Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System Restore window "PC Performance & Stability analysis rep

Started by maezhou , Oct 22 2011 03:20 AM

  • This topic is locked This topic is locked

#196
Essexboy
Posted 06 December 2011 - 01:59 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi lets go for it here. Prior to losing the radio network what did you install/uninstall

On the newly infected system run the following

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

Rerun RogueKiller


  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

FINALLY

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

Advertisements

#197
maezhou
Posted 06 December 2011 - 03:29 PM

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
On the machine that lost it's wireless network connection, I think the last program that I installed was Adobe Reader. Prior to that, I installed Adobe Photoshop, Adobe Illustrator, Canon Printer.

I'll do the Roquekiller on this infected machine.
  • 0

#198
maezhou
Posted 06 December 2011 - 03:42 PM

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
Here's the RKreport.txt:

RogueKiller V6.1.12 [12/02/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Malou [Admin rights]
Mode: Remove -- Date : 12/06/2011 13:40:35

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 8 ¤¤¤
[SUSP PATH] HKLM\[...]\Run : 331BigDog ("C:\Windows\VM331_STI.EXE") -> DELETED
[SUSP PATH] HKLM\[...]\Run : Skytel ("C:\Windows\Skytel.exe") -> DELETED
[SUSP PATH] Spoon Sandbox Manager 3.31.lnk : C:\Users\Malou\AppData\Local\Spoon\3.31.2.6\Spoon-Sandbox-Native.exe -> DELETED
[SUSP PATH] Spoon Sandbox Manager 3.32.lnk : C:\Users\Malou\AppData\Local\Spoon\3.32.0.1\Spoon-Sandbox-Native.exe -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[FILEASSO] HKCU\[...]Software\Classes\.exe\shell\open\command : ("C:\Users\Malou\AppData\Local\enj.exe" -a "%1" %*) -> REPLACED ("%1" %*)
[FILE ASSO] HKCR\.exe : (ah) -> REPLACED (exefile)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[358] : unknown @ 0x8244492D -> HOOKED (\SystemRoot\System32\drivers\WRkrn.sys @ 0x82F44930)
SSDT[335] : unknown @ 0x8245352F -> HOOKED (\SystemRoot\System32\drivers\WRkrn.sys @ 0x82F448B0)
SSDT[334] : unknown @ 0x82428143 -> HOOKED (\SystemRoot\System32\drivers\WRkrn.sys @ 0x82F449B0)
SSDT[289] : unknown @ 0x824C9883 -> HOOKED (\SystemRoot\System32\drivers\WRkrn.sys @ 0x82F446A0)
SSDT[210] : unknown @ 0x824512DD -> HOOKED (\SystemRoot\System32\drivers\WRkrn.sys @ 0x82F44830)
SSDT[201] : unknown @ 0x824534FA -> HOOKED (\SystemRoot\System32\drivers\WRkrn.sys @ 0x82F44A30)
SSDT[194] : unknown @ 0x82457FA8 -> HOOKED (\SystemRoot\System32\drivers\WRkrn.sys @ 0x82F44B60)
SSDT[78] : unknown @ 0x824C8BB4 -> HOOKED (\SystemRoot\System32\drivers\WRkrn.sys @ 0x82F447A0)
SSDT[42] : unknown @ 0x823F4B43 -> HOOKED (\SystemRoot\System32\drivers\WRkrn.sys @ 0x82F44720)
S_SSDT[617] : Unknown -> HOOKED (\SystemRoot\System32\drivers\WRkrn.sys @ 0x82F45740)
S_SSDT[531] : Unknown -> HOOKED (\SystemRoot\System32\drivers\WRkrn.sys @ 0x82F389F0)
S_SSDT[504] : Unknown -> HOOKED (\SystemRoot\System32\drivers\WRkrn.sys @ 0x82F456B0)
S_SSDT[418] : Unknown -> HOOKED (\SystemRoot\System32\drivers\WRkrn.sys @ 0x82F457D0)
S_SSDT[403] : Unknown -> HOOKED (\SystemRoot\System32\drivers\WRkrn.sys @ 0x82F45B50)
S_SSDT[307] : Unknown -> HOOKED (\SystemRoot\System32\drivers\WRkrn.sys @ 0x82F45A10)
S_SSDT[301] : Unknown -> HOOKED (\SystemRoot\System32\drivers\WRkrn.sys @ 0x82F458C0)
S_SSDT[245] : Unknown -> HOOKED (\SystemRoot\System32\drivers\WRkrn.sys @ 0x82F459A0)
S_SSDT[241] : Unknown -> HOOKED (\SystemRoot\System32\drivers\WRkrn.sys @ 0x82F38930)
S_SSDT[235] : Unknown -> HOOKED (\SystemRoot\System32\drivers\WRkrn.sys @ 0x82F45A80)
S_SSDT[13] : Unknown -> HOOKED (\SystemRoot\System32\drivers\WRkrn.sys @ 0x82F45AF0)
S_SSDT[7] : Unknown -> HOOKED (\SystemRoot\System32\drivers\WRkrn.sys @ 0x82F45930)

¤¤¤ Infection : Rogue.AntiSpy-AH ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

#199
maezhou
Posted 06 December 2011 - 03:46 PM

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
Here's the RKreport.txt for the second run of RogueKiller:

RogueKiller V6.1.12 [12/02/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Malou [Admin rights]
Mode: Shortcuts HJfix -- Date : 12/06/2011 13:45:01

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1148 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 8 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 341 / Fail 0
My documents: Success 1 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 2 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 88 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

#200
maezhou
Posted 06 December 2011 - 04:41 PM

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
I'm having trouble adding a reply.
  • 0

#201
maezhou
Posted 06 December 2011 - 04:59 PM

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
OTL.txt

Sorry, I just have to attach. I'm having problem adding the whole content to the post.

OTL logfile created on: 12/6/2011 1:48:56 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Malou\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 53.10% Memory free
6.18 Gb Paging File | 4.94 Gb Available in Paging File | 79.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 230.37 Gb Total Space | 66.26 Gb Free Space | 28.76% Space Free | Partition Type: NTFS
Drive D: | 1.01 Gb Total Space | 0.92 Gb Free Space | 91.35% Space Free | Partition Type: NTFS

Computer Name: MALOU | User Name: Malou | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/06 13:46:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Malou\Desktop\OTL.exe
PRC - [2011/11/24 14:41:03 | 000,633,088 | ---- | M] (Webroot) -- C:\Program Files\Webroot\WRSA.exe
PRC - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/29 22:23:26 | 000,161,064 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/01/18 23:33:19 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
PRC - [2007/08/22 23:23:44 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/04/13 07:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/01/27 03:49:06 | 000,011,776 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe
PRC - [2005/09/12 22:30:14 | 000,057,344 | ---- | M] (O2Micro International) -- C:\Windows\System32\o2flash.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/19 12:33:59 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/11/03 16:14:04 | 000,054,272 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_01.dll
MOD - [2007/09/12 22:11:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/11/24 14:41:03 | 000,633,088 | ---- | M] (Webroot) [Auto | Running] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)
SRV - [2010/12/28 00:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/07/29 22:23:26 | 000,161,064 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2007/08/22 23:23:44 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/04/13 07:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/01/27 03:49:06 | 000,011,776 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe -- (UpdateNaviInstallService)
SRV - [2005/09/12 22:30:14 | 000,057,344 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\o2flash.exe -- (O2Flash)


========== Driver Services (SafeList) ==========

DRV - [2011/11/24 14:41:04 | 000,106,824 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\WRkrn.sys -- (WRkrn)
DRV - [2008/01/04 04:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/10/24 22:58:26 | 000,012,712 | R--- | M] (FUJITSU LIMITED) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\FJGSDisk.sys -- (FJGSDisk)
DRV - [2007/09/28 03:05:00 | 000,941,184 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vm331avs.sys -- (vm331avs)
DRV - [2007/09/12 22:17:58 | 000,755,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/08/22 21:22:08 | 001,201,312 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/08/02 21:12:18 | 000,829,696 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAVCap.sys -- (USBAVCap)
DRV - [2007/06/11 14:25:28 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007/05/11 00:56:54 | 000,035,456 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
DRV - [2007/04/24 13:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/03/01 16:53:10 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2006/11/01 02:59:24 | 000,005,632 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02e3.sys -- (FUJ02E3)
DRV - [2006/11/01 02:20:28 | 000,005,888 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2006/10/02 21:23:50 | 000,036,640 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2media.sys -- (O2MDRDR)
DRV - [2006/08/28 00:56:41 | 000,008,960 | ---- | M] (FUJITSU LIMITED) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\FBIOSDRV.SYS -- (FBIOSDRV)
DRV - [1999/11/18 00:20:00 | 000,003,872 | ---- | M] (FUJITSU LIMITED.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ADVNTDRV.SYS -- (ADVNTDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.computers.us.fujitsu.com/


IE - HKU\.DEFAULT\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-349452131-1835163080-16959665-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.computers.us.fujitsu.com/
IE - HKU\S-1-5-21-349452131-1835163080-16959665-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-349452131-1835163080-16959665-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-349452131-1835163080-16959665-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-349452131-1835163080-16959665-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-349452131-1835163080-16959665-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-349452131-1835163080-16959665-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-349452131-1835163080-16959665-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-349452131-1835163080-16959665-1000\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
IE - HKU\S-1-5-21-349452131-1835163080-16959665-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-349452131-1835163080-16959665-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@spoon.net/Spoon Plugin 3.31: C:\Users\Malou\AppData\Local\Spoon\3.31.2.6\npMozillaSpoonPlugin.dll (Code Systems Corp.)
FF - HKCU\Software\MozillaPlugins\@spoon.net/Spoon Plugin 3.32: C:\Users\Malou\AppData\Local\Spoon\3.32.0.1\npMozillaSpoonPlugin.dll (Code Systems Corp.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Malou\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Malou\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/20 20:07:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/20 20:07:12 | 000,000,000 | ---D | M]

[2008/07/11 23:57:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Malou\AppData\Roaming\Mozilla\Extensions
[2011/12/06 10:38:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Malou\AppData\Roaming\Mozilla\Firefox\Profiles\myt5jh6r.default\extensions
[2010/04/14 20:30:38 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Malou\AppData\Roaming\Mozilla\Firefox\Profiles\myt5jh6r.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/09/18 22:29:53 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Malou\AppData\Roaming\Mozilla\Firefox\Profiles\myt5jh6r.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/09/07 20:59:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Malou\AppData\Roaming\Mozilla\Firefox\Profiles\myt5jh6r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/20 16:00:00 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\Malou\AppData\Roaming\Mozilla\Firefox\Profiles\myt5jh6r.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/10/22 08:21:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Malou\AppData\Roaming\Mozilla\Firefox\Profiles\myt5jh6r.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/10/23 18:23:59 | 000,000,000 | ---D | M] (MeasureIt) -- C:\Users\Malou\AppData\Roaming\Mozilla\Firefox\Profiles\myt5jh6r.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
[2011/11/17 23:54:28 | 000,000,000 | ---D | M] (Easy YouTube Video Downloader) -- C:\Users\Malou\AppData\Roaming\Mozilla\Firefox\Profiles\myt5jh6r.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011/01/07 20:54:17 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Malou\AppData\Roaming\Mozilla\Firefox\Profiles\myt5jh6r.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/03/27 17:43:10 | 000,000,000 | ---D | M] (Pixlr Grabber) -- C:\Users\Malou\AppData\Roaming\Mozilla\Firefox\Profiles\myt5jh6r.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2011/09/18 22:29:48 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Malou\AppData\Roaming\Mozilla\Firefox\Profiles\myt5jh6r.default\extensions\[email protected]
[2010/10/22 22:38:24 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\Malou\AppData\Roaming\Mozilla\Firefox\Profiles\myt5jh6r.default\extensions\[email protected]
[2011/11/20 16:03:15 | 000,000,000 | ---D | M] (YSlow) -- C:\Users\Malou\AppData\Roaming\Mozilla\Firefox\Profiles\myt5jh6r.default\extensions\[email protected]
[2008/07/12 00:40:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Malou\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Malou\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Malou\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Malou\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: MegaUpload DownloadHelper = C:\Users\Malou\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekjckogogidfhpejjmaaekecplpdcg\1.2\
CHR - Extension: Poppit = C:\Users\Malou\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Aviary Screen Capture = C:\Users\Malou\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncgcgghbabbopfcpgcjpfffdgnbadegf\0.47.1\

Hosts file not found
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKU\S-1-5-21-349452131-1835163080-16959665-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-349452131-1835163080-16959665-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [TvOutSwitch] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-349452131-1835163080-16959665-1000..\Run: [WindowsWelcomeCenter] "C:\Windows\system32\rundll32.exe" oobefldr.dll,ShowWelcomeCenter File not found
O4 - Startup: C:\Users\Malou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Malou\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-349452131-1835163080-16959665-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-349452131-1835163080-16959665-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-349452131-1835163080-16959665-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-349452131-1835163080-16959665-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-349452131-1835163080-16959665-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-21-349452131-1835163080-16959665-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-349452131-1835163080-16959665-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-21-349452131-1835163080-16959665-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-349452131-1835163080-16959665-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-349452131-1835163080-16959665-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O8 - Extra context menu item: Add to EverNote - C:\Program Files\EverNote\EverNote\enbar.dll (EverNote Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll (EverNote Corporation)
O9 - Extra 'Tools' menuitem : Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll (EverNote Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-349452131-1835163080-16959665-1000\..Trusted Domains: globalsources.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-349452131-1835163080-16959665-1000\..Trusted Domains: google.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-349452131-1835163080-16959665-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-349452131-1835163080-16959665-1000\..Trusted Domains: youtube.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-349452131-1835163080-16959665-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://activation.rr...ads/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52C36FEA-8B97-4870-B0D3-F718E8B8CE52}: DhcpNameServer = 66.75.160.63 66.75.160.64
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B78ECC54-F96B-45FE-A8F0-4D91FDF2160F}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O30 - LSA: Security Packages - (pku2u) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-349452131-1835163080-16959665-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/06 13:46:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Malou\Desktop\OTL.exe
[2011/12/06 13:42:57 | 000,000,000 | ---D | C] -- C:\Users\Malou\Desktop\Geeks To Go reports
[2011/12/06 13:39:22 | 000,000,000 | ---D | C] -- C:\Users\Malou\Desktop\RK_Quarantine
[2011/12/05 23:02:03 | 000,796,512 | ---- | C] (SlimWare Utilities, Inc.) -- C:\Users\Malou\Desktop\DriverUpdate-setup.exe
[2011/12/05 21:49:54 | 000,000,000 | ---D | C] -- C:\Users\Malou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2011/12/05 17:32:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/28 15:20:22 | 000,000,000 | ---D | C] -- C:\Users\Malou\Desktop\Downloads
[2011/11/28 15:19:45 | 000,000,000 | ---D | C] -- C:\Downloads
[2011/11/28 15:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet
[2011/11/28 15:19:21 | 000,000,000 | ---D | C] -- C:\Users\Malou\AppData\Roaming\BitComet
[2011/11/28 15:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\BitComet
[2011/11/28 03:09:38 | 000,000,000 | R--D | C] -- C:\Users\Malou\Dropbox
[2011/11/28 03:02:40 | 000,000,000 | ---D | C] -- C:\Users\Malou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011/11/28 03:02:09 | 000,000,000 | ---D | C] -- C:\Users\Malou\AppData\Roaming\Dropbox
[2011/11/28 02:28:45 | 000,000,000 | ---D | C] -- C:\Users\Malou\Aptana Rubles
[2011/11/28 02:28:30 | 000,000,000 | ---D | C] -- C:\Users\Malou\Documents\Aptana Studio 3 Workspace
[2011/11/28 02:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Appcelerator
[2011/11/28 02:26:29 | 000,000,000 | ---D | C] -- C:\Users\Malou\AppData\Local\Aptana Studio 3
[2011/11/28 02:03:35 | 000,000,000 | ---D | C] -- C:\Users\Malou\AppData\Roaming\KompoZer
[2011/11/28 01:12:32 | 000,000,000 | ---D | C] -- C:\Users\Malou\AppData\Local\Xenocode
[2011/11/28 01:12:32 | 000,000,000 | ---D | C] -- C:\Users\Malou\AppData\Local\Spoon
[2011/11/24 14:48:28 | 000,000,000 | R--D | C] -- C:\Users\Malou\Desktop\Learning Materials
[2011/11/24 14:47:00 | 000,000,000 | R--D | C] -- C:\Users\Malou\Desktop\Workloads
[2011/11/21 22:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2011/11/20 20:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/20 20:06:43 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/11/20 11:22:21 | 000,000,000 | ---D | C] -- C:\Users\Malou\AppData\Roaming\ImgBurn
[2011/11/20 11:10:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/11/20 11:10:30 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/11/20 10:59:57 | 000,000,000 | ---D | C] -- C:\Users\Malou\AppData\Roaming\WinRAR
[2011/11/20 10:59:57 | 000,000,000 | ---D | C] -- C:\Users\Malou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/11/20 10:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/11/20 10:59:40 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/11/14 20:04:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/14 20:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/14 20:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/12 11:54:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
[2011/11/12 11:39:47 | 000,141,272 | ---- | C] (Webroot) -- C:\Windows\System32\WRusr.dll
[2011/11/12 11:39:46 | 000,106,824 | ---- | C] (Webroot) -- C:\Windows\System32\drivers\WRkrn.sys
[2011/11/12 11:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\WRData

========== Files - Modified Within 30 Days ==========

[2011/12/06 13:46:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Malou\Desktop\OTL.exe
[2011/12/06 13:43:21 | 000,111,872 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/12/06 13:39:05 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/06 13:39:05 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/06 13:33:52 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/06 13:32:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/06 13:32:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/06 13:32:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/06 13:32:05 | 3211,186,176 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/06 13:30:34 | 000,754,176 | ---- | M] () -- C:\Users\Malou\Desktop\RogueKiller.exe
[2011/12/06 10:05:16 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/05 23:02:04 | 000,796,512 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Users\Malou\Desktop\DriverUpdate-setup.exe
[2011/12/05 21:51:12 | 000,011,532 | --S- | M] () -- C:\Users\Malou\AppData\Local\8f10in7w88e156
[2011/12/05 21:51:12 | 000,011,532 | --S- | M] () -- C:\ProgramData\8f10in7w88e156
[2011/12/05 10:24:23 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/12/05 10:24:23 | 000,001,854 | ---- | M] () -- C:\Users\Malou\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/12/03 18:49:32 | 000,006,144 | ---- | M] () -- C:\Users\Malou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/29 10:42:32 | 000,031,929 | ---- | M] () -- C:\Users\Malou\Documents\2010_04_23_portal.adp.pdf
[2011/11/28 15:19:26 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\BitComet.lnk
[2011/11/28 03:09:38 | 000,000,941 | ---- | M] () -- C:\Users\Malou\Desktop\Dropbox.lnk
[2011/11/28 03:02:52 | 000,000,921 | ---- | M] () -- C:\Users\Malou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/11/28 02:27:46 | 000,000,931 | ---- | M] () -- C:\Users\Malou\Application Data\Microsoft\Internet Explorer\Quick Launch\Aptana Studio 3.lnk
[2011/11/28 02:27:46 | 000,000,929 | ---- | M] () -- C:\Users\Malou\Desktop\Aptana Studio 3.lnk
[2011/11/28 02:06:04 | 000,000,816 | ---- | M] () -- C:\Users\Malou\Desktop\kompozer.exe.lnk
[2011/11/24 14:41:04 | 000,141,272 | ---- | M] (Webroot) -- C:\Windows\System32\WRusr.dll
[2011/11/24 14:41:04 | 000,106,824 | ---- | M] (Webroot) -- C:\Windows\System32\drivers\WRkrn.sys
[2011/11/21 22:58:48 | 000,000,812 | ---- | M] () -- C:\Users\Malou\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2011/11/21 22:58:48 | 000,000,788 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2011/11/20 20:06:54 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/20 11:10:30 | 000,001,674 | ---- | M] () -- C:\Users\Malou\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/11/14 20:04:46 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2011/12/06 13:39:24 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/12/06 13:30:33 | 000,754,176 | ---- | C] () -- C:\Users\Malou\Desktop\RogueKiller.exe
[2011/12/05 19:32:23 | 000,054,784 | ---- | C] () -- C:\Windows\System32\drivers\yoxBmGEb.sys
[2011/12/05 18:02:05 | 000,011,532 | --S- | C] () -- C:\Users\Malou\AppData\Local\8f10in7w88e156
[2011/12/05 18:02:05 | 000,011,532 | --S- | C] () -- C:\ProgramData\8f10in7w88e156
[2011/11/29 10:42:32 | 000,031,929 | ---- | C] () -- C:\Users\Malou\Documents\2010_04_23_portal.adp.pdf
[2011/11/28 15:19:26 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\BitComet.lnk
[2011/11/28 03:09:38 | 000,000,941 | ---- | C] () -- C:\Users\Malou\Desktop\Dropbox.lnk
[2011/11/28 03:02:52 | 000,000,921 | ---- | C] () -- C:\Users\Malou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/11/28 02:27:46 | 000,000,931 | ---- | C] () -- C:\Users\Malou\Application Data\Microsoft\Internet Explorer\Quick Launch\Aptana Studio 3.lnk
[2011/11/28 02:27:46 | 000,000,929 | ---- | C] () -- C:\Users\Malou\Desktop\Aptana Studio 3.lnk
[2011/11/28 02:06:04 | 000,000,816 | ---- | C] () -- C:\Users\Malou\Desktop\kompozer.exe.lnk
[2011/11/21 22:58:48 | 000,000,812 | ---- | C] () -- C:\Users\Malou\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2011/11/21 22:58:48 | 000,000,788 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2011/11/20 20:06:54 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/20 11:10:30 | 000,001,674 | ---- | C] () -- C:\Users\Malou\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/11/20 11:10:30 | 000,001,662 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2011/11/14 20:04:46 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/14 19:15:15 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/03/14 19:15:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/05 13:30:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/04 22:57:43 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2008/12/04 22:57:39 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/12/04 22:57:39 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/12/04 22:57:38 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/12/04 22:57:34 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/12/04 00:05:31 | 000,000,049 | ---- | C] () -- C:\Windows\avitoiPodconverter.ini
[2008/12/04 00:00:26 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SysAVItoiPod.dat
[2008/08/16 09:56:22 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/07/11 20:08:41 | 000,006,144 | ---- | C] () -- C:\Users\Malou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/11 19:52:21 | 000,001,356 | ---- | C] () -- C:\Users\Malou\AppData\Local\d3d9caps.dat
[2007/11/26 17:28:43 | 000,122,880 | ---- | C] () -- C:\Windows\vm331Rmv.exe
[2007/11/26 17:28:43 | 000,001,126 | ---- | C] () -- C:\Windows\vm331Rmv.ini
[2007/11/26 17:28:31 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/11/26 17:28:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/11/26 17:28:19 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/11/26 17:28:19 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/11/26 17:28:19 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/11/26 17:28:14 | 000,002,088 | ---- | C] () -- C:\Windows\System32\FJSaver.ini
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,295,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002/10/15 14:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll

========== LOP Check ==========

[2011/05/01 19:15:41 | 000,000,000 | ---D | M] -- C:\Users\Malou\AppData\Roaming\AnvSoft
[2011/11/30 00:59:40 | 000,000,000 | ---D | M] -- C:\Users\Malou\AppData\Roaming\BitComet
[2008/12/06 13:18:49 | 000,000,000 | ---D | M] -- C:\Users\Malou\AppData\Roaming\BSplayer
[2008/12/04 22:14:28 | 000,000,000 | ---D | M] -- C:\Users\Malou\AppData\Roaming\BSplayer Pro
[2009/06/14 14:34:31 | 000,000,000 | ---D | M] -- C:\Users\Malou\AppData\Roaming\Canon
[2011/12/05 21:51:06 | 000,000,000 | ---D | M] -- C:\Users\Malou\AppData\Roaming\Dropbox
[2011/02/12 18:41:46 | 000,000,000 | ---D | M] -- C:\Users\Malou\AppData\Roaming\GARMIN
[2011/11/20 11:31:55 | 000,000,000 | ---D | M] -- C:\Users\Malou\AppData\Roaming\ImgBurn
[2011/11/28 02:03:36 | 000,000,000 | ---D | M] -- C:\Users\Malou\AppData\Roaming\KompoZer
[2010/10/10 17:57:59 | 000,000,000 | ---D | M] -- C:\Users\Malou\AppData\Roaming\Notepad++
[2008/08/16 09:56:16 | 000,000,000 | ---D | M] -- C:\Users\Malou\AppData\Roaming\ScanSoft
[2011/12/06 13:31:12 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/28 22:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/28 22:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 19:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/07/11 20:37:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/07/11 20:37:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 18:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 01:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/18 23:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 01:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/18 23:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/18 23:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/18 23:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/18 23:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 01:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 01:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/18 23:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = NETBT
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2009/04/10 20:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation)
"Description" = This service implements NetBios over TCP/IP.
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{52C36FEA-8B97-4870-B0D3-F718E8B8CE52}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{B78ECC54-F96B-45FE-A8F0-4D91FDF2160F}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/01/18 21:55:45 | 000,035,840 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 00 01 04 01 07 01 02 01 06 01 01 01 05 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2006/11/02 01:46:14 | 000,011,264 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< End of report >

Attached Files

  • Attached File  OTL.Txt   105.74KB   112 downloads

Edited by Essexboy, 07 December 2011 - 01:27 PM.

  • 0

#202
maezhou
Posted 06 December 2011 - 05:02 PM

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
And here's Extras.txt report.

OTL Extras logfile created on: 12/6/2011 1:48:56 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Malou\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 53.10% Memory free
6.18 Gb Paging File | 4.94 Gb Available in Paging File | 79.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 230.37 Gb Total Space | 66.26 Gb Free Space | 28.76% Space Free | Partition Type: NTFS
Drive D: | 1.01 Gb Total Space | 0.92 Gb Free Space | 91.35% Space Free | Partition Type: NTFS

Computer Name: MALOU | User Name: Malou | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-349452131-1835163080-16959665-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12C1BFC9-7091-4614-B518-57506039A3A4}" = lport=138 | protocol=17 | dir=in | app=system |
"{284677F1-7CBC-44E7-B024-2483A520CB62}" = lport=137 | protocol=17 | dir=in | app=system |
"{36FF5057-F49A-41C1-8012-0D17FBDFD166}" = rport=137 | protocol=17 | dir=out | app=system |
"{494CB9C4-798C-4040-A0B3-53D9C7C23873}" = rport=139 | protocol=6 | dir=out | app=system |
"{624F851E-074B-408C-8025-CF5B5391CAAF}" = rport=138 | protocol=17 | dir=out | app=system |
"{6A77832A-1909-42A7-824B-9C22A4B0AD93}" = lport=139 | protocol=6 | dir=in | app=system |
"{6DB94659-CE0C-4871-A02A-9495CAB48EA3}" = lport=445 | protocol=6 | dir=in | app=system |
"{A52D37A7-6D8E-4D75-8792-0C1B68D34B8B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{B8BA6036-F8A6-4E49-B2C7-7679AF3659B6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D1DA9550-7DE1-496F-B8FC-7414844B5525}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1905337D-DF2C-4D05-86C1-37A151A9C1D4}" = protocol=58 | dir=out | [email protected],-28546 |
"{246F9BD0-8D0B-4DAD-976A-62F63538839C}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{2C16AD22-ADF4-4AD7-BB26-0685AA869D0C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4203908B-BA0D-46BF-B4BF-2092156B5996}" = protocol=58 | dir=in | [email protected],-28545 |
"{44D4593C-0DC6-450D-A014-1DE7AF1CB227}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{4CF59070-E4C9-4BD7-A1B5-35BF787BBCF4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6A8C7EE7-3531-413D-8567-E95F2EBBA345}" = protocol=17 | dir=in | app=c:\users\malou\appdata\roaming\dropbox\bin\dropbox.exe |
"{6C364EA1-FA12-4678-817F-BA0DB182D684}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6E1F6438-E388-4061-8098-683CD111E46D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7923A8D0-EEFF-47CC-AE22-B2C6A30A42A4}" = protocol=1 | dir=out | [email protected],-28544 |
"{A578C7DC-0BD2-4E6B-AD1B-76E48FF25861}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{A7221AAB-A7DE-4780-8320-6FD312ED3157}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BB730FAF-BB80-4BDE-9412-F2AA957B2F28}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{E77D1BDB-93FD-42FF-94E4-0ED78D4F5CA4}" = protocol=6 | dir=in | app=c:\users\malou\appdata\roaming\dropbox\bin\dropbox.exe |
"{E87C06ED-8615-4BD0-AB25-D49DD7A85166}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F13CD61F-2127-4486-BCBB-7E67C84D83EE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F6C2B04E-46DD-47DF-BB08-9EA0F1108548}" = protocol=1 | dir=in | [email protected],-28543 |
"TCP Query User{283CFDF3-0C26-41C9-A260-045888FF5762}C:\users\malou\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\malou\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{D8207D89-9687-4D0A-8E0A-19F247D9E3AB}C:\users\malou\appdata\local\aptana studio 3\aptanastudio3.exe" = protocol=6 | dir=in | app=c:\users\malou\appdata\local\aptana studio 3\aptanastudio3.exe |
"UDP Query User{3095E10A-6CFB-45B6-8BD1-BA51EFD44E91}C:\users\malou\appdata\local\aptana studio 3\aptanastudio3.exe" = protocol=17 | dir=in | app=c:\users\malou\appdata\local\aptana studio 3\aptanastudio3.exe |
"UDP Query User{8C7F4182-0C04-41CB-8D4F-E1996FF071EA}C:\users\malou\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\malou\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C297B1-02F3-4BEE-8B57-7BCA695A41DA}" = EverNote (Trial)
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}" = Fujitsu MobilityCenter Extension Utility
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47BC37A3-35C8-484A-8CBD-851914EB095E}" = Fujitsu Driver Update
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{827517C3-9B89-458E-A8F2-96DD24BDFE29}" = Shock Sensor Utility
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = VC0331 USB2.0 Digital Camera
"{B1D89E54-08B1-4542-A69B-E634AEF10A40}" = Seagate Manager Installer
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{C1D8CEBB-BFEE-4E82-92E0-7579211F3ADF}" = Fujitsu Display Manager
"{C667F699-861A-4AB5-AC2C-A8276DCCFDA9}" = O2Micro Flash Memory Card Windows Driver
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Any Video Converter_is1" = Any Video Converter 3.2.2
"Aptana Studio 3" = Aptana Studio 3
"AskSBar Uninstall" = Ask Toolbar
"AVerMedia HC80 ExpressCard Hybrid ATSC" = AVerMedia HC80 ExpressCard Hybrid ATSC 1.3.0.71
"AVI to iPod Converter_is1" = AVI to iPod Converter 1.00
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"BitComet" = BitComet 1.30
"BSPlayerf" = BS.Player FREE
"Canon MP210 series User Registration" = Canon MP210 series User Registration
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Fujitsu A Series Retail Demo" = Fujitsu A Series Retail Demo
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImgBurn" = ImgBurn
"InstallShield_{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}" = Fujitsu MobilityCenter Extension Utility
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{827517C3-9B89-458E-A8F2-96DD24BDFE29}" = Shock Sensor Utility
"InstallShield_{B1D89E54-08B1-4542-A69B-E634AEF10A40}" = Seagate Manager Installer
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{C1D8CEBB-BFEE-4E82-92E0-7579211F3ADF}" = Fujitsu Display Manager
"InstallShield_{C667F699-861A-4AB5-AC2C-A8276DCCFDA9}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.3.4 (Full)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Notepad++" = Notepad++
"Picasa 3" = Picasa 3
"Sptnavi" = Sptnavi
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VobSub" = VobSub v2.23 (Remove Only)
"WinRAR archiver" = WinRAR 4.10 beta 3 (32-bit)
"WRUNINST" = Webroot SecureAnywhere

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-349452131-1835163080-16959665-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spoon Sandbox Manager 3.31" = Spoon Sandbox Manager 3.31
"Spoon Sandbox Manager 3.32" = Spoon Sandbox Manager 3.32

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#203
maezhou
Posted 06 December 2011 - 05:10 PM

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
And finally, here's the MBRCheck report. I didn't get the dialog which should be shown if there's an infection.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: FUJITSU
BIOS Manufacturer: FUJITSU // Phoenix Technologies Ltd.
System Manufacturer: FUJITSU
System Product Name: LifeBook A6120
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 151):
0x82209000 \SystemRoot\system32\ntkrnlpa.exe
0x825C3000 \SystemRoot\system32\hal.dll
0x80402000 \SystemRoot\system32\kdcom.dll
0x80409000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80479000 \SystemRoot\system32\PSHED.dll
0x8048A000 \SystemRoot\system32\BOOTVID.dll
0x80492000 \SystemRoot\system32\CLFS.SYS
0x804D3000 \SystemRoot\system32\CI.dll
0x8060E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8068A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80697000 \SystemRoot\system32\drivers\acpi.sys
0x806DD000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E6000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EE000 \SystemRoot\system32\drivers\pci.sys
0x80715000 \SystemRoot\System32\drivers\partmgr.sys
0x80724000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80727000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80731000 \SystemRoot\system32\drivers\volmgr.sys
0x80740000 \SystemRoot\System32\drivers\volmgrx.sys
0x8078A000 \SystemRoot\system32\drivers\intelide.sys
0x80791000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8079F000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x807CC000 \SystemRoot\System32\drivers\mountmgr.sys
0x82C0C000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x82CCA000 \SystemRoot\system32\drivers\atapi.sys
0x82CD2000 \SystemRoot\system32\drivers\ataport.SYS
0x82CF0000 \SystemRoot\system32\DRIVERS\o2sd.sys
0x82CF9000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x82D1F000 \SystemRoot\system32\DRIVERS\o2media.sys
0x82D28000 \SystemRoot\system32\drivers\fltmgr.sys
0x82D5A000 \SystemRoot\system32\drivers\fileinfo.sys
0x82D6A000 \SystemRoot\System32\drivers\WRkrn.sys
0x82D87000 \SystemRoot\System32\drivers\msrpc.sys
0x82DB2000 \SystemRoot\System32\drivers\NETIO.SYS
0x82E0D000 \SystemRoot\System32\drivers\NDIS.SYS
0x82F18000 \SystemRoot\System32\drivers\TDI.SYS
0x82F23000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82F2C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A602000 \SystemRoot\System32\drivers\tcpip.sys
0x8A6EC000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A707000 \SystemRoot\system32\drivers\FBIOSDRV.SYS
0x8A802000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A912000 \SystemRoot\system32\drivers\volsnap.sys
0x8A94B000 \SystemRoot\System32\Drivers\spldr.sys
0x8A953000 \SystemRoot\System32\Drivers\mup.sys
0x8A962000 \SystemRoot\System32\drivers\ecache.sys
0x8A989000 \SystemRoot\system32\DRIVERS\FJGSDisk.sys
0x8A98B000 \SystemRoot\system32\drivers\disk.sys
0x8A99C000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A9BD000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A9D3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A9DE000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A9E7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8F006000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8F63D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F6DD000 \SystemRoot\System32\drivers\watchdog.sys
0x8F6E9000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8F6F4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F732000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F741000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x82F9D000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8F805000 \SystemRoot\system32\DRIVERS\athr.sys
0x8F8C4000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8F8D4000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8F8E2000 \SystemRoot\system32\DRIVERS\FUJ02B1.sys
0x8F8FC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F90F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F91A000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8F947000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F949000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F954000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F96C000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8F972000 \SystemRoot\system32\DRIVERS\FUJ02E3.sys
0x8F974000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F978000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F9A7000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F9E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F7CE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F7D9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8A7C8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8A7D7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8A7EB000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x82FE5000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F800000 \SystemRoot\system32\DRIVERS\swenum.sys
0x805B3000 \SystemRoot\system32\DRIVERS\ks.sys
0x8A9F6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x82E00000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8FE08000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8FE3D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9000C000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8FE4E000 \SystemRoot\system32\drivers\portcls.sys
0x8FE7B000 \SystemRoot\system32\drivers\drmk.sys
0x8FEA0000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x901EA000 \SystemRoot\system32\drivers\modem.sys
0x901F7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90000000 \SystemRoot\System32\Drivers\Null.SYS
0x8FFC6000 \SystemRoot\System32\Drivers\Beep.SYS
0x8FFCD000 \SystemRoot\System32\drivers\vga.sys
0x8FFD9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FE00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x82FF5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x82DED000 \SystemRoot\System32\Drivers\Msfs.SYS
0x807DC000 \SystemRoot\System32\Drivers\Npfs.SYS
0x82C00000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x807EA000 \SystemRoot\system32\DRIVERS\tdx.sys
0x805DD000 \SystemRoot\system32\DRIVERS\smb.sys
0x90400000 \SystemRoot\system32\drivers\afd.sys
0x90448000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9047A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90490000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9049E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x904B1000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x904ED000 \SystemRoot\system32\drivers\nsiproxy.sys
0x904F7000 \SystemRoot\System32\Drivers\dfsc.sys
0x9050E000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9051B000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x905D9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9240D000 \SystemRoot\System32\Drivers\vm331avs.sys
0x924F3000 \SystemRoot\System32\Drivers\STREAM.SYS
0x92500000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x92509000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x92519000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x92520000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x92880000 \SystemRoot\System32\win32k.sys
0x92528000 \SystemRoot\System32\drivers\Dxapi.sys
0x92532000 \SystemRoot\system32\DRIVERS\monitor.sys
0x92AA0000 \SystemRoot\System32\TSDDD.dll
0x92AC0000 \SystemRoot\System32\cdd.dll
0x92541000 \SystemRoot\system32\drivers\luafv.sys
0x8A70A000 \SystemRoot\system32\drivers\spsys.sys
0x92564000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x92574000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9259E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x925A8000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xABE05000 \SystemRoot\system32\drivers\HTTP.sys
0xABE72000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xABE8F000 \SystemRoot\system32\DRIVERS\bowser.sys
0xABEA8000 \SystemRoot\system32\drivers\mrxdav.sys
0xABEC9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xABEE8000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xABF21000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xABF39000 \SystemRoot\System32\DRIVERS\srv2.sys
0xABF61000 \SystemRoot\System32\DRIVERS\srv.sys
0xAD402000 \SystemRoot\system32\drivers\peauth.sys
0xAD4E0000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAD4EA000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAD4F6000 \SystemRoot\system32\drivers\tdtcp.sys
0xAD501000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xAD50D000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xAD540000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x76ED0000 \Windows\System32\ntdll.dll

Processes (total 70):
0 System Idle Process
4 System
572 C:\Windows\System32\smss.exe
640 csrss.exe
684 C:\Windows\System32\wininit.exe
696 csrss.exe
728 C:\Windows\System32\services.exe
744 C:\Windows\System32\lsass.exe
756 C:\Windows\System32\lsm.exe
828 C:\Windows\System32\winlogon.exe
940 C:\Windows\System32\svchost.exe
980 C:\Program Files\Webroot\WRSA.exe
1012 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1152 C:\Windows\System32\svchost.exe
1164 C:\Windows\System32\svchost.exe
1364 C:\Windows\System32\audiodg.exe
1412 C:\Windows\System32\svchost.exe
1436 C:\Windows\System32\SLsvc.exe
1468 C:\Windows\System32\svchost.exe
1636 C:\Windows\System32\svchost.exe
1888 C:\Windows\System32\spoolsv.exe
424 C:\Windows\System32\agrsmsvc.exe
516 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
608 C:\Program Files\Bonjour\mDNSResponder.exe
628 C:\Windows\System32\svchost.exe
748 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
1400 C:\Program Files\Canon\IJPLM\ijplmsvc.exe
124 C:\Program Files\Nero\Update\NASvc.exe
2004 C:\Windows\System32\o2flash.exe
600 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2072 C:\Windows\System32\svchost.exe
2104 C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe
2152 C:\Windows\System32\svchost.exe
2176 C:\Windows\System32\SearchIndexer.exe
2892 C:\Windows\System32\taskeng.exe
3024 C:\Windows\System32\dwm.exe
3064 C:\Windows\System32\taskeng.exe
3088 C:\Program Files\Webroot\WRSA.exe
3460 C:\Windows\explorer.exe
3556 C:\Windows\System32\hkcmd.exe
3564 C:\Windows\System32\igfxpers.exe
3576 C:\Windows\RtHDVCpl.exe
3744 C:\Windows\System32\igfxsrvc.exe
3828 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3020 C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
3700 C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
3692 C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
3660 C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
3792 C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
3672 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
3932 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
3732 C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe
2288 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
3548 C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
3612 C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
4056 C:\Program Files\iTunes\iTunesHelper.exe
3532 C:\Program Files\Windows Sidebar\sidebar.exe
2340 C:\Users\Malou\AppData\Local\Google\Update\GoogleUpdate.exe
2464 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2408 C:\Program Files\Windows Media Player\wmpnscfg.exe
1488 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
2568 C:\Users\Malou\AppData\Roaming\Dropbox\bin\Dropbox.exe
1104 C:\Program Files\Windows Media Player\wmpnetwk.exe
2248 C:\Program Files\iPod\bin\iPodService.exe
1540 C:\Windows\System32\svchost.exe
4736 C:\Windows\System32\PING.EXE
4380 dllhost.exe
4264 dllhost.exe
2436 C:\Users\Malou\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`60100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000039`f7e00000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHY2250BH, Rev: 0000000C

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
  • 0

#204
maezhou
Posted 07 December 2011 - 02:16 AM

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
I raised a ticket to Webroot tech support because the Webroot scan result detected a malware threat but it can't automatically remove it. Their tech support asked me to download and run TDSS Killer. So I did, and it removed the malware threat.

But the effects of the malware are still on my machine. Good thing is I can now open softwares without any issues. But the Windows Security Center is still having problems.

I can't turn my Firewall ON, If I try to change the Windows Firewall settings, I'm getting this popup error: "Windows Firewall was not able to make the requested updates"

I can't click on Windows Defender. If I click on it, I'm getting this popup error: "Application failed to initialize: 0x80070006. The handle is invalid."

On the Security Essentials, if I try to turn ON the Security Center, i'm getting this popup error: "The Security Center Service cannot be started"

So the machine now is very vulnerable to hacks, virus, malwares and other security issues.
  • 0

#205
Essexboy
Posted 07 December 2011 - 01:32 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You will need a bit more than TDSSKiller to remove this one... I will go for the main infection now and tidy up afterwards.

On the other computer when you uninstalled Norton did you use the removal tool, or do it via windows ?

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

Advertisements

#206
maezhou
Posted 07 December 2011 - 07:05 PM

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
On the other computer which lost its wireless connection, I unistalled Norton using Windows' unistall or change program.
  • 0

#207
maezhou
Posted 08 December 2011 - 12:39 AM

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
Here's the ComboFix.TXT log report:

ComboFix 11-12-06.02 - Malou 12/07/2011 22:25:06.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.2290 [GMT -8:00]
Running from: c:\users\Malou\Desktop\ComboFix.exe
AV: Webroot SecureAnywhere *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
SP: Webroot SecureAnywhere *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB49023$
c:\windows\$NtUninstallKB49023$\428254969\@
c:\windows\$NtUninstallKB49023$\428254969\bckfg.tmp
c:\windows\$NtUninstallKB49023$\428254969\cfg.ini
c:\windows\$NtUninstallKB49023$\428254969\Desktop.ini
c:\windows\$NtUninstallKB49023$\428254969\keywords
c:\windows\$NtUninstallKB49023$\428254969\kwrd.dll
c:\windows\$NtUninstallKB49023$\428254969\L\qnbwvoto
c:\windows\$NtUninstallKB49023$\428254969\lsflt7.ver
c:\windows\$NtUninstallKB49023$\428254969\U\00000001.@
c:\windows\$NtUninstallKB49023$\428254969\U\00000002.@
c:\windows\$NtUninstallKB49023$\428254969\U\00000004.@
c:\windows\$NtUninstallKB49023$\428254969\U\80000000.@
c:\windows\$NtUninstallKB49023$\428254969\U\80000004.@
c:\windows\$NtUninstallKB49023$\428254969\U\80000032.@
c:\windows\$NtUninstallKB49023$\80173418
.
.
((((((((((((((((((((((((( Files Created from 2011-11-08 to 2011-12-08 )))))))))))))))))))))))))))))))
.
.
2011-12-08 06:32 . 2011-12-08 06:33 -------- d-----w- c:\users\Malou\AppData\Local\temp
2011-12-08 06:32 . 2011-12-08 06:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-06 21:39 . 2011-12-06 21:43 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-12-06 21:30 . 2008-01-19 05:49 54784 ----a-w- c:\windows\system32\drivers\ZqwfQVKo.sys
2011-12-06 06:13 . 2008-01-19 05:49 54784 ----a-w- c:\windows\system32\drivers\UKodGGqZ.sys
2011-12-06 05:15 . 2008-01-19 05:49 54784 ----a-w- c:\windows\system32\drivers\VqvKsANa.sys
2011-12-06 05:05 . 2008-01-19 05:49 54784 ----a-w- c:\windows\system32\drivers\FyhXXVyr.sys
2011-12-06 03:32 . 2008-01-19 05:49 54784 ----a-w- c:\windows\system32\drivers\yoxBmGEb.sys
2011-12-06 02:16 . 2008-01-19 05:49 54784 ----a-w- c:\windows\system32\drivers\plOIMgMT.sys
2011-12-02 20:59 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A81B031-65A4-46CB-B019-2A3D909DD11E}\mpengine.dll
2011-11-28 23:19 . 2011-11-28 23:19 -------- d-----w- C:\Downloads
2011-11-28 23:19 . 2011-11-30 08:59 -------- d-----w- c:\users\Malou\AppData\Roaming\BitComet
2011-11-28 23:19 . 2011-11-28 23:19 -------- d-----w- c:\program files\BitComet
2011-11-28 11:09 . 2011-12-08 04:53 -------- d-----r- c:\users\Malou\Dropbox
2011-11-28 11:02 . 2011-12-08 04:53 -------- d-----w- c:\users\Malou\AppData\Roaming\Dropbox
2011-11-28 10:28 . 2011-11-28 10:28 -------- d-----w- c:\users\Malou\Aptana Rubles
2011-11-28 10:26 . 2011-11-29 01:07 -------- d-----w- c:\users\Malou\AppData\Local\Aptana Studio 3
2011-11-28 10:03 . 2011-11-28 10:03 -------- d-----w- c:\users\Malou\AppData\Roaming\KompoZer
2011-11-28 09:12 . 2011-12-04 02:30 -------- d-----w- c:\users\Malou\AppData\Local\Spoon
2011-11-28 09:12 . 2011-11-28 09:12 -------- d-----w- c:\users\Malou\AppData\Local\Xenocode
2011-11-20 19:22 . 2011-11-20 19:31 -------- d-----w- c:\users\Malou\AppData\Roaming\ImgBurn
2011-11-20 19:10 . 2011-11-20 19:10 -------- d-----w- c:\program files\ImgBurn
2011-11-15 04:03 . 2011-11-15 04:03 -------- d-----w- c:\program files\iPod
2011-11-15 04:03 . 2011-11-15 04:04 -------- d-----w- c:\program files\iTunes
2011-11-12 19:39 . 2011-12-07 18:18 141272 ----a-w- c:\windows\system32\WRusr.dll
2011-11-12 19:39 . 2011-12-07 18:18 107336 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2011-11-12 19:39 . 2011-12-08 04:59 -------- d-----w- c:\programdata\WRData
2011-11-08 20:30 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-08 20:30 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-08 20:30 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-07 07:24 . 2009-04-24 04:21 54784 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-11-18 07:53 . 2011-05-17 03:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 22:29 . 2011-10-24 22:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 22:29 . 2011-10-24 22:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-06-13 17:03 . 2009-12-20 05:14 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-07-12 66912]
.
[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-07-12 06:26 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Malou\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Malou\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Malou\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-23 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-21 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-21 129560]
"RtHDVCpl"="c:\windows\RtHDVCpl.exe" [2007-09-19 4702208]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-15 894512]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2007-02-10 97072]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2007-06-13 84784]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2006-11-26 260912]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2006-11-13 68400]
"TvOutSwitch"="c:\program files\Fujitsu\DispSwitch\DispSwitchLauncher.exe" [2007-10-01 106496]
"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2007-12-14 193832]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-13 30192]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\updatenv.exe" [2007-02-05 167936]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-30 177448]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 47904]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2011-12-07 637208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Malou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Malou\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-22 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-29 135664]
R3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-13 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-29 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 USBAVCap;AVerMedia USB TV Tuner Device;c:\windows\system32\drivers\USBAVCap.sys [2007-08-03 829696]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 FBIOSDRV;FBIOSDRV;c:\windows\system32\drivers\FBIOSDRV.SYS [2006-08-28 8960]
S0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\DRIVERS\FJGSDisk.sys [2007-10-25 12712]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2006-10-03 36640]
S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2007-05-11 35456]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [2011-12-07 107336]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-07-30 161064]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\fjdvrupd\updnvsrv.exe [2007-01-27 11776]
S2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2011-12-07 637208]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 5632]
S3 vm331avs;VC0334 USB2.0 Digital Camera;c:\windows\system32\Drivers\vm331avs.sys [2007-09-28 941184]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-29 06:15]
.
2011-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-29 06:15]
.
2011-10-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-349452131-1835163080-16959665-1000Core1cc92becb27020.job
- c:\users\Malou\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-17 06:16]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to EverNote - c:\program files\EverNote\EverNote\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: globalsources.com\www
Trusted Zone: google.com
Trusted Zone: youtube.com\www
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Malou\AppData\Roaming\Mozilla\Firefox\Profiles\myt5jh6r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Firebug: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: 1-Click YouTube Video Downloader: [email protected] - %profile%\extensions\[email protected]
FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Pixlr Grabber: {d47a9f51-8281-43fa-f450-f28ef8735e9a} - %profile%\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
FF - Ext: YSlow: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
------- File Associations -------
.
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-71147178.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-07 22:33
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"=hex:51,66,7a,6c,4c,1d,38,12,57,b1,c7,
f4,79,94,c1,08,fe,f2,9c,ae,4c,6f,e0,be
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{0579B4B1-0293-4D73-B02D-5EBB0BA0F0A2}"=hex:51,66,7a,6c,4c,1d,38,12,df,b7,6a,
01,a1,4c,1d,08,cf,3b,1d,fb,0e,fe,b4,b6
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,
02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{F0D4B231-DA4B-4DAF-81E4-DFEE4931A4AA}"=hex:51,66,7a,6c,4c,1d,38,12,5f,b1,c7,
f4,79,94,c1,08,fe,f2,9c,ae,4c,6f,e0,be
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:58,ad,7a,ac,81,ee,cb,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-12-07 22:35:44
ComboFix-quarantined-files.txt 2011-12-08 06:35
.
Pre-Run: 67,693,285,376 bytes free
Post-Run: 68,690,640,896 bytes free
.
- - End Of File - - FC9A9C1189621A5180032C14C426F723
  • 0

#208
maezhou
Posted 08 December 2011 - 02:41 AM

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
I'm still having problem with Security settings. Please see screenshots below for Windows Firewall and Windows Defender errors that i'm getting.

WINDOWS FIREWALL:
If I go to Control Panel > Security > Windows Firewall -- and tried to click on the "Turn Windows Firewall on or off" link from the left column, I'm getting this error:
WindowsFirewall_left_TurnWindowsFirewall_error.jpg

If I go to Control Panel > Security > Security Center > Firewall -- and click on "Turn on now" for Windows Firewall, I'm getting this error:
WindowsSecurityCenter_SecurityEssentials_FirewallTurnOnNow_error.jpg

If I go to Control Panel > Security > Security Center > Firewall -- and click on "Update setting now", i'm getting this error:
WindowsFirewall_updateSettings_error.jpg

WINDOWS DEFENDER:
If I go to Control Panel > Security -- and click on "Windows Defender", i'm getting this error:
ControlPanel_Security_WindowsDefender_error.jpg

If I go to Control Panel > Security > Security Center > Malware Protection -- trying to turn this on gives me this options (I HAVE A QUESTION, IS IT BETTER TO TURN ON WINDOWS DEFENDER OR USE WEBROOT SECUREANYWHERE?):
WindowsSecurityCenter_WindowsDefender_TurnOn_ChooseAntispyware.jpg

If I choose Windows Defender from the selection, i'm getting this error:
WindowsSecurityCenter_WindowsDefender_TurnOnWindowsDefender_error.jpg


Other than these errors, all's fine.
  • 0

#209
Essexboy
Posted 08 December 2011 - 01:56 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK for the Norton removal download and run the uninstall tool from here

Back to the sick one now - on completion of this we will look at the firewall/defender problem

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\drivers\ZqwfQVKo.sys
c:\windows\system32\drivers\UKodGGqZ.sys
c:\windows\system32\drivers\VqvKsANa.sys
c:\windows\system32\drivers\FyhXXVyr.sys
c:\windows\system32\drivers\yoxBmGEb.sys
c:\windows\system32\drivers\plOIMgMT.sys


Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#210
maezhou
Posted 08 December 2011 - 03:53 PM

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
I've successfully run the Norton Removal Tool. Then restart the machine.
The wireless connection is still not working. Do I still need to do anything?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP