Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

worm blaster 32?

Started by keers , Sep 15 2011 09:14 AM

  • This topic is locked This topic is locked

#1
keers
Posted 15 September 2011 - 09:14 AM

keers

    Member

  • Member
  • PipPip
  • 23 posts
Hi everyone. Listen I am not even close to being computer literate in any way so if I repeat myself or others my apologies. About a week ago my partners computer got a fake virus warning and she clicked on the scan now tab and the result was a worm blaster32 virus. I have tried anti malware, norton, symnatec, avg, and nothing seems to work. The laptop originally could connect to the internet however now it cannot and when I run an scan with symnatec or anti malware the computer turns itself off half way through so I can not perform a full scan.I came across aswMBR but am not sure how to use or if it will just make things worse.
Hope someone can help me and sorry for poor info.
Thanks Keers.
  • 0

Advertisements

#2
Dakeyras
Posted 23 September 2011 - 02:38 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi,

I apologise for the delay, the forum is very busy.

If you still require assistance merely acknowledge this post, thank you.
  • 0

#3
keers
Posted 25 September 2011 - 09:08 AM

keers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
yes please. struggling with this problem. thinking of just taking it to PC world but would rather not. thanks for your reply.
  • 0

#4
Dakeyras
Posted 26 September 2011 - 03:05 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

yes please. struggling with this problem.

By all means...

thinking of just taking it to PC world but would rather not.

That is a option and at your own discretion, however lets see what I can do to remedy the situation shall we.

thanks for your reply.

You're welcome!

Next:

This pertains to your partners machine...Please take note of the below:

  • I will start working on the Malware issues, this may or may not, solve other issues you have with the machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup your partners personal files and folders before you start.

Next:

Now before we go any further I need to know which Operating System is on your partners machine and on the one you are using to post with etc. Reason being so I am better able to provide the correct form of advice to begin the actual Malware Removal process.

If unsure which is on either machine you can check as follows...

Click on Start >> Run...(or the Windows key and R together) to bring up the Run box and and copy and paste(or type manually) in:

winver
Make a note of the information that appears in About Windows and post back the relevant information in your next reply, thank you.
  • 0

#5
keers
Posted 26 September 2011 - 12:25 PM

keers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
hey dakeyras thanks for your time and effort. the system i am using to post these threads is windows 7 home premium. my partners computer is windows vista home premium version 6.0 (build 6002 service pack 2). partners computer is a compaq presario cq60 notebook pc with 32 bit system and this computer is a dell inspirion 1545 64 bit build 7601 service pack 1. i am a complete rookie here so little patience chief. i understand that there is the possibility of things going pear shaped and accept those risks. what ever you need to do work away and let me know what i can do.
again thanks.
keers.
  • 0

#6
Dakeyras
Posted 27 September 2011 - 04:09 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

hey dakeyras thanks for your time and effort.

You're welcome! Thanks for the clarification, lets proceed as follows shall we...

i am a complete rookie here so little patience chief.

Not a problem, we only have a few tasks to complete below for now so I can try and ascertain what exactly is the problem with your partners machine.

Since at present your partners machine does not have internet access we will need to transfer across one tool at first(we may transfer others at a later date if the need arises), to do so you will require a USB Drive.

However first it would be prudent Vaccinate the USB drive so no infections are spread to your machine.

Download/Run Panda USB Vaccine:

Please download Panda USB Vaccine from here to the Desktop of your machine.

  • Right-click on USBVaccineSetup.exe and and select Run as Administrator >> follow the prompts in the installation wizard.
  • At the configuarion screen(settings)...
  • Ensure both Run Panda USB Vaccine automatically when computer boots (/resident mode) & Automatically vaccinate any newly inserted USB key are selected.
  • Now click on Next> >> ensure Launch Panda USB Vaccine is selected >> click on Finish.
  • Attach/insert your USB Drive in your machine...it will be automatically vaccinated.
  • Close Panda USB Vaccine via right-clicking on the Panda USB Vaccine system tray icon and selecting Exit.
Note: You may uninstall Panda USB Vaccine when we have completed the Malware Removal process if you so wish. Though my advice would be to keep it installed.

Next:

Now please download OTL and save it to your Desktop and then transfer it to the USB Drive and or save it directly to the USB Drive.

Alternate downloads are here and here.

Note: The alternate downloads for OTL can be tried on your partners machine, if the first will not run on it.

Now safely remove the USB Drive from your machine via right-clicking on the Safely Remove Hardware and Eject Media system tray icon and then select Eject USB Mass Storage Device.

At the prompt you may now physically remove the USB Drive from your machine.

Next:

The below pertains to your partners machine...

Boot it up(start) if not running, attach/insert your USB Drive and transfer OTL to the Desktop.

Now run OTL as follows...

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
Note: You will need to transfer both of the OTL logs to your USB Drive, safely remove it from your partners machine, reconnect to yours and then use your machine to post the logs for my review etc.

When completed the above, please post back the following in the order asked for:

  • How is your partners machine computer performing now, any further symptoms and or problems encountered?
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#7
keers
Posted 27 September 2011 - 12:38 PM

keers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
thanks again.
i ran the program you asked and things seem to be working again. however, i cannot connect to the internet. whenever i try to turn on the network discovery the screen resets itself or flashes and the network doscovery goes back to off. other programs seem to be owrking. previously i was unable to run cc cleaner or any other program but they all seem to work now. in this reply i will add the OTL.txt. i am also going to try to reconnect the laptop to the wireless router manually from the tower computer. if that is successful i will lwt you know.


OTL logfile created on: 27/09/2011 19:02:14 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Ase\Desktop\otl
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 79.12% Memory free
5.70 Gb Paging File | 5.28 Gb Available in Paging File | 92.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.70 Gb Total Space | 81.47 Gb Free Space | 58.32% Space Free | Partition Type: NTFS
Drive D: | 9.35 Gb Total Space | 1.70 Gb Free Space | 18.16% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 3.73 Gb Free Space | 99.96% Space Free | Partition Type: FAT32

Computer Name: ASE-PC | User Name: Ase | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ase\Desktop\otl\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (DMService) -- C:\Windows\Downloaded Program Files\DM.0\DMService.exe ()
SRV - (uagqecsvc) -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft ® Corporation)
SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe ()
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (MpKsldf88b1c6) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A42A7859-E51A-4F0C-9D90-8FA5399AED17}\MpKsldf88b1c6.sys (Microsoft Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s125mgmt.sys (MCCI Corporation)
DRV - (s125obex) -- C:\Windows\System32\drivers\s125obex.sys (MCCI Corporation)
DRV - (s125mdm) -- C:\Windows\System32\drivers\s125mdm.sys (MCCI Corporation)
DRV - (s125mdfl) -- C:\Windows\System32\drivers\s125mdfl.sys (MCCI Corporation)
DRV - (s125bus) Sony Ericsson Device 125 driver (WDM) -- C:\Windows\System32\drivers\s125bus.sys (MCCI Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-2670908341-437182612-897133360-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2670908341-437182612-897133360-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2670908341-437182612-897133360-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2670908341-437182612-897133360-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2670908341-437182612-897133360-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2670908341-437182612-897133360-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2670908341-437182612-897133360-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2670908341-437182612-897133360-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-2670908341-437182612-897133360-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2670908341-437182612-897133360-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O7 - HKU\S-1-5-21-2670908341-437182612-897133360-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/...ader.5.8.05.cab (Bebo Uploader Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://portal.belfa.../WhlCompMgr.cab (Forefront UAG endpoint components)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53762EC3-719E-4836-A411-42306566878A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A2C8CC1-7A09-4BFB-90A9-89CDE2BB6FBB}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F58AB558-E43C-4C97-B8E6-3C179E0915B8}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Value error. File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/04 18:37:14 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/09/27 18:53:22 | 000,000,016 | -H-- | M] () - F:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/27 19:00:12 | 000,000,000 | ---D | C] -- C:\Users\Ase\Desktop\otl
[2011/09/25 16:17:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/09/14 20:32:59 | 000,000,000 | ---D | C] -- C:\Users\Ase\AppData\Roaming\PC Cleaners
[2011/09/14 20:32:45 | 005,356,304 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe
[2011/09/14 20:32:39 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2011/09/06 17:00:49 | 002,613,088 | ---- | C] (Symantec Corporation) -- C:\Users\Ase\Documents\Setup.exe
[2011/08/31 20:18:46 | 000,000,000 | ---D | C] -- C:\Users\Ase\Desktop\Downloads
[2011/08/31 20:18:37 | 000,000,000 | ---D | C] -- C:\Users\Ase\AppData\Roaming\GetRightToGo
[2011/08/31 18:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\W32. Blaster . Worm Removal Tool1
[2011/08/31 11:16:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/31 10:56:43 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/08/31 10:56:43 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011/08/31 10:56:42 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011/08/30 20:58:28 | 000,000,000 | ---D | C] -- C:\Users\Ase\AppData\Roaming\Malwarebytes
[2011/08/30 20:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/30 18:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/08/30 18:32:09 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/30 18:31:56 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2011/08/30 18:31:35 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011/08/30 18:31:16 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/08/30 18:31:16 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011/08/30 18:31:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/08/30 18:28:22 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2011/08/30 18:28:19 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/08/30 18:28:19 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/08/30 18:27:59 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2011/08/30 11:44:14 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2011/08/30 11:44:14 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2011/08/30 11:44:02 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/08/30 10:25:20 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/08/30 10:25:18 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011/08/30 10:25:10 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011/08/30 10:25:09 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011/08/30 10:25:07 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/08/30 10:25:06 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/08/30 10:25:05 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/08/30 10:25:05 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/08/30 10:25:04 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011/08/30 10:25:03 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2011/08/30 10:25:03 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011/08/30 10:25:03 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2011/08/30 10:24:57 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/08/30 10:24:57 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/08/30 10:24:57 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/08/30 10:24:57 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/08/30 10:24:53 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/08/30 10:24:53 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/08/30 10:24:53 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/08/30 10:24:53 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/08/30 10:24:53 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/08/30 10:24:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/08/30 10:24:52 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/08/30 10:24:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/08/30 10:24:50 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/30 10:24:47 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/30 10:24:47 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/08/30 10:24:45 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/08/30 10:24:45 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/08/30 10:24:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/30 10:24:44 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/08/30 10:24:44 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/08/30 10:24:44 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/30 10:24:42 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/30 10:22:13 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011/08/30 10:22:13 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011/08/30 10:22:12 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011/08/30 10:21:29 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/08/30 10:05:01 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/30 10:05:00 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/30 09:53:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/08/30 01:25:13 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2011/08/30 01:19:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/08/30 01:19:42 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/08/30 01:19:42 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/08/30 01:19:42 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/08/30 01:19:41 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/08/30 01:19:41 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/08/30 01:19:39 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/08/30 01:19:39 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/08/30 01:19:39 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/08/30 01:19:39 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/08/30 01:19:38 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/08/30 01:19:30 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/08/30 01:19:30 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/08/30 01:19:30 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/08/30 01:19:30 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/08/30 01:19:30 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/08/30 01:06:27 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011/08/30 01:06:25 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011/08/30 01:06:21 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[10 C:\Users\Ase\Documents\*.tmp files -> C:\Users\Ase\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/27 19:01:00 | 000,000,329 | ---- | M] () -- C:\Users\Ase\Desktop\otl - Shortcut.lnk
[2011/09/27 18:42:53 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/27 18:42:53 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/27 18:42:13 | 2951,081,984 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/15 16:05:08 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/09/15 16:02:26 | 000,000,512 | ---- | M] () -- C:\Users\Ase\Desktop\MBR.dat
[2011/09/14 21:15:58 | 000,000,755 | ---- | M] () -- C:\Users\Ase\Desktop\PC Cleaners.lnk
[2011/09/14 19:54:48 | 005,356,304 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe
[2011/09/06 14:19:33 | 000,008,484 | ---- | M] () -- C:\Users\Ase\AppData\Local\d3d9caps.dat
[2011/08/31 14:23:38 | 000,047,889 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/08/31 14:23:38 | 000,047,889 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/08/31 13:59:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/31 12:25:57 | 020,073,022 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/31 12:25:54 | 010,294,860 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/31 11:54:27 | 000,000,248 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/08/31 11:53:27 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/31 11:51:17 | 000,303,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/30 18:50:24 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/08/30 18:24:39 | 000,000,298 | ---- | M] () -- C:\Users\Ase\Desktop\FixBlast.exe - Shortcut.lnk
[2011/08/30 18:12:35 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1486EFEE-ED09-47EE-8049-97A2D686CCE7}.job
[2011/08/30 09:59:57 | 000,002,587 | ---- | M] () -- C:\Users\Ase\Desktop\Microsoft Office Word 2007.lnk
[2011/08/30 09:54:50 | 000,001,589 | ---- | M] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[10 C:\Users\Ase\Documents\*.tmp files -> C:\Users\Ase\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/27 19:01:00 | 000,000,329 | ---- | C] () -- C:\Users\Ase\Desktop\otl - Shortcut.lnk
[2011/09/15 16:02:26 | 000,000,512 | ---- | C] () -- C:\Users\Ase\Desktop\MBR.dat
[2011/09/15 15:56:46 | 2951,081,984 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/14 21:15:58 | 000,000,755 | ---- | C] () -- C:\Users\Ase\Desktop\PC Cleaners.lnk
[2011/08/30 18:24:39 | 000,000,298 | ---- | C] () -- C:\Users\Ase\Desktop\FixBlast.exe - Shortcut.lnk
[2011/08/30 09:54:50 | 000,001,589 | ---- | C] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2011/08/30 01:19:33 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/08/30 01:19:33 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/08/30 01:19:33 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2010/03/01 18:06:20 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/02/25 01:38:24 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/01/16 19:09:47 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010/01/16 19:09:47 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010/01/16 19:09:46 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2010/01/16 19:09:46 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2010/01/16 18:36:31 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/11/08 12:47:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/08 12:47:41 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/03/17 22:05:14 | 000,007,214 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2008/11/24 09:56:51 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/24 01:49:07 | 000,000,464 | ---- | C] () -- C:\Users\Ase\AppData\Roaming\wklnhst.dat
[2008/11/23 11:11:28 | 000,008,484 | ---- | C] () -- C:\Users\Ase\AppData\Local\d3d9caps.dat
[2008/11/22 20:03:03 | 000,047,889 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/11/22 19:10:36 | 000,047,889 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/11/22 19:04:26 | 000,016,896 | ---- | C] () -- C:\Users\Ase\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/08 12:08:04 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/08/04 19:04:15 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2008/01/21 03:23:51 | 000,212,992 | ---- | C] () -- C:\Windows\System32\msdt.dll
[2006/11/02 13:47:37 | 000,303,288 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 020,073,022 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 010,294,860 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

#8
keers
Posted 27 September 2011 - 01:54 PM

keers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
the internet is still unavailabe and not sure why. i am also not sure if you received the extra.txt info so i am posting it again just in case.
thanks again.

OTL Extras logfile created on: 27/09/2011 19:02:14 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Ase\Desktop\otl
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 79.12% Memory free
5.70 Gb Paging File | 5.28 Gb Available in Paging File | 92.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.70 Gb Total Space | 81.47 Gb Free Space | 58.32% Space Free | Partition Type: NTFS
Drive D: | 9.35 Gb Total Space | 1.70 Gb Free Space | 18.16% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 3.73 Gb Free Space | 99.96% Space Free | Partition Type: FAT32

Computer Name: ASE-PC | User Name: Ase | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11F0584B-D7CB-43EC-B602-0556292BDF46}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{12D40762-A4F3-4386-9D25-EC96214C2A51}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1928AD32-F047-4E23-871A-1748AAD95643}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{20E14F89-6560-473A-AD31-EB2319E9F10A}" = lport=138 | protocol=17 | dir=in | app=system |
"{24C26C80-7DAC-4DB5-9216-B5814046D51A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{26200965-C068-43E9-BC53-C45625FF1844}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{2645DBEC-7FC4-469B-920E-2C24599B1AD0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2E27BB93-CD0F-486F-AAFE-65AACA726B3A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{367DA95D-37D9-4E39-85A5-8076B832495F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{4031BB25-5D0C-44F5-83B0-71A9F2E690DF}" = rport=10244 | protocol=6 | dir=out | app=system |
"{41268494-0931-43BB-B10C-ACA68C622589}" = lport=10244 | protocol=6 | dir=in | app=system |
"{4E9FCA91-729C-4B2D-B2B2-3A6DF1C026F7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{56C74A2D-E96F-4D21-BD40-65F06B5C8AF2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5E9B6E4F-1E9A-4525-8CA0-C02D0BE45FEB}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{5EC2084F-5D97-4E8B-B372-83E891D1FE30}" = lport=137 | protocol=17 | dir=in | app=system |
"{60B04ABE-59A1-4CF7-A07D-ECBB4C5A5DC3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{631376C7-1C45-4B7E-B22D-C9F86028932E}" = lport=3390 | protocol=6 | dir=in | app=system |
"{64937718-B7FE-4D5D-A0BD-C1AA7C28390C}" = rport=10244 | protocol=6 | dir=out | app=system |
"{68E83883-9B03-4477-9C08-EEA54E28DE16}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6EC6133E-79E4-47E3-B082-BF427F2E5242}" = lport=445 | protocol=6 | dir=in | app=system |
"{724316AD-66AA-4B35-937B-2509113F7E34}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{73487CCF-4901-439F-9C33-D54F363A5E36}" = rport=137 | protocol=17 | dir=out | app=system |
"{79F75107-F081-44A2-99FF-E881B476BCC5}" = lport=139 | protocol=6 | dir=in | app=system |
"{83888D90-1492-4011-BF54-5E148D74BE1B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{90FC930E-5CFD-4F90-8F6E-331C0D87D1B2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{94D6F971-657B-48B5-9918-8F5729B01141}" = lport=10244 | protocol=6 | dir=in | app=system |
"{AA195AEF-48DC-428E-85EE-8FF190395FD5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B3EE235E-AB37-459A-91BD-6B1AC95D96F8}" = rport=139 | protocol=6 | dir=out | app=system |
"{BC0B886D-155B-4439-8828-1EA6CF457F7C}" = rport=445 | protocol=6 | dir=out | app=system |
"{C9F7E05B-661B-48AA-AC1A-F9BDC18CEE4C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CCC55603-F9D3-49DC-A302-9D719CFF2C1B}" = lport=3390 | protocol=6 | dir=in | app=system |
"{D21AC178-B4D9-49F8-8BAB-335B8A0C4409}" = rport=138 | protocol=17 | dir=out | app=system |
"{ED70E36C-40BE-4F80-A17F-2D3793AB8B8A}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{F19528D1-FFEA-4F94-B8D2-2BB8E9B0A435}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0208DDBE-1C82-42A4-B96B-EA2030304327}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{1CFA5A47-5B8A-4B60-A18A-57A5460CF4A8}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{23037C90-7D21-41B3-86BA-D949616CD8E6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{235EC19E-B594-4126-8197-30754E6FDB81}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{2B4B3A6D-11F3-45D5-BFC4-7F5AC8F37180}" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{2D057D14-FB23-43AF-9439-C8E4103C9608}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{2E7D3BDD-CACF-419F-B8BC-446087E971CD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{364B0629-2574-408F-99D1-B87599548928}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{3DADF1A1-FF24-426D-9B7C-8024B02424B7}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{3FF29F84-DD6A-42CC-871B-665A42AF27BA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{57B5A0B2-6022-48E1-BA14-D2A8E08E0976}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{5A6A4533-7B09-49D6-A6F5-2256E1BD6790}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{5AE8DFEE-D237-4392-9D13-8E8AAE5F5548}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{676A8329-1550-4466-92FC-7D9E4F912F81}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{74E29875-F8BE-40ED-8A89-DAEE2018C788}" = protocol=1 | dir=out | [email protected],-28544 |
"{7A281165-90E3-422F-8844-226C64433932}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{81E9465F-BE97-44F8-9254-40C8005CD38C}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{85F341C9-4392-43F7-9ADB-E2FEBBF8A5B4}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{93203D0F-D33C-4CB3-ABD6-C404F282067B}" = protocol=1 | dir=in | [email protected],-28543 |
"{9434E68E-9FBA-465C-9C8C-B8F181E3D578}" = protocol=58 | dir=out | [email protected],-28546 |
"{96D6F8C8-7EC4-4945-AFC1-638A5585AEB4}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{9CB95B30-0B10-4437-844D-12E77CE5C1E8}" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{9DCE0306-05A6-479F-8521-998CB9C44A55}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{BDBB060A-669A-47A1-AC3B-0C262422FCC2}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{BED9F76E-E499-48B6-B74E-C25AF0C5CFDF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C68D00E0-1DE2-4B16-A79B-58697DDBD57D}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{CEF9C9B6-4609-4863-9810-B7069499C896}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{EA051866-40ED-485B-BBB5-62C75CDC04FB}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{EB5F3E09-DC22-4C1B-851C-21493ABF9499}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{FB5B1942-4971-4037-816F-2B93C05B9172}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FBE78A1C-0D76-450F-930D-C9B398F9497F}" = protocol=58 | dir=in | [email protected],-28545 |
"{FF1336AD-576F-400F-BC73-C49E97A2F1BE}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"TCP Query User{4A632E74-877C-4239-B93B-6DAF1C5011EA}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{9774B248-2A78-4006-9A73-54EE84725855}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{9C658639-9836-4AA8-BB64-D8E90FBB80AE}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{41BDDF58-E959-468D-9D73-C75181A06689}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{544CAABA-0061-47F3-96BB-008E6F3BB3C9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{858CCB1C-BD56-411B-BC9F-A2BDBD14481E}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.3
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 21
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DF92D68-F8EE-4F9C-89A2-26254C1C4B6B}" = HP Help and Support
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Defraggler" = Defraggler
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Forefront UAG endpoint components 3.1.0" = Microsoft Forefront UAG endpoint components v4.0.0
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/08/2011 17:18:12 | Computer Name = Ase-PC | Source = Application Error | ID = 1000
Description = Faulting application FixBlast.exe, version 1.0.6.1, time stamp 0x3f534088,
faulting module FixBlast.exe, version 1.0.6.1, time stamp 0x3f534088, exception
code 0xc0000006, fault offset 0x0000933a, process id 0x10b8, application start time
0x01cc6758a15cd8ae.

Error - 30/08/2011 17:18:12 | Computer Name = Ase-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Program Files\HP\HPNetworkAssistant\HTML\GTHomeNet\Brand\GTConnect\GTConnect_Main\Movies\Microsoft\MicrosoftRouter\RouterModemPowerCycle\step1.swf
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Fixtool for W32.Blaster.Worm
because of this error. Program: Fixtool for W32.Blaster.Worm File: C:\Program Files\HP\HPNetworkAssistant\HTML\GTHomeNet\Brand\GTConnect\GTConnect_Main\Movies\Microsoft\MicrosoftRouter\RouterModemPowerCycle\step1.swf

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000009C Disk
type: 3

Error - 31/08/2011 05:38:28 | Computer Name = Ase-PC | Source = LoadPerf | ID = 3012
Description =

Error - 31/08/2011 05:38:28 | Computer Name = Ase-PC | Source = LoadPerf | ID = 3011
Description =

Error - 31/08/2011 06:16:24 | Computer Name = Ase-PC | Source = LoadPerf | ID = 3012
Description =

Error - 31/08/2011 06:16:24 | Computer Name = Ase-PC | Source = LoadPerf | ID = 3011
Description =

Error - 31/08/2011 06:59:35 | Computer Name = Ase-PC | Source = LoadPerf | ID = 3012
Description =

Error - 31/08/2011 06:59:35 | Computer Name = Ase-PC | Source = LoadPerf | ID = 3011
Description =

Error - 31/08/2011 07:25:51 | Computer Name = Ase-PC | Source = LoadPerf | ID = 3012
Description =

Error - 31/08/2011 07:25:51 | Computer Name = Ase-PC | Source = LoadPerf | ID = 3011
Description =

[ Media Center Events ]
Error - 09/10/2009 16:17:01 | Computer Name = Ase-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 13/11/2009 17:29:19 | Computer Name = Ase-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 10/10/2010 17:11:44 | Computer Name = Ase-PC | Source = Mcx2Dvcs | ID = 401
Description =

[ OSession Events ]
Error - 04/10/2009 16:15:38 | Computer Name = Ase-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7431
seconds with 6060 seconds of active time. This session ended with a crash.

Error - 09/12/2009 16:27:07 | Computer Name = Ase-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9145
seconds with 3420 seconds of active time. This session ended with a crash.

Error - 12/12/2009 14:59:21 | Computer Name = Ase-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17165
seconds with 3720 seconds of active time. This session ended with a crash.

Error - 16/01/2010 17:11:03 | Computer Name = Ase-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 854
seconds with 780 seconds of active time. This session ended with a crash.

Error - 24/02/2010 20:38:26 | Computer Name = Ase-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7458
seconds with 1920 seconds of active time. This session ended with a crash.

Error - 03/03/2010 16:05:25 | Computer Name = Ase-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2114
seconds with 1380 seconds of active time. This session ended with a crash.

Error - 03/04/2010 09:50:33 | Computer Name = Ase-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4371
seconds with 480 seconds of active time. This session ended with a crash.

Error - 03/04/2010 09:51:37 | Computer Name = Ase-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5532
seconds with 1260 seconds of active time. This session ended with a crash.

Error - 03/04/2010 16:54:58 | Computer Name = Ase-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 151
seconds with 60 seconds of active time. This session ended with a crash.

Error - 11/04/2010 16:28:19 | Computer Name = Ase-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18801
seconds with 3300 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 31/08/2011 08:36:53 | Computer Name = Ase-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 31/08/2011 08:37:01 | Computer Name = Ase-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 31/08/2011 08:37:09 | Computer Name = Ase-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 31/08/2011 08:37:13 | Computer Name = Ase-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 31/08/2011 08:37:21 | Computer Name = Ase-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 31/08/2011 08:37:25 | Computer Name = Ase-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 31/08/2011 08:37:29 | Computer Name = Ase-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 31/08/2011 08:37:33 | Computer Name = Ase-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 31/08/2011 08:37:37 | Computer Name = Ase-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 31/08/2011 08:37:41 | Computer Name = Ase-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.


< End of report >
  • 0

#9
keers
Posted 28 September 2011 - 07:41 AM

keers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
hey Dakeyras
as i mentioned i cannot get on the internet and through trial and error i noticed that the laptop does not have any network adaptor driver. i tried to download to USB but was unsuccessful. just to let you know where i am at. sorry to bother you.
cheers chief.
jason
  • 0

#10
Dakeyras
Posted 28 September 2011 - 12:55 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

thanks again.

You're welcome and thanks for the update also.

as i mentioned i cannot get on the internet and through trial and error i noticed that the laptop does not have any network adaptor driver. i tried to download to USB but was unsuccessful. just to let you know where i am at. sorry to bother you.

You are not bothering myself in the least I assure you and what you mentioned we can investigate further in due course.

the internet is still unavailabe and not sure why.

OK, lets proceed as follows shall we. There is quite a fair bit to carry out below, so we will do so in several stages before actually actually anything proactive Anti-Malware wise per se.

Reason being the Hard-Drive on your partners machine has what is known as bad block and this probably accounts(hinders) for the problems running any in-depth Anti-Malware scans. So if we address this first it should make things a tad easier next time round in theory.

Though we will also be transferring some files across in readiness for continuing the Malware Removal process etc.

Next:

Using your machine...

Open Notepad via >> Start(Windows 7 Orb) >> All Programs >> Accessories >> Notepad

Now copy the lines from the quote-box below(do not copy the word Quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
SRV - (DMService) -- C:\Windows\Downloaded Program Files\DM.0\DMService.exe ()
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-2670908341-437182612-897133360-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2670908341-437182612-897133360-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [] File not found
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Value error. File not found
[2011/09/25 16:17:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/09/14 20:32:59 | 000,000,000 | ---D | C] -- C:\Users\Ase\AppData\Roaming\PC Cleaners
[2011/09/14 20:32:45 | 005,356,304 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe
[2011/09/14 20:32:39 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2011/09/06 17:00:49 | 002,613,088 | ---- | C] (Symantec Corporation) -- C:\Users\Ase\Documents\Setup.exe
[2011/08/31 20:18:37 | 000,000,000 | ---D | C] -- C:\Users\Ase\AppData\Roaming\GetRightToGo
[2011/08/31 18:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\W32. Blaster . Worm Removal Tool1
[2011/08/30 20:58:28 | 000,000,000 | ---D | C] -- C:\Users\Ase\AppData\Roaming\Malwarebytes
[2011/08/30 20:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/30 18:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[10 C:\Users\Ase\Documents\*.tmp files -> C:\Users\Ase\Documents\*.tmp -> ]
[2011/08/30 18:24:39 | 000,000,298 | ---- | M] () -- C:\Users\Ase\Desktop\FixBlast.exe - Shortcut.lnk
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2

:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c
C:\Windows\Downloaded Program Files\DM.0

:Commands
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]

Return to Notepad, right-click in the within a blank area of notepad window and choose Paste.

Still with the open Notepad >> click on File >> Save As... >> next to File name type in Fix.txt >> click on Save, save it to your Desktop

Next:

Please download the installer for Malwarebytes' Anti-Malware to your Desktop.

Now download the installer for Erunt to your Desktop.

Finally download TFC(Temp File Cleaner) to your Desktop.

Next:

Transfer Fix.txt, mbam-setup-1.51.2.1300.exe, erunt-setup.exe and TFC.exe to the Desktop of your partners machine.

Note: No need to do anything with the files you transferred just yet. However we will be using TFC.exe shortly, the other three we will be in due course.

Next:

The below pertains to your partners machine...

Reset Vista SP2 Firewall:

Click on Start(Vista Orb) >> Run... and cut/paste in the following and click on OK

firewall.cpl
Or via Start(Vista Orb) >> Control Panel >> Windows Firewall

Click on the Change Settings >> Advanced >> Restore Defaults >> At the prompt click on Yes >> OK

Now click back on Change Settings again >> General >> and ensure On(recommended) is selected >> Apply >> OK.

Run TFC(Temp File Cleaner):

  • Right-click TFC.exe and select Run as Administrator to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.
Note: TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

Vista Check-Disk:

Please visit this webpage and scroll down to:

METHOD ONE

Run Check Disk from within the Drive's Properties Page

Then follow the instructions through 1 - 10 and then reboot(re-start) the computer and let the Check-Disk perform its tasks. This may take some time.

Note: Please make sure you do carry out the above as it is vital!

Next:

Let myself know when you have reset the Vista Firewall, ran TFC and performed the Check Disk and we will go from there, thank you.
  • 0

Advertisements

#11
keers
Posted 28 September 2011 - 01:26 PM

keers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
bit of a problem. when i go to the windows firewall on my partners machine it says that the firewall is not turned on and i am unable to turn it on. i looked at the window on this computer and it looks nothing like the one on my partners machine. it says that it is not working on the proper/recommended settings adn when i try to start or turn the fireall on the computer beeps then tells me it cannot turn on the firewall.
now wuestion is do i still run the Fix.txt and TFC at the moment or address the firewall issue. the change settings option is not there only update the settings which i cannot due to lack of internet. viscious little circle.
any advice?
  • 0

#12
Dakeyras
Posted 28 September 2011 - 01:40 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

OK the issue with the Vista SP2 Firewall reset is probably due to malware so leave that for now and merely continue with the TFC(Temp File Cleaner) and Vista Check-Disk instructions...then let myself know when completed both.
  • 0

#13
keers
Posted 28 September 2011 - 02:18 PM

keers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
well i have done all the steps up to this point although i may do the check disk again as it only took about 20 seconds. other than that i am ready to go.
  • 0

#14
Dakeyras
Posted 28 September 2011 - 03:41 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

it only took about 20 seconds

That is extremely fast indeed and I beginning to wonder if the bad block error may be a indication of a failing hard-drive.

Anyway we can check on the status of the actual hard-drive again before proceeding any further as follows..

Check Hard Disk For Errors:

  • Open Notepad.
  • Copy and Paste everything from the Code Box below into Notepad:
@Echo off
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
del %0
  • Go to File >> Save As
  • Save File name as "Dakeyras.bat" <-- Make sure to include the quotes.
  • Change Save as Type to All Files and save the file to your Desktop.
  • It should look similar to this: Posted Image
Now right-click on the desktop Dakeyras.bat and select Run as Administrator to run the batch file. Be patient as it may take some time to complete and will self-delete when completed.

A notepad file named checkhd.txt should appear on your Desktop. Please post the contents of this file in your next reply.
  • 0

#15
keers
Posted 28 September 2011 - 04:01 PM

keers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
sorry being a bit pedantic here but save and run on my partners machine yes?
  • 0
Back to Can't Run Any Antivirus or Malware Removal Programs · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Can't Run Any Antivirus or Malware Removal Programs

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP