-AC33-138A9BE347B4}.job - c:\windows\system32\msfeedssync.exe [2010-08-12 04:24] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.hotmail.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = ;*.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-12 14:46 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\users\Whitney\AppData\Local\Temp\catchme.dll 53248 bytes executable scan completed successfully hidden files: 1 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-141832275-3565902227-3691053196-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:3b,17,8f,e3,71,c2,6e,70,b4,80,33,b5,11,0a,d4,4d,48,8d,aa,1e,18,09,21, 8a,6b,57,89,24,26,5d,93,8e,99,5c,ff,ed,74,b8,da,8f,8d,04,3e,23,96,94,f7,81,\ "??"=hex:ec,5c,64,33,3e,25,07,8d,a9,be,f0,f5,44,b0,15,dd [HKEY_USERS\S-1-5-21-141832275-3565902227-3691053196-1000\Software\SecuROM\License information*] "datasecu"=hex:a0,e1,d1,53,4b,89,9f,98,77,58,f3,6d,69,ff,51,57,6b,0a,4d,03,be, 42,a4,76,1e,bb,80,62,20,c3,3c,ee,30,2a,42,87,c7,7e,e6,6b,a9,7a,f9,70,ed,52,\ "rkeysecu"=hex:95,15,48,c9,66,df,77,db,9c,3e,96,07,b9,3c,d8,c6 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2010-09-12 14:52:55 ComboFix-quarantined-files.txt 2010-09-12 21:52 ComboFix2.txt 2010-09-10 17:37 Pre-Run: 45,583,073,280 bytes free Post-Run: 45,608,779,776 bytes free - - End Of File - - D7A113FCC84205E008893F651D4BF1C5 Quote from: Seer98 on September 12, 2010, 03:43:34 PM (Quick note, after running CF I couldn't open my internet explorer. I kept getting a message that the registry key was marked for deletion. I restarted the laptop and it opened fine. Not sure if that was expected or not but thought I'd at least mention it.) No problem. As long as the process was completed on the next restart. Scan Suspicious File(s) Please go to VirusTotal.com (If more than one file needs scanned they must be done separately and logs posted for each one) 1. Copy the file path in the below Code box: Code: [Select]c:\programdata\comsnap32.dll 2. At the upload site, click once inside the window next to Browse. 3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window. 4. Next click Send File Your file will possibly be entered into a queue which normally takes less than a minute to clear. This will perform a scan across multiple different virus scanning engines. Important: Wait for all of the scanning engines to complete. 5. Copy and then Paste the link to the results in the next reply. Important! If you get a page that says 'File has already been analysed' in the results then you will need to click the 'Show last report' button to get new scan results. Also see if you can scan this file at VirusTotal and post the link to the results back here. Code: [Select]c:\users\Whitney\AppData\Roaming\E337.tmp ---------- Please go to Start and copy/paste the following blue text in the search box, then press Enter: C:\QooBox\Add-Remove Programs.txt A text file should open. Please post the contents of that file in your next reply. Link for results of comsnap32.dll: http://www.virustotal.com/file-scan/report.html?id=f898e4f983b6e124e5c9079fa748edb83675fa1a3390edf0a792135be0019722-1284330475 ---------- Tried to scan E337.tmp but VirusTotal wouldn't give me an analysis of it. ---------- QooBox info: 32 Bit HP CIO Components Installer 4500_Help Activation Assistant for the 2007 Microsoft Office suites ActiveCheck component for HP Active Support Library Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe AIR Adobe Flash Player 10 ActiveX Adobe Reader 8.1.2 Adobe Reader 8.1.2 Security Update 1 (KB403742) Adobe Shockwave Player AOL Uninstaller (Choose which Products to Remove) Apple Application Support Apple Mobile Device Support Apple Software Update AudibleManager AVG Free 9.0 Bonjour BPD_HPSU bpd_scan BPDSoftware BPDSoftware_Ini BufferChm Clive Barker's Jericho Conexant HD Audio CustomerResearchQFolder Destination Component DeviceDiscovery DeviceManagementQFolder DocMgr DocProc DocProcQFolder Download Updater (AOL LLC) EA Download Manager EA Download Manager UI ESU for Microsoft Vista eSupportQFolder Fax GPBaseService GPBaseService2 HDAUDIO Soft Data Fax Modem with SmartCP HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hoyle Board Games 4 Hoyle Card Games 4 HP Active Support Library HP Active Support Library 32 bit components HP Customer Experience Enhancements HP Customer Participation Program 10.0 HP Doc Viewer HP Document Manager 1.0 HP Easy Setup - Frontend HP Help and Support HP Imaging Device Functions 10.0 HP Officejet J4500 Series HP Photosmart Essential 2.5 HP Quick Launch Buttons 6.20 B1 HP QuickPlay 3.2 HP Smart Web Printing HP Solution Center 13.0 HP Total Care Advisor HP Update HP User Guides 0082 HP Wireless Assistant HPAsset component for HP Active Support Library HPNetworkAssistant HPProductAssistant Intel(R) Graphics Media Accelerator Driver iTunes J4500 Japanese Fonts Support For Adobe Reader 8 Java Auto Updater Java(TM) 6 Update 2 Java(TM) 6 Update 21 Java(TM) 6 Update 5 Java(TM) 6 Update 7 Java(TM) SE Runtime Environment 6 Junk Mail FILTER update Launchpad Enhanced League of Legends LightScribe 1.4.136.1 LiveUpdate Notice (Symantec Corporation) Malwarebytes' Anti-Malware MapleStory MarketResearch Mercenaries 2: World in Flames(tm) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable MobileMe Control Panel MSCU for Microsoft Vista MSVCRT MSVCSetup MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) My HP Games NVIDIA PhysX v8.08.18 OCR Software by I.R.I.S. 10.0 OGA Notifier 2.0.0048.0 Pando Media Booster ProductContext PSSWCORE QuickTime Qwest Installer Qwest QuickAssist Desktop Tools Rhapsody Player Engine Roxio Activation Module Roxio Creator Audio Roxio Creator Basic v9 Roxio Creator Copy Roxio Creator Data Roxio Creator EasyArchive Roxio Creator Tools Roxio MyDVD Basic v9 RTC Client API v1.2 Safari Scan Security Update for 2007 Microsoft Office System (KB2277947) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for 2007 Microsoft Office System (KB982312) Security Update for 2007 Microsoft Office System (KB982331) Security Update for CAPICOM (KB931906) Security Update for Microsoft Office Excel 2007 (KB982308) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2251419) Skype Toolbars Skype™ 4.2 SmartWebPrintingOC SolutionCenter Spybot - Search & Destroy Star Wars Galaxies Station Launcher Status SUPERAntiSpyware Synaptics Pointing Device Driver Toolbox TrayApp Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VideoLAN VLC media player 0.8.6f VideoToolkit01 WebReg Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool WinRAR archiver Go to Add or Remove Programs (Programs and Features) and uninstall: LiveUpdate Notice (Symantec Corporation) Java(TM) 6 Update 2 Java(TM) 6 Update 5 Java(TM) 6 Update 7 Java(TM) SE Runtime Environment 6 ->> Do not uninstall Java(TM) 6 Update 21 ---------- 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: Driver:: AhnRptTfFRegFNT CVGWULIWOJ File:: c:\programdata\comsnap32.dll c:\users\Whitney\AppData\Local\Temp\CVGWULIWOJ.exe c:\users\Whitney\AppData\Roaming\E337.tmp c:\users\Whitney\AppData\Roaming\E336.tmp c:\users\Whitney\AppData\Roaming\5022.tmp c:\users\Whitney\AppData\Roaming\2043.tmp c:\users\Whitney\AppData\Roaming\1F39.tmp Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze ---------- Also let me know how the computer is running now?ComboFix Log: ComboFix 10-09-12.03 - Whitney 09/13/2010 3:03.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1109 [GMT -7:00] Running from: c:\users\Whitney\Desktop\ComboFix.exe Command switches used :: c:\users\Whitney\Desktop\CFScript.txt SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FILE :: "c:\programdata\comsnap32.dll" "c:\users\Whitney\AppData\Local\Temp\CVGWULIWOJ.exe" "c:\users\Whitney\AppData\Roaming\1F39.tmp" "c:\users\Whitney\AppData\Roaming\2043.tmp" "c:\users\Whitney\AppData\Roaming\5022.tmp" "c:\users\Whitney\AppData\Roaming\E336.tmp" "c:\users\Whitney\AppData\Roaming\E337.tmp" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\comsnap32.dll c:\users\Whitney\AppData\Roaming\1F39.tmp c:\users\Whitney\AppData\Roaming\2043.tmp c:\users\Whitney\AppData\Roaming\5022.tmp c:\users\Whitney\AppData\Roaming\E336.tmp c:\users\Whitney\AppData\Roaming\E337.tmp . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_AHNRPTTFFREGFNT -------\Service_AhnRptTfFRegFNT -------\Service_CVGWULIWOJ ((((((((((((((((((((((((( Files Created from 2010-08-13 to 2010-09-13 ))))))))))))))))))))))))))))))) . 2010-09-13 10:15 . 2010-09-13 10:21--------d-----w-c:\users\Whitney\AppData\Local\temp 2010-09-13 10:15 . 2010-09-13 10:15--------d-----w-c:\users\Public\AppData\Local\temp 2010-09-13 10:15 . 2010-09-13 10:15--------d-----w-c:\users\Default\AppData\Local\temp 2010-09-11 17:20 . 2010-09-11 17:20--------d-----w-c:\program files\Trend Micro 2010-09-10 18:58 . 2010-09-10 18:58--------d-----w-c:\users\Whitney\AppData\Roaming\SUPERAntiSpyware.com 2010-09-10 18:58 . 2010-09-10 18:58--------d-----w-c:\programdata\SUPERAntiSpyware.com 2010-09-10 18:58 . 2010-09-10 18:58--------d-----w-c:\program files\SUPERAntiSpyware 2010-09-10 18:27 . 2010-09-10 18:2756---ha-w-c:\windows\system32\ezsidmv.dat 2010-09-09 03:13 . 2010-09-09 03:14--------d-----w-c:\programdata\PrevxCSI 2010-09-06 22:59 . 2010-09-06 22:59--------d-----w-c:\programdata\Electronic Arts 2010-09-06 22:58 . 2010-09-06 23:00--------d-----w-c:\program files\Common Files\Adobe AIR 2010-09-06 22:56 . 2010-09-06 22:56--------d-----w-c:\program files\Electronic Arts 2010-09-06 22:45 . 2010-09-06 22:451180----a-w-c:\windows\system32\ealregsnapshot1.reg 2010-09-06 22:04 . 2010-09-06 22:04--------d-----w-c:\program files\EA Games 2010-09-06 18:04 . 2010-09-06 18:04--------d-----w-c:\programdata\Media Center Programs 2010-09-06 17:53 . 2010-09-06 17:53--------d-----w-c:\program files\Codemasters 2010-09-02 01:29 . 2010-09-02 01:29--------d-----w-c:\program files\iPod 2010-08-29 07:07 . 2010-08-29 07:07--------d-----w-c:\users\Whitney\AppData\Roaming\LolClient 2010-08-29 04:42 . 2008-07-31 17:4168616----a-w-c:\windows\system32\XAPOFX1_1.dll 2010-08-29 04:42 . 2008-07-31 17:40509448----a-w-c:\windows\system32\XAudio2_2.dll 2010-08-29 04:42 . 2008-07-12 15:18467984----a-w-c:\windows\system32\d3dx10_39.dll 2010-08-29 04:42 . 2008-07-12 15:181493528----a-w-c:\windows\system32\D3DCompiler_39.dll 2010-08-29 04:42 . 2008-07-12 15:183851784----a-w-c:\windows\system32\D3DX9_39.dll 2010-08-29 04:36 . 2010-08-29 04:36--------d-----w-C:\Riot Games 2010-08-27 07:03 . 2010-08-27 07:31--------d-----w-c:\program files\SWGANH Client 2010-08-27 06:32 . 2010-08-27 06:32--------d-----w-c:\users\Whitney\AppData\Local\LaunchpadEnhanced 2010-08-26 08:26 . 2010-08-27 07:05--------d-----w-C:\SWGEmu 2010-08-26 08:26 . 2010-08-26 08:26--------d-----w-c:\users\Whitney\AppData\Roaming\LPECommon 2010-08-26 08:25 . 2010-08-26 08:26--------d-----w-c:\program files\Launchpad Enhanced 2010-08-26 08:24 . 2010-09-06 22:44--------d-----w-c:\users\Whitney\AppData\Local\Downloaded Installations 2010-08-26 08:12 . 2010-08-27 07:25--------d-----w-c:\program files\StarWarsGalaxies 2010-08-25 21:27 . 2010-08-25 21:27--------d-----w-c:\program files\Sony 2010-08-19 07:31 . 2010-08-19 07:31--------d-----w-C:\$AVG 2010-08-19 07:17 . 2010-09-13 01:58--------d-----w-c:\windows\system32\drivers\Avg 2010-08-19 07:17 . 2010-08-19 07:1712536----a-w-c:\windows\system32\avgrsstx.dll 2010-08-19 07:15 . 2010-08-19 07:15216400----a-w-c:\windows\system32\drivers\avgldx86.sys 2010-08-19 07:15 . 2010-08-19 07:1529584----a-w-c:\windows\system32\drivers\avgmfx86.sys 2010-08-19 07:14 . 2010-08-19 07:14--------d-----w-c:\program files\AVG 2010-08-19 07:13 . 2010-09-09 04:29--------d-----w-c:\programdata\avg9 2010-08-19 06:48 . 2010-08-19 17:05--------d-----w-c:\users\Whitney\AppData\Roaming\FrostWire 2010-08-17 08:43 . 2010-08-17 08:50--------d-----w-c:\program files\Spybot - Search & Destroy 2010-08-16 17:00 . 2010-08-16 17:00--------d-----w-c:\program files\Common Files\Skype . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-13 09:51 . 2007-04-19 18:30--------d-----w-c:\programdata\Symantec 2010-09-13 09:51 . 2007-04-19 18:30--------d-----w-c:\program files\Common Files\Symantec Shared 2010-09-13 09:49 . 2007-04-19 19:43--------d-----w-c:\program files\Java 2010-09-13 09:49 . 2007-04-19 19:43--------d-----w-c:\program files\Common Files\Java 2010-09-13 09:46 . 2008-02-19 03:31--------d-----w-c:\users\Whitney\AppData\Roaming\Skype 2010-09-13 09:44 . 2008-02-19 03:33--------d-----w-c:\users\Whitney\AppData\Roaming\skypePM 2010-09-12 21:24 . 2007-06-27 03:02--------d-----w-c:\programdata\Viewpoint 2010-09-11 17:20 . 2010-09-11 17:20388096----a-r-c:\users\Whitney\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-09-10 18:58 . 2010-09-10 18:5863488----a-w-c:\users\Whitney\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-09-10 18:58 . 2010-09-10 18:5852224----a-w-c:\users\Whitney\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-09-10 18:58 . 2010-09-10 18:58117760----a-w-c:\users\Whitney\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-09-10 18:55 . 2008-01-01 01:17--------d-----w-c:\programdata\Spybot - Search & Destroy 2010-09-08 07:30 . 2009-07-08 07:06--------d-----w-c:\program files\Microsoft Silverlight 2010-09-06 22:59 . 2010-09-06 23:0053632----a-w-c:\users\Whitney\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-09-06 22:59 . 2010-09-06 22:5853632----a-w-c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-09-06 22:57 . 2007-04-19 18:17--------d--h--w-c:\program files\InstallShield Installation Information 2010-09-06 18:18 . 2010-01-07 20:20--------d-----w-c:\program files\AGEIA Technologies 2010-09-06 18:18 . 2010-01-07 20:20--------d-----w-c:\program files\Common Files\Wise Installation Wizard 2010-09-06 18:06 . 2010-01-07 20:36107888----a-w-c:\windows\system32\CmdLineExt.dll 2010-09-02 01:30 . 2010-06-28 03:33--------d-----w-c:\program files\iTunes 2010-09-02 01:28 . 2007-09-21 02:35--------d-----w-c:\program files\Common Files\Apple 2010-09-02 01:21 . 2010-09-02 01:2173000----a-w-c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe 2010-08-29 04:00 . 2008-12-29 05:09--------d-----w-c:\programdata\PMB Files 2010-08-19 06:51 . 2010-08-19 06:510----a-w-c:\users\Whitney\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe 2010-08-18 15:10 . 2009-01-08 08:57--------d-----w-c:\program files\Malwarebytes' Anti-Malware 2010-08-16 17:00 . 2008-02-19 03:30--------d-----r-c:\program files\Skype 2010-08-16 17:00 . 2008-02-19 03:30--------d-----w-c:\programdata\Skype 2010-08-13 10:03 . 2007-04-19 18:46--------d-----w-c:\programdata\Microsoft Help 2010-08-13 10:02 . 2006-11-02 11:18--------d-----w-c:\program files\Windows Mail 2010-08-05 21:04 . 2010-03-22 05:51765952----a-w-c:\programdata\NexonUS\NGM\NGMDll.dll 2010-08-05 16:52 . 2007-04-19 18:14--------d-----w-c:\program files\Hewlett-Packard 2010-07-17 12:00 . 2010-06-28 04:47423656----a-w-c:\windows\system32\deployJava1.dll 2010-06-27 20:49 . 2007-09-23 00:31680----a-w-c:\users\Whitney\AppData\Local\d3d9caps.dat 2010-06-26 06:05 . 2010-08-12 22:17916480----a-w-c:\windows\system32\wininet.dll 2010-06-26 06:02 . 2010-08-12 22:1771680----a-w-c:\windows\system32\iesetup.dll 2010-06-26 06:02 . 2010-08-12 22:17109056----a-w-c:\windows\system32\iesysprep.dll 2010-06-26 04:25 . 2010-08-12 22:17133632----a-w-c:\windows\system32\ieUnatt.exe 2010-06-21 13:37 . 2010-08-12 22:172037760----a-w-c:\windows\system32\win32k.sys 2010-06-18 17:31 . 2010-08-12 22:1736864----a-w-c:\windows\system32\rtutils.dll 2010-06-18 15:04 . 2010-08-12 22:17302080----a-w-c:\windows\system32\drivers\srv.sys 2010-06-18 15:04 . 2010-08-12 22:17144896----a-w-c:\windows\system32\drivers\srv2.sys 2010-06-16 16:04 . 2010-08-12 22:17905088----a-w-c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-22 2937528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 154392] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 133912] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744] "HostManager"="c:\program files\Common Files\AOL\1182913076\ee\AOLSoftware.exe" [2006-09-26 50736] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-19 2065760] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128] c:\users\Whitney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-19 216400] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-19 308136] S2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 1213728] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonationREG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder 2010-08-24 c:\windows\Tasks\HPCeeScheduleForWhitney.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-19 21:23] 2010-09-13 c:\windows\Tasks\User_Feed_Synchronization-{B03C6987-6114-4E67-AC33-138A9BE347B4}.job - c:\windows\system32\msfeedssync.exe [2010-08-12 04:24] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.hotmail.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = ;*.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab . - - - - ORPHANS REMOVED - - - - HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-141832275-3565902227-3691053196-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:3b,17,8f,e3,71,c2,6e,70,b4,80,33,b5,11,0a,d4,4d,48,8d,aa,1e,18,09,21, 8a,6b,57,89,24,26,5d,93,8e,99,5c,ff,ed,74,b8,da,8f,8d,04,3e,23,96,94,f7,81,\ "??"=hex:ec,5c,64,33,3e,25,07,8d,a9,be,f0,f5,44,b0,15,dd [HKEY_USERS\S-1-5-21-141832275-3565902227-3691053196-1000\Software\SecuROM\License information*] "datasecu"=hex:a0,e1,d1,53,4b,89,9f,98,77,58,f3,6d,69,ff,51,57,6b,0a,4d,03,be, 42,a4,76,1e,bb,80,62,20,c3,3c,ee,30,2a,42,87,c7,7e,e6,6b,a9,7a,f9,70,ed,52,\ "rkeysecu"=hex:95,15,48,c9,66,df,77,db,9c,3e,96,07,b9,3c,d8,c6 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\AOL\ACS\AOLAcsd.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\DRIVERS\xaudio.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe c:\program files\AVG\AVG9\avgtray.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE c:\windows\ehome\ehmsas.exe c:\windows\system32\igfxsrvc.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\program files\Hewlett-Packard\HP Advisor\SSDK04.exe c:\windows\system32\WUDFHost.exe . ************************************************************************** . Completion time: 2010-09-13 03:32:01 - machine was rebooted ComboFix-quarantined-files.txt 2010-09-13 10:31 ComboFix2.txt 2010-09-12 21:52 ComboFix3.txt 2010-09-10 17:37 Pre-Run: 44,194,054,144 bytes free Post-Run: 49,908,961,280 bytes free - - End Of File - - F2A8F3FFDCC5B4947CB8CCA6246E4064 ---------- Comps running a little faster, and the net doesn't seem to be thinking about every little thing before loading By the by, sorry for the late reply. Went out with some friends then was too tired when I got home to post.* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box. * Now type Combofix /Uninstall in the runbox * Make sure there's a SPACE between Combofix and /Uninstall * Then hit Enter * Let ComboFix finish uninstalling. ---------- Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ---------- ESET Online Scan Scan your computer with the ESET FREE Online Virus Scan * Click the ESET Online Scanner button. * For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) * Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop * Double click on the esetsmartinstaller_enu.exe icon on your desktop. * Place a check mark next to YES, I accept the Terms of Use. * Click the Start button. * Accept any security warnings from your browser. * Leave the check mark next to Remove found threats and place a check next to Scan archives. * Click the Start button. * ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time. * When the scan completes, click List of found threats. * Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply. * Click the <<Back button then click Finish. In your next reply please include the ESET Online Scan Log (Sorry for the delay in reply. Got called in for doubleshifts at work) After running ESET, it gave me a "No Threats Found" message and closed without giving me a log.If there are no more malware issues we can finish up now. Use the Secunia Software Inspector to check for out of date software. * Click Start Scanner * Check the box next to Enable thorough system inspection. * Click Start * Allow the scan to finish and scroll down to see if any updates are needed. * Update anything listed. You can also download and use the Secunia Personal Software Inspector (PSI) which is FREE for Home Users. This will allow Secunia to run in real time and alert you to potential security threats from outdated software installed on your computer. ---------- Go to Microsoft Windows Update and get all critical updates. ---------- If you are using or have installed IE6 you are using an outdated and soon to be unsupported version of Internet Explorer and I strongly suggest you update to the latest version directly from Microsoft Internet Explorer 8: Home page. ---------- I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan. I also suggest keeping CCleaner Slim. It is an excellent and safe disk cleaner. Running CCleaner on a daily basis helps to protect your privacy and make your computer faster and more secure. I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. * Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 4739. |
Solve : Sony pc problem how much will it cost to fix problem? |
|
Answer» Hi I just downloaded a program for my droid and I ran the program in my pc and it SHUTDOWN completly and won't TURN on anymore or even CHARGE can anyone tell me where I can fix it please! Thank you! |
|
| 4740. |
Solve : how can i get rid off RECYCLER and $RECYCLER? |
|
Answer» hi |
|
| 4741. |
Solve : IE pop-ups? |
|
Answer» Hey folks, |
|
| 4742. |
Solve : Rouge/Trojan? |
|
Answer» That looks good. If there are no other issues, let's do some clean-up Does this mean I should disable the windows xp firewall? If so, I don't know how to do that.If you're using a third-party firewall, Windows firewall should be disabled. Go to the Control Panel and click on Windows Firewall and turn it off.Great, then once again thanks for helping me out. |
|
| 4743. |
Solve : read this before requesting...? |
|
Answer» I followed all instructions on this feed, have AVG free 8.5, comodo firewall, and here are the logs, please let me know if you see anything else that I need to do, things seem to be working OK, just a little slower maybe. |
|
| 4744. |
Solve : Help reqd with DownloaderTiny.BB infection please? |
|
Answer» Quote With regards the new scans, do I have to disable the Resident shields again?No. You don't have to disable them. Just be sure that they are not scanning when you run GMER. Quote Is the PC (when connected to the net) sending spam or doing anything else which will cause my ISP an ISSUE which could LEAD to them terminating the service?There is no evidence that is happening. Quote but I was very disheartened when the washing powder ad started again. I noticed that you have TVU Player on your computer. Is it possible that is what's causing this? The next time the ad starts again, go into Task Manager (CTRL + ALT + DELETE ) and check under processes to see if it's running. Hi Dave, Please see the Security Check log as requested. Should I be worried re the: (Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)[/b][/color])? Results of screen317's Security Check version 0.99.4 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! AVG Free 8.5 OneCare Advisor (Windows Live Toolbar) EasyOffice+PDF+AntiVirus a-squared free 1.5.1 Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Out of date Spybot installed! Malwarebytes' Anti-Malware Java(TM) 6 Update 15 Java(TM) SE Runtime Environment 6 Update 1 Out of date Java installed! Adobe Flash Player 10.0.32.18 Adobe Reader 7.0 Out of date Adobe Reader installed! ```````````````````````````````` Process Check: objlist.exe by Laurent AVG avgwdsvc.exe AVG avgtray.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe ```````````````````````````````` DNS Vulnerability Check: Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?) ``````````End of Log````````````Quote Should I be worried re the:No. It appears that you're running more than one Anti-Virus program on your computer which is a no-no. AVG Free 8.5 which is outdated and EasyOffice+PDF+AntiVirus which appears to be updated. One will have to be disabled. Update Your Java (JRE) Old versions of Java have vulnerabilities that malware can use to infect your system. First Verify your Java Version If there are any other version(s) installed then update now. Get the new version (if needed) If your version is out of date install the newest version of the Sun Java Runtime Environment. Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update. Be sure to CLOSE ALL open web browsers before starting the installation. Remove any old versions 1. Download JavaRa and unzip the file to your Desktop. 2. Open JavaRA.exe and choose Remove Older Versions 3. Once complete exit JavaRA. 4. Run CCleaner. Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > ADVANCED > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and REBOOT your computer. ================================== Please download the newest version of Adobe Acrobat Reader from Adobe.com Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable. Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7). Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them. Once old versions are gone, please install the newest version. ============================== After doing the above, please run GMER as described in Reply #13 and post the logs.Hi Dave, Further to your last reply please see GMER log taken yesterday: GMER states it has detected rootkit activity and lists process 1968/3980/4052 in red, for whatever reason. With regards the immensely irritating audio adverts for washing powder and toothpaste which ran constantly, I have uninstalled flash player and flash ActiveX control, which has cured the problem, although not the root cause of course. The only audio interference now is irregular clicking. The full page pop-ups have also stopped since removing the flash player. Curiously I am still able to use YouTube so Im not sure what the point of the Flash player was/is. I have decided not to reinstall Adobe Reader. Would I be able to uninstall IE8 and still be able to access Chrome? I have a feeling part of the issue relates to the Internet Explorer, so I'm wondering if I could uninstall then perhaps re-install at a later date. The GMER scan was running for four hours so I hope it's what you want, if not please advise. Thanks in anticipation. GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-07-31 12:10:01 Windows 5.1.2600 Service Pack 3 Running: gmer.exe; Driver: C:\DOCUME~1\Phil\LOCALS~1\Temp\agtdqpod.sys ---- Kernel code sections - GMER 1.0.15 ---- init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xB9404900] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1968] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1968] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1968] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1968] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1968] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1968] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1968] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1968] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1968] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1968] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1968] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1968] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1968] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1968] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3980] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3980] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3980] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3980] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3980] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3980] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3980] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3980] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3980] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4052] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4052] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4052] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4052] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4052] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4052] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4052] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4052] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4052] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4052] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4052] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4052] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4052] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4052] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [611390DD] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [611390A5] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1372] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[1968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[4052] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Processes - GMER 1.0.15 ---- Process C:\Program Files\Internet Explorer\IEXPLORE.EXE (*** hidden *** ) 1968 Process C:\Program Files\Internet Explorer\IEXPLORE.EXE (*** hidden *** ) 3980 Process C:\Program Files\Internet Explorer\IEXPLORE.EXE (*** hidden *** ) 4052 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{00142B4A-0944-DA36-84AB-800768B60C5D}\[emailprotected] C:\WINDOWS\system32\oleacc.dll Reg HKLM\SOFTWARE\Classes\CLSID\{00142B4A-0944-DA36-84AB-800768B60C5D}\[emailprotected] Both ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\Temp\~DF5AB8.tmp 0 bytes File C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C123D530-9C97-11DF-8801-00016CAC2967}.dat 4608 bytes File C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C123D531-9C97-11DF-8801-00016CAC2967}.dat 4608 bytes File C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CA50417A-9C97-11DF-8801-00016CAC2967}.dat 4608 bytes File C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F259DED8-9C97-11DF-8801-00016CAC2967}.dat 4608 bytes File C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F259DED9-9C97-11DF-8801-00016CAC2967}.dat 4608 bytes File C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FB70D5F8-9C97-11DF-8801-00016CAC2967}.dat 4608 bytes File C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{091082F4-9C9C-11DF-8801-00016CAC2967}.dat 4608 bytes Quote Would I be able to uninstall IE8 and still be able to access Chrome?I wouldn't think so. Perhaps you could ask on our software forum. Quote have a feeling part of the issue relates to the Internet Explorer, so I'm wondering if I could uninstall then perhaps re-install at a later date.I really don't think you can uninstall IE but you can try. Control Panel, Add/Remove Programs, Add/Remove Window components. Is that the whole GMER log? * Download the following tool: RootRepeal - Rootkit Detector * Direct download link is here: RootRepeal.zip * Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan. * Click this link to see a list of such programs and how to disable them. * Extract the program file to a new folder such as C:\RootRepeal * Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button. * Select ALL of the checkboxes and then click OK and it will start scanning your system. * If you have multiple drives you only need to check the C: drive or the one Windows is installed on. * When done, click on Save Report * Save it to the same location where you ran it from, such as C:RootRepeal * Save it as rootrepeal.txt * Then open that log and select all and copy/paste it back on your next reply please. * Close RootRepeal. |
|
| 4745. |
Solve : i need help asap? |
|
Answer» i have a friend i can slave my harddrive too but he thinks my harddrive will INFECT his i told him to slave it and format it for me .. As long as he doesnt open it , he should be fine? and thanks i go check and look for a cord to do the slavingQuote from: icemeetsfire on September 11, 2010, 08:53:20 PM i have a friend i can slave my harddrive too but he thinks my harddrive will infect his i told him to slave it and format it for me .. As long as he doesnt open it , he should be fine? and thanks i go check and look for a cord to do the slaving Wha? Your trying to install his infected Hard drive with your hard drive?... I assume the cord you are looking for is a SATA cable? As for infecting a computer, I don't think it will infect your computer if you put the infected drive as secondary/slave only because the virus is program to run as the computer is loading its stuff, but since the virus is on a drive that does not run any process or applications its just consider a "storage/second drive". Are you putting it as secondary because of backing up and retrieving files like documents/pictures etc? If not you can just format the computer easily by putting in your installation CD, (will need to SET up to boot CD first in the Bios) then Install a new copy of Windows.. Cheap and easy way to do it is to delete your partion, then install on a blank drive. It will ask you to format and just hit yes. If you have recovery CD its even better because it will wipe and install everything back to factory with bloatware instead How badly infected is it? Gonna read your post.its really bad.... cd rom drive wont read the cd or boot up it wont do the normal beep after u boot it up and it hangs on black screen with flashing underlineQuote from: Windows98 on September 11, 2010, 09:30:04 PM How badly infected is it? Gonna read your post.Always best to read the post BEFORE making a comment!! me thinks To icemeetsfire, just do what SuperDave suggested. He's a virus / malware specialist and would not tell you to do something that would damage somebody else's machineQuote i have a friend i can slave my harddrive too but he thinks my harddrive will infect his i told him to slave it and format it for me .. As long as he doesnt open it , he should be fine? and thanks i go check and look for a cord to do the slaving As long as he stays away from the system files, his computer should be safe. As I mentioned before, as soon as your harddrive is slaved to his computer, he should first run and scan on the harddrive using his up-to-dated Anti-Virus program. Then he can also USE MRT which should be already installed on his computer. (CLICK START, Run and type in mrt.exe) Next he should download SAS and MBAM and run a scan with that. If these scans find any malware, perhaps you could reinstall the harddrive in your computer and see if it will boot. The whole reason why we're doing this is to clean out whatever malware that could be stoping your computer from booting.I havent done anything you told me yet... I will as soon as i get the stuff to do it |
|
| 4746. |
Solve : Unsure if this is a virus or not? |
|
Answer» Hi Dave, but I am still having the iexplore.com running in the background,Do you mean that IE is opening by itself? SysProt Antirootkit Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors). http://sites.google.com/site/sysprotantirootkit/ Unzip it into a folder on your desktop.
extracted to. Open the text file and copy/paste the log here. [/list] Hi Dave, Yes the problem continues. Let me explain again because I don't think I explained well the first time. Internet Explorer seems to be running by itself. I don't see it on the taskbar, but I hear the telltail "click" sound of a window opening every few MINUTES. Also, every 5 seconds whatever I'm working on becomes de-selected -- as if the computer is returning by itself to Explorer. The task manager shows Explorer to be running. I click "end process" and it just comes back a few seconds later. Here's the latest log results: SysProt AntiRootkit v1.0.1.0 by swatkat ****************************************************************************************** ****************************************************************************************** No Hidden Processes found ****************************************************************************************** ****************************************************************************************** Kernel Modules: Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys Service Name: --- Module Base: A7F05000 Module End: A7F1D000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS Service Name: --- Module Base: BA64C000 Module End: BA64E000 Hidden: Yes ****************************************************************************************** ****************************************************************************************** No SSDT Hooks found ****************************************************************************************** ****************************************************************************************** No Kernel Hooks found ****************************************************************************************** ****************************************************************************************** No hidden files/folders found Hi Dave, I started hunting through my program files to see if anything was suspicious. I noticed that there was STILL a folder named MSN. There are two subfolders there Install and OOBE. Under the OOBE file called obepopc.dll. The description reads "MSN IA Poptimization." Now, I didn't DELETE this file/folder just in case a STRAIGHT delete is the wrong thing to do. Maybe it requires some kind of "cleaner" delete. But does this file or folder make sense? By the way, I live in Thailand and came back to North America two weeks ago. This is just when the problem started. I'll leave for Thailand tomorrow. Do you feel that maybe the VIRUS could be cause by either the router I'm using here, or perhaps has been lying dormant for a while? For the life of me, I can't think of anything I've downloaded that could have caused this problem. Thanks, GDTFrom all the scans we've done, it would appear that your computer is clean. If your computer was set up in Thailand and you're now using it in North America could be the cause of all these problems. As for the MSN folder. It is legit as are the files inside it. Quote Obepopc.dll is a 32-bit Dynamic Linked Library of code components for a graphics UI style application.Please let me know what happens when your're back home in Asia.Hi Dave, My computer was purchased in the US and has traveled around the world through about 5 countries. I've used it everywhere. It's about 3 years old. There hadn't been any problems in Thailand (or any other country) but I just thought that maybe there had been a "sleeper" virus and that it was activated when I came to NA. I am back in Thailand and the problem remains. IE running, the clicking sound, and the deselection of windows (which means I can't watch any movie full-screen for more than 5 seconds as it deselects. Typing this email to you just popped up another add, although now the add is in Thai! I noticed that I'm running IE 6.0 which is old. That can't be the problem, but maybe it's helping the virus? Outside of that, the only new downloads in the days running up to the virus were GetIt downloader (have it on another computer, no problems) and two programs to change PDF files to MOBI. Plus I bought a Kindle. Any other ideas? I'd really rather not format this thing if I don't have to. GDTQuote I noticed that I'm running IE 6.0 which is old. That can't be the problem, but maybe it's helping the virus?Any un-updated program is more vulnerable to infections. Have you tried IE 8? Do you have an XP CD? If so, place it in your CD ROM drive and follow the instructions below: •Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow) *Let this run undisturbed until the window with the blue progress bar goes away SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file. Hi Dave, I have installed the new version of IE and ran the Windows CD. The problem remains. -DaveHi Dave, Do you remember how GMER crashed the computer? Well I tried running it again and yes, it crashed again. However just before doing so the blue screen told me that it had run into problems with a file called pxtdapow.sys. Does that mean anything? GDTGMER is a difficult program to run. It crashed my computer also. I'm going to check with someone about this problem Hi Dave, I was able to get the problem solved through another person I think. Turns out it was a rootkit virus called "Whistler". I did an internet search and seems a lot of people have this virus right now. MBRCheck found it. I then ran ComboFix to cure it I'm not sure why ComboFix didn't WORK the first time when I tried it with you. I swear I did everything you said! Oh, that said it seemed to be a newer version. But oh well, it's fixed now. Thanks very much for all your help. GDTQuote Turns out it was a rootkit virus called "Whistler". I did an internet search and seems a lot of people have this virus right now. MBRCheck found it. I then ran ComboFix to cure it I'm not sure why ComboFix didn't work the first time when I tried it with you. I swear I did everything you said! Oh, that said it seemed to be a newer version. ComboFix will detect Whistler bootkit but it won't repair it. Please run this to check if it's still there. Download the MBR Rootkit Detector to your desktop. * Doubleclick mbr.exe and follow prompts. * A black DOS window will quickly appear then disappear. * When mbr.exe is finished it will create a log on your desktop. * Copy and paste contents of that log file to your next reply.Edited. |
|
| 4747. |
Solve : Desktop does not appear - asking for a password? |
|
Answer» My daughter's Gateway 700X, running XP, will not finish startup and display the desktop. Instead, she gets a running list of things (commands?) then it asks for a password. We think this is most likely caused by her daughter clicking on SOMETHING in MYSPACE. She has all of the disks that came with the PC, all systems update PACKAGES have been installed. She runs Norton 2010 but does not have a disk - downloaded from internet. Have heard in last few days several others have same problem & they think it is from MySpace. |
|
| 4748. |
Solve : Problem With Trojan-aax5? |
|
Answer» Quote HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAILWhy do you want to edit those keys. Messing around in the registry is a very dangerous practice.Cause those keys permissions were screwed up. They were locked because the permissions that were supposed to be there were removed. I checked this against my Windows XP Home machine and they had permissions that in this laptop machine had been removed for whatever the reason. They had to be fixed cause they were preventing the Acrobat Reader from updating because they were locked and the reason they were locked was because of the missing permissions so I gave those keys the same exact permissions with the exact same settings of my Windows XP Home machine. When I did that the keys went back to the way they were supposed to be and they behave and look as they behaved and looked in my XP Home computer. When I put the permissions back the keys changed cause they only had one icon that gave me an error message when I tried to access it and now they show all the icons that are supposed to be there just like in my machine and they can be accessed just like in my machine. They had to be fixed cause if not the Acrobat couldn't update and that would leave the vulnerabilities in the Acrobat Reader without counting the fact that that abnormal behavior in those keys could potentially cause trouble with other software other than Acrobat Reader. After fixing the keys the Acrobat Reader updated normally and did not gave me the two locked keys errors that it gave me before in the previous update attempt. I fixed them using information on other places on the Internet that said how to fix that specific problem so I tried it with the first key of those three knowing that all that I had to do to put it back the way it was was to remove the permissions I gave the first key which is very easy to do. After giving that key the permissions it started to look and behave normally so I proceeded to do the same to the other two locked keys which had also the missing permissions as the other key. If this went wrong all I had to do to put it back the way it was before was to remove the permissions I gave them. I gave the same permissions that those keys had in my PC with the exception of course that one of the permissions name was different in this computer (the user permission) cause that is supposed to be like that because of the different user names. It is not that I’m going over the registry and changing and deleting keys like crazy because I feel like so cause I never do that. What I did was an informed decision and it’s something I did carefully and it fixed the existing problem not something random and it is not either that I take every piece of information that I see on the web as true cause I know that that is far from reality. I always USE judgment when doing so and I weight my options and doing that I have been able to fix countless computer problems in my computers and those of friends. I’m not a newbie with PCs, I have been working with PCs since DOS 2.10 and boy have I fixed things in peoples computers, ufff! And back there it was more difficult to install hardware cause there was no plug and play and it had to be setup manually, now software setup was relatively simple cause software and the OS was way SIMPLER back then. That I make mistakes sometimes, yes but I learn from them and I learn rather QUICKLY. For EXAMPLE you told me that it wasn’t a good idea to use registry cleaners so I went to read about the subject and I made the decision not to use them anymore cause from what the info says they are not worthy but I was using Eusing registry cleaner for some time cause it never gave me a single problem with my PCs and I used it in several and I never had a problem with it cause if I had noticed that it gave me problems then I would have stopped using it a long time ago but my PCs were running fine and have been running fine for quite a while. Now I read more info on the subject and made the decision not to use it cause it seems to me that it really is not worth it. So what is the worst that can happen if I make too big a mistake with a PC in terms of software, to reinstall the OS and the applications?, that is what I have to do and I installed operating systems enough times with all the PCs I have and those of my friends so I know my way around that so it doesn’t bother me but the truth is that I seldom have to do that cause I know my way around PCs and I’m not afraid to work and experiment with them and I know how to do a lot of things with them, like I said I seldom have to reinstall Windows or an OS specially as of lately cause with the years I have learned to give PCs good maintenance and I always make periodic backups of my data files to DVDs to prevent problems just in case. Now here and there I do run into a problem with a PC that requires consulting someone with more understanding of them like you for example and of course the result of solving every problem is that you learn more and become better and better at solving them. Now this PC was given to me in a very bad state and I was able to solve most of its problems and you solved some of the last ones but see that it took about two weeks of diagnostics and messing with it to fix it and put it back to normal operation. In my case with my PCs I would have taken a completely different approach if they were that badly screwed up, I would have formatted the disk and reinstalled Windows. Why? Cause I would have had the OS and the applications up and running and fully configured in two days, three at worst (seldom the case) and I mean with everything like custom cursors, wallpapers, Flash, Shockwave, Silverlight, Media Player, all the Windows updates, Fonts, plugins, scripts, etc. etc. etc. do you see? only two days instead of a week and a half or two to fix the mess that this PC was but it just happens that my PCs do not get into such a bad shape. This one had over 60 different viruses and I don’t mean the different copies of a single virus that an antivirus application normally finds cause it can find sometimes hundreds of copies of a single virus, I mean over 60 different viruses among a very fragmented disk, disk errors etc. etc. etc. and it’s not uncommon for me to find PCs brought to me by other people in such a state, though this one in particular have been one of the worst unfortunately that is how the virus problem has grown nowadays and people lack of understanding of proper PC maintenance knowledge aggravates the problem very badly. So I have to take decisions to fix a PC and try to find the best info possible and then proceed to do the best I can cause I can’t definitely spend a month fixing a PC, in the worst case scenario I have to reinstall it, in this case if it had come to that I would have been forced to borrow a USB external CD-Rom drive but like I said I seldom if ever have to do that. In this case I was able to bring it back to work normally with your help but normally I would recommend reinstall not because not knowing what to do to fix them but because in the state in which I find the computers that are brought to me these days it is really much faster just to reinstall everything, way, way faster. And then people many times do not make backups of their user generated files thinking that hard drives should last forever. Boy have I lost hard drives over the years, they are working fine and then the next moment they go CRASH even with good care (I try not to bump the desk were a chasis is or to bump into their cases when they are in the floor and I handle them very carefully when installing them) but people seem to believe out there that HD are impervious to failure, ufff! And then I have to try to save their data files and in a way that they do not infect the media that they are transfered to and then check that media afterwards for possible infections. I have found it so common to encounter viruses in USB storage media and other media that belonged to other people that I recommend to most people to disable the autorun feature completely from their PCs (I will do that in this PC too). Sorry for the long post but I put this here with the hope that other people out there reading this learn from it to do proper PC maintenance and data backup. That is a must so they don’t find themselves in a precarious position with their precious data and some of that stuff like cherished photos and videos are priceless to them. We just do the best we can to fix these messes. Secunia was run and it found the Flashplayer needed an update. When I tried to run the Flashplayer Update from Internet Explorer it gave me an error that it could not be installed I then proceeded with the manual installation and it went OK. I don't know where the error came from. Anyway I think that the system files in this computer should be checked but it doesn't have a CD-ROM so I'll see if later on I'll be able to do that. Anyway Secunia also told me that Firefox was version 3.6.8 and that it needed to update to the newer 3.6.9 version it but I opened Firefox and used the checked the update feature and it told me that it was the latest. I checked the About screen of Firefox and it told me that it was the latest 3.6.9 version so I guess that Secunia failed for one reason or the other to detect the correct version. The other application that Secunia told that it needed an update was IE 8 but I went to the Windows update page and ran it and it didn't list any necessary updates, only a few optional software ones and I had installed all the corresponding ones and that was it but there was no other update for IE 8. So that is about it. The only other problem that I keep having is that the audio in this PC sounds very weird. The Realtek onboard sound sounds stuttering all the time. It sounds like its vibrating very fast all the time, it sounds intermittent very fast all the time so I'm going to reinstall the audio drivers to the latest version to see if that corrects the problem but other than that the computer is running pretty normal and stable.You can check the files without the OS disk. Just run the SFC and if there are any files corrupted, it will ask for the disk. If not, you'll know the files are ok. Do you have an XP CD? If so, place it in your CD ROM drive and follow the instructions below: •Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow) *Let this run undisturbed until the window with the blue progress bar goes away SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.I did give it a system files check and luckily it didn't have any errors so that's great. So I think we are good with that. Also I downloaded the audio driver and reinstalled it and the PC it's sounding OK again. It seems that there was some corruption of one or more of the audio drivers files, perhaps from one of those corrected disk errors or perhaps for another reason but that is fixed. It is possible also that some of the files from the previous version of the Flash player had been affected too but has been corrected already. The problem could have been for the Flash player files cause the updating error happened with both IE8 and Firefox. It seems to be OK now. I already deleted the previous restore points and created a new one apart from the automatically created one by the system. WOT has been installed. Spyware Blaster was installed and configured. I think that we are good. I think that this is a wrap. What do you think? I think that we are done with this PC.Oh and I forgot to mention that WOT was installed on both browsers IE8 and Firefox and not just one and that the ACCOUNT has now a password which it didn't have before. Also I went into safe mode and gave the default Administrator Account a password cause it didn't have one. I know that this is a common mistake that too many people make. This account wasn't showing up when I had gone into safe mode before and now it has reappeared. So as you can see many things that were supposed to be in place in this PC but weren't are now working normally and that includes the Administrator account not showing, putting a password on it, putting a password into the user account that this PC had, the permissions for those keys that I mentioned, the fixing of the audio drivers, the sfc /scannow command now working properly, the Windows updates messages now working properly, the installation of the recovery console, etc. Wow this PC really was way out of proper shape! No wonder it got into so much trouble. I hope that all this helps to prevent this from happening again.Quote Spyware Blaster was installed and configured.Don't forget to advise the owners to update Spyware Blaster every so often. Some users are not very aware about the dangers to their computers by going into dangerous sites. The secret is a layered approach to protection, like the shingles on a roof. A good, up-to-date AV, a third-party firewall and some good antimalware programs like Windows Defender and SpywareBlaster. I've been using Threatfire ever since Evilfantasy recommended it. That's OK. I also disabled all the Autorun features as I said as an extra precaution. It was a nice thing at the begining but now it just causes too many problems so that is that. We are done with this. Thank you very much for your help.Resolved. Topic locked. |
|
| 4749. |
Solve : Antivir Solution Pro Removal?? Help!? |
|
Answer» Here is the OTL log:
•Click the button. •Accept any security warnings from your browser. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt I've done all the updating and removing. But for the online scan, there was no log button. I just had the option to press "finish". Then it just reccomended AV programs. It didn't find any threats anyway. Do you need me to run it again or something?quote from superdave; A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt did you look in your files etc Yep. Was looking in the wrong place. [emailprotected] as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=2f59ad21ef48884ea88a0348469b1c0c # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-08-12 10:52:58 # local_time=2010-08-12 11:52:58 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=512 16777215 100 0 146374 146374 0 0 # compatibility_mode=768 16777175 100 0 4478066 4478066 0 0 # compatibility_mode=5893 16776573 100 94 244225 34076736 0 0 # compatibility_mode=8192 67108863 100 0 178 178 0 0 # scanned=950 # found=0 # cleaned=0 # scan_time=33 [emailprotected] as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=2f59ad21ef48884ea88a0348469b1c0c # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-08-12 01:37:51 # local_time=2010-08-12 02:37:51 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=512 16777215 100 0 146481 146481 0 0 # compatibility_mode=768 16777175 100 0 4478173 4478173 0 0 # compatibility_mode=5893 16776573 100 94 244332 34076843 0 0 # compatibility_mode=8192 67108863 100 0 285 285 0 0 # scanned=200550 # found=0 # cleaned=0 # scan_time=9818 Well, that looks good. If there are no other issues, it's time for some cleanup. To remove all of the tools we used and the files and folders they created do the following: Double click OTL.exe.
**************************************** Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ******************************************** Looking over your log it seems you don't have any evidence of a third party firewall. Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors. Remember only install ONE firewall 1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com OPTIONS if you choose this one) 2) Online Armor 3) Agnitum Outpost 4) PC Tools Firewall Plus If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time. ********************************************* Some of these may not run on Windows 7 Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing!SuperDave, thank you so much. You've been great. I just have a few questions: 1. What programs should have been removed, because some of them weren't removed. Should all of them have been? 2. Also, if I use Spybot Search and Destroy, do I disable Windows Defender? Stupid questions, I know, but I just want to make sure. Thanks again, SuperDave.Quote What programs should have been removed, because some of them weren't removed. Should all of them have been?No. OTC will only remove certain ones. Uninstall or delete the ones that are left. Quote 2. Also, if I use Spybot Search and Destroy, do I disable Windows Defender?I have Spybot and Windows Defender running on my computer with no problems.Ok. Thanks once more. You've been such a great help. |
|
| 4750. |
Solve : Need to remove TROJAN:WIN32?FakeScanti? |
|
Answer» Scanned again over 2 1/2 hrs, when I went to save it, wouldn't let me name it
|
|