Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HELP! Malware Bytes!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HELP! Malware Bytes!

Unread postby Sinnamon » November 14th, 2012, 11:08 pm

description: I typically use Firefox but it has ceased to work. I can enter a topic and ask it to "Search" but it always brings up a message box that says it cannot connect to the server. When I try to use Internet Explorer I get some funky search engine called "33" If I try to get GOOGLE what comes up appears to be Chinese....all Chinese Characters....plus the computer is slow and I get the "BLUE SCREEN OF DEATH" quite often ..........


DDS (Ver_2012-11-07.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 1.6.0_22
Run by Suska at 20:33:38 on 2012-11-14
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.2875 [GMT -6:00]
.
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.33searchengines.com/?opts=yes&hp=92
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized
uRun: [Steam] "C:\Program Files (x86)\Steam1\Steam.exe" -silent
uRun: [ctfmon.exe] C:\Windows\System32\ctfmon.exe
uRun: [1336253764] C:\Users\Suska\AppData\Local\Temp\tmph3630922692156204336.tmp
uRun: [cftmon] C:\Users\Suska\AppData\Roaming\zmxqc.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun
mRun: [BrStsMon00] "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\Suska\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{FB244765-CDC9-469F-AB75-8073BB01A8C1} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [SysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Suska\AppData\Roaming\Mozilla\Firefox\Profiles\rwdof8pi.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Users\Suska\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2010-2-20 218056]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-1-24 60928]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_5d1a7764\AESTSr64.exe [2008-11-11 86016]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2009-7-18 108289]
S2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2009-7-18 185089]
S2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2009-7-18 74880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2008-3-18 23040]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-5-1 652872]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
S2 Recovery Service for Windows;Recovery Service for Windows;C:\Windows\SMINST\BLService.exe [2008-6-10 341328]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2008-12-25 24652]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-10-15 245760]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2008-4-11 125328]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-2-18 23152]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [2010-2-20 365280]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [2010-2-20 1141712]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-26 89920]
S4 pctgntdi;pctgntdi;C:\Windows\System32\drivers\pctgntdi64.sys [2010-2-20 306648]
S4 pctplsg;pctplsg;C:\Windows\System32\drivers\pctplsg64.sys [2010-2-20 92896]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-11-15 01:33:24 66395536 ----a-w- C:\Windows\System32\mrt.exe
2012-10-10 08:47:58 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 08:47:58 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-04 03:03:05 17811968 ----a-w- C:\Windows\System32\mshtml.dll
2012-10-04 02:24:36 10925568 ----a-w- C:\Windows\System32\ieframe.dll
2012-10-04 02:18:45 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-04 02:12:16 1346048 ----a-w- C:\Windows\System32\urlmon.dll
2012-10-04 02:11:22 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-04 02:10:43 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-04 02:10:19 237056 ----a-w- C:\Windows\System32\url.dll
2012-10-04 02:08:50 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2012-10-04 02:07:11 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-04 02:07:01 816640 ----a-w- C:\Windows\System32\jscript.dll
2012-10-04 02:06:55 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-04 02:05:40 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2012-10-04 02:04:55 2144768 ----a-w- C:\Windows\System32\iertutil.dll
2012-10-04 02:03:48 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2012-10-04 02:03:26 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-04 01:59:12 248320 ----a-w- C:\Windows\System32\ieui.dll
2012-10-03 23:00:04 12320768 ----a-w- C:\Windows\SysWow64\mshtml.dll
2012-10-03 22:35:48 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
2012-10-03 22:30:48 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-03 22:22:51 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
2012-10-03 22:21:58 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-03 22:21:57 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-03 22:20:53 231936 ----a-w- C:\Windows\SysWow64\url.dll
2012-10-03 22:19:28 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2012-10-03 22:18:27 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-03 22:18:10 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2012-10-03 22:18:01 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-03 22:16:41 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2012-10-03 22:16:03 1793024 ----a-w- C:\Windows\SysWow64\iertutil.dll
2012-10-03 22:15:16 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2012-10-03 22:14:47 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 22:11:09 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2012-09-13 13:45:46 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-13 13:28:08 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-24 16:07:02 218624 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 15:53:29 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
.
============= FINISH: 20:35:40.66 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/11/2008 4:24:59 PM
System Uptime: 11/14/2012 7:42:33 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 30FC
Processor: AMD Turion(tm) X2 Dual-Core Mobile RM-72 | Socket M2/S1G1 | 2099/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 133.765 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.836 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Consumer IR Devices
Device ID: ROOT\SYSTEM\0001
Manufacturer: Microsoft
Name: Consumer IR Devices
PNP Device ID: ROOT\SYSTEM\0001
Service: circlass
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0
Agere Systems HDA Modem
Analyst's TurtleFarm 1.0.5
Atheros Driver Installation Program
ATI Catalyst Install Manager
Avira AntiVir Personal - Free Antivirus
Brother MFL-Pro Suite MFC-J615W
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CyberLink YouCam
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Free YouTube to MP3 Converter version 3.11.24.608
Google Chrome
Google Update Helper
High-Definition Video Playback 10
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Doc Viewer
HP MULTIPLE MODEM INSTALLER for VISTA
HP QuickPlay 3.7
HP Update
HP User Guides 0103
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPTCSSetup
IDT Audio
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 5
JMicron JMB38X Flash Media Controller
K-Lite Codec Pack 6.3.0 (Basic)
LabelPrint
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
PowerDirector
ProtectSmart Hard Drive Protection
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Skins
Skype Toolbars
Skype™ 5.10
Slingbox Flash Tour
SlingPlayer
Spyware Doctor 7.0
Steam
Synaptics Pointing Device Driver
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2009 wwiiper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax 2011 wwiiper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Viewpoint Media Player
VLC media player 2.0.1
Yahoo! BrowserPlus 2.9.8
Yahoo! Detect
Yahoo! Toolbar
.
==== End Of File ===========================
Sinnamon
Active Member
 
Posts: 12
Joined: November 14th, 2012, 10:18 pm
Advertisement
Register to Remove

Re: HELP! Malware Bytes!

Unread postby askey127 » November 15th, 2012, 1:11 pm

Hi Sinnamon,
There are multiple outdated antivirus programs on the machine.
This actually will reduce your protection.

Since you already show signs of unwanted software on your machine, I would offload all that Tax information to flash, CDs or DVDs NOW

-----------------------------------------------------------
Download the Microsoft Security Essentials Installer
The download is here: http://www.microsoft.com/security_essentials/
Save it to your desktop, but don't run it yet.

------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Adobe Reader 9.5.0
Avira AntiVir Personal - Free Antivirus
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 5
Spyware Doctor 7.0

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------------------
Install Microsoft Security Essentials
Double Click the icon for the Microsoft Security Essentials installer.
Let it install, update itself, run a scan and delete anything it finds.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Right click the OTL icon and choose "Run as administrator" to run it.
  • Check the box at the top, labeled Include 64 bit scans
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

Let me know how it goes.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: HELP! Malware Bytes!

Unread postby Sinnamon » November 17th, 2012, 8:43 pm

I still get the "blue screen of death". Also, Mozilla is worthless as it cannot "connect to server". I was able to uninstall the suggested programs with ONE EXCEPTION--> Java Auto Updater as I do not "see" it among the list of programs. I get "pop-up's" that give me error messages. EXAMPLES: "Module to process WiFi messages has stopped working . Windows will close the program." EXAMPLE 2: "Catalyst Control Centre Host Application has stopped working. Windows will close the program and notify you if a solution is available." These pop-up error messages occur at start-up and repeatedly pop up. I have this funky browser "33 Search Engines" and was not able to open that in normal operating mode only in SAFE mode.

OTL logfile created on: 11/17/2012 5:58:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Suska\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.97 Gb Available Physical Memory | 79.38% Memory free
7.68 Gb Paging File | 7.03 Gb Available in Paging File | 91.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.24 Gb Total Space | 177.77 Gb Free Space | 61.89% Space Free | Partition Type: NTFS
Drive D: | 10.85 Gb Total Space | 1.84 Gb Free Space | 16.93% Space Free | Partition Type: NTFS

Computer Name: SUSKA-PC | User Name: Suska | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/17 17:54:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Suska\Downloads\OTL (1).exe
PRC - [2009/10/09 15:56:13 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/10/09 15:56:13 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/10/09 15:56:13 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2008/05/08 16:13:28 | 000,874,496 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/04/15 12:18:44 | 000,246,272 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_5d1a7764\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/03/18 18:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Stopped] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/02/12 14:05:54 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_5d1a7764\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 14:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2012/10/10 02:47:59 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/03/26 16:26:56 | 000,341,328 | ---- | M] () [Auto | Stopped] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/29 07:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/05/08 19:02:12 | 004,262,400 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/04/28 03:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2008/04/27 13:09:18 | 001,133,568 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/04/15 12:19:56 | 000,453,120 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/04/11 11:56:28 | 000,125,328 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/03/27 14:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 14:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/02/29 17:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/02/14 08:56:14 | 000,160,768 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/01/24 07:24:24 | 000,060,928 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/01/20 20:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 20:46:57 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008/01/20 20:46:57 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 20:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 20:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/18 05:31:30 | 000,320,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/06/18 18:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/09 20:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV:64bit: - [2006/10/06 20:13:22 | 000,550,912 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {082B798D-EF31-4888-8363-E0D7501C3275}
IE:64bit: - HKLM\..\SearchScopes\{082B798D-EF31-4888-8363-E0D7501C3275}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb
IE:64bit: - HKLM\..\SearchScopes\{504A59D3-15A3-4724-AAE1-6F7AF7651835}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {082B798D-EF31-4888-8363-E0D7501C3275}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{082B798D-EF31-4888-8363-E0D7501C3275}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb
IE - HKLM\..\SearchScopes\{504A59D3-15A3-4724-AAE1-6F7AF7651835}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-919466413-2021914507-2831054707-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKU\S-1-5-21-919466413-2021914507-2831054707-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.33searchengines.com/?opts=yes&hp=92
IE - HKU\S-1-5-21-919466413-2021914507-2831054707-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-919466413-2021914507-2831054707-1000\..\SearchScopes,DefaultScope = {082B798D-EF31-4888-8363-E0D7501C3275}
IE - HKU\S-1-5-21-919466413-2021914507-2831054707-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-919466413-2021914507-2831054707-1000\..\SearchScopes\{082B798D-EF31-4888-8363-E0D7501C3275}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb
IE - HKU\S-1-5-21-919466413-2021914507-2831054707-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_US
IE - HKU\S-1-5-21-919466413-2021914507-2831054707-1000\..\SearchScopes\{504A59D3-15A3-4724-AAE1-6F7AF7651835}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-919466413-2021914507-2831054707-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {BE7CA65E-E313-457C-A96D-21A4812C2683}:1.9.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Suska\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/14 19:10:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{BE7CA65E-E313-457C-A96D-21A4812C2683}: C:\Users\Suska\AppData\Local\{BE7CA65E-E313-457C-A96D-21A4812C2683}\ [2011/12/08 00:56:51 | 000,000,000 | ---D | M]

[2011/04/03 21:50:50 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Suska\AppData\Roaming\Mozilla\Extensions
[2012/11/14 22:45:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Suska\AppData\Roaming\Mozilla\Firefox\Profiles\rwdof8pi.default\extensions
[2012/06/19 18:10:10 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Suska\AppData\Roaming\Mozilla\Firefox\Profiles\rwdof8pi.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/11/15 21:46:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/08 00:56:51 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\SUSKA\APPDATA\LOCAL\{BE7CA65E-E313-457C-A96D-21A4812C2683}
[2009/09/04 02:00:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/09/06 21:26:42 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - Extension: YouTube = C:\Users\Suska\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Suska\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\Suska\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-919466413-2021914507-2831054707-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-919466413-2021914507-2831054707-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-919466413-2021914507-2831054707-1000..\Run: [1336253764] C:\Users\Suska\AppData\Local\Temp\tmph3630922692156204336.tmp File not found
O4 - HKU\S-1-5-21-919466413-2021914507-2831054707-1000..\Run: [cftmon] C:\Users\Suska\AppData\Roaming\zmxqc.exe File not found
O4 - HKU\S-1-5-21-919466413-2021914507-2831054707-1000..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
O4 - HKU\S-1-5-21-919466413-2021914507-2831054707-1000..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-919466413-2021914507-2831054707-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Suska\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Suska\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-919466413-2021914507-2831054707-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB244765-CDC9-469F-AB75-8073BB01A8C1}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-919466413-2021914507-2831054707-1000..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-919466413-2021914507-2831054707-1000\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/17 17:16:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2012/11/15 22:45:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/11/15 22:44:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/11/15 22:43:12 | 000,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/11/15 20:56:21 | 000,000,000 | ---D | C] -- C:\Users\Suska\Desktop\microsft security
[2012/11/14 22:02:57 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/14 22:02:57 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/14 21:26:16 | 000,000,000 | ---D | C] -- C:\Users\Suska\Desktop\DDS TXT
[2012/11/14 19:32:16 | 000,000,000 | ---D | C] -- C:\bb6602fa9454de0e9c5101a6
[2012/11/14 19:24:20 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/11/14 19:24:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/14 19:24:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/11/14 19:24:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/14 19:24:15 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/11/14 19:24:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/11/14 19:24:13 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/11/14 19:24:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/14 19:24:11 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/11/14 19:24:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/11/14 19:24:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/11/14 19:24:11 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/11/14 19:24:09 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/11/14 19:24:09 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/11/14 19:24:08 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/11/08 21:12:10 | 000,000,000 | ---D | C] -- C:\Users\Suska\Desktop\cheer
[2012/10/26 22:10:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox(69)
[2012/10/23 18:13:42 | 000,000,000 | ---D | C] -- C:\Users\Suska\Desktop\samsung fotos
[2011/10/16 09:29:15 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Users\Suska\taskmgr.exe
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/17 17:15:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/17 16:59:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/17 16:46:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/17 16:00:46 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/17 03:06:12 | 000,735,548 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/17 03:06:12 | 000,616,920 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/17 03:06:12 | 000,108,392 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/17 03:00:16 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/17 03:00:16 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/16 23:03:50 | 000,000,273 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/11/16 23:01:28 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/11/16 21:43:31 | 580,449,631 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/15 23:44:01 | 000,415,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/15 22:46:01 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/11/15 03:05:05 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/14 19:40:35 | 000,031,232 | ---- | M] () -- C:\Users\Suska\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/12 16:10:45 | 000,008,420 | ---- | M] () -- C:\Users\Suska\AppData\Local\d3d9caps64.dat
[2012/10/31 13:51:06 | 1176,881,238 | ---- | M] () -- C:\Users\Suska\Desktop\Brave.2012.R5.DVDRip.XViD.LiNE-UNiQUE.avi
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/15 22:46:01 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/11/15 22:45:34 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/11/11 15:45:04 | 1176,881,238 | ---- | C] () -- C:\Users\Suska\Desktop\Brave.2012.R5.DVDRip.XViD.LiNE-UNiQUE.avi
[2012/04/08 09:00:59 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/03/13 22:36:16 | 000,000,086 | -HS- | C] () -- C:\Users\Suska\AppData\Roaming\winset.ini
[2011/12/23 22:28:43 | 000,009,420 | -HS- | C] () -- C:\Users\Suska\AppData\Local\xkxqmv2b0hgj3vuq3tfr5c448t1j
[2011/12/23 22:28:43 | 000,009,420 | -HS- | C] () -- C:\ProgramData\xkxqmv2b0hgj3vuq3tfr5c448t1j
[2011/12/22 20:45:42 | 000,010,444 | -HS- | C] () -- C:\Users\Suska\AppData\Local\25q4s702b6yah8u66c2si
[2011/12/22 20:45:42 | 000,010,444 | -HS- | C] () -- C:\ProgramData\25q4s702b6yah8u66c2si
[2011/12/21 21:40:20 | 000,009,336 | -HS- | C] () -- C:\Users\Suska\AppData\Local\cqmio4uw22dg285lq553ru4x31s6g
[2011/12/21 21:40:20 | 000,009,336 | -HS- | C] () -- C:\ProgramData\cqmio4uw22dg285lq553ru4x31s6g
[2011/12/20 22:14:28 | 000,002,588 | -HS- | C] () -- C:\Users\Suska\AppData\Local\dmyib3jr58pr237op308dq2c28y2k
[2011/12/20 22:14:28 | 000,002,588 | -HS- | C] () -- C:\ProgramData\dmyib3jr58pr237op308dq2c28y2k
[2011/12/08 00:21:37 | 000,000,184 | -H-- | C] () -- C:\ProgramData\~yZLwXpqKnpW3Ejr
[2011/12/08 00:21:36 | 000,000,296 | -H-- | C] () -- C:\ProgramData\~yZLwXpqKnpW3Ej
[2011/12/08 00:21:32 | 000,000,432 | -H-- | C] () -- C:\ProgramData\yZLwXpqKnpW3Ej
[2011/10/22 08:46:56 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
[2011/10/22 08:46:54 | 000,000,232 | -H-- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
[2011/10/22 08:46:29 | 000,000,456 | -H-- | C] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011/10/22 08:26:16 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/22 08:26:14 | 000,000,232 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/22 08:22:38 | 000,000,456 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/15 09:16:20 | 000,000,850 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/10/15 09:16:20 | 000,000,160 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/10/15 09:14:50 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/10/15 09:12:04 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/10/15 09:12:04 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/07/22 22:54:09 | 000,000,120 | -H-- | C] () -- C:\Users\Suska\AppData\Local\Ukowuheseh.dat
[2011/07/22 22:54:09 | 000,000,000 | -H-- | C] () -- C:\Users\Suska\AppData\Local\Oxowap.bin
[2011/07/22 21:21:18 | 000,009,762 | -HS- | C] () -- C:\Users\Suska\AppData\Local\3phlgvsixs8l2p
[2011/07/22 21:21:18 | 000,009,762 | -HS- | C] () -- C:\ProgramData\3phlgvsixs8l2p
[2011/07/11 17:58:58 | 000,009,904 | -HS- | C] () -- C:\Users\Suska\AppData\Local\nepw04s2t4635682is3t082s54a7qxf5ye5l5330
[2011/07/11 17:58:58 | 000,009,904 | -HS- | C] () -- C:\ProgramData\nepw04s2t4635682is3t082s54a7qxf5ye5l5330
[2011/06/27 00:12:51 | 000,000,000 | -H-- | C] () -- C:\Users\Suska\AppData\Roaming\wklnhst.dat
[2011/06/25 07:19:34 | 000,009,496 | -HS- | C] () -- C:\Users\Suska\AppData\Local\m58vm1e58reu
[2011/06/25 07:19:34 | 000,009,496 | -HS- | C] () -- C:\ProgramData\m58vm1e58reu
[2011/06/23 23:41:06 | 000,000,000 | ---- | C] () -- C:\Users\Suska\AppData\Roaming\3893088.exe
[2011/06/23 23:41:05 | 000,000,000 | ---- | C] () -- C:\Users\Suska\AppData\Roaming\6981557.exe
[2011/06/23 23:41:05 | 000,000,000 | ---- | C] () -- C:\Users\Suska\AppData\Roaming\1167615.exe
[2011/06/23 23:41:04 | 000,000,000 | ---- | C] () -- C:\Users\Suska\AppData\Roaming\7922698.exe
[2011/06/23 23:25:30 | 000,000,000 | ---- | C] () -- C:\Users\Suska\AppData\Roaming\7676967.exe
[2011/06/23 23:25:29 | 000,000,000 | ---- | C] () -- C:\Users\Suska\AppData\Roaming\459808.exe
[2011/06/23 23:25:29 | 000,000,000 | ---- | C] () -- C:\Users\Suska\AppData\Roaming\3384708.exe
[2011/06/23 23:25:28 | 000,000,000 | ---- | C] () -- C:\Users\Suska\AppData\Roaming\2185836.exe
[2011/06/23 23:06:38 | 000,010,940 | -HS- | C] () -- C:\Users\Suska\AppData\Local\b152qo8i3trbh7o3mjrgp68q705
[2011/06/23 23:06:38 | 000,010,940 | -HS- | C] () -- C:\ProgramData\b152qo8i3trbh7o3mjrgp68q705
[2011/06/23 22:56:30 | 000,000,000 | ---- | C] () -- C:\Users\Suska\AppData\Roaming\6501743.exe
[2011/06/23 22:56:29 | 000,000,000 | ---- | C] () -- C:\Users\Suska\AppData\Roaming\5290671.exe
[2011/06/23 22:56:29 | 000,000,000 | ---- | C] () -- C:\Users\Suska\AppData\Roaming\1587598.exe
[2011/06/23 22:56:28 | 000,000,000 | ---- | C] () -- C:\Users\Suska\AppData\Roaming\4098464.exe
[2011/06/22 22:31:41 | 000,001,876 | -H-- | C] () -- C:\Users\Suska\AppData\Roaming\1.gif
[2011/06/22 22:31:39 | 000,000,011 | -H-- | C] () -- C:\Users\Suska\AppData\Roaming\ct_start
[2011/06/18 07:56:52 | 000,009,472 | -HS- | C] () -- C:\Users\Suska\AppData\Local\u4i5f74m36nn0agpvkg1
[2011/06/18 07:56:52 | 000,009,472 | -HS- | C] () -- C:\ProgramData\u4i5f74m36nn0agpvkg1
[2011/06/13 21:41:42 | 000,009,986 | -HS- | C] () -- C:\Users\Suska\AppData\Local\0unryb7xj2n40hddcwv086j5f6f4q30g08j6n
[2011/06/13 21:41:42 | 000,009,986 | -HS- | C] () -- C:\ProgramData\0unryb7xj2n40hddcwv086j5f6f4q30g08j6n
[2011/06/03 21:37:49 | 000,010,988 | -HS- | C] () -- C:\Users\Suska\AppData\Local\3o6j52b777621wbsaa
[2011/06/03 21:37:49 | 000,010,988 | -HS- | C] () -- C:\ProgramData\3o6j52b777621wbsaa
[2011/05/28 22:39:05 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~47243000
[2011/05/28 22:38:55 | 000,000,336 | -H-- | C] () -- C:\ProgramData\47243000
[2011/05/22 00:17:27 | 000,008,420 | ---- | C] () -- C:\Users\Suska\AppData\Local\d3d9caps64.dat
[2011/05/22 00:10:55 | 000,010,920 | -HS- | C] () -- C:\Users\Suska\AppData\Local\i80451yt40iko2ugi
[2011/05/22 00:10:55 | 000,010,920 | -HS- | C] () -- C:\ProgramData\i80451yt40iko2ugi
[2011/05/22 00:10:19 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~45670136r
[2011/05/22 00:10:18 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~45670136
[2011/05/22 00:10:10 | 000,000,344 | -H-- | C] () -- C:\ProgramData\45670136
[2010/03/03 22:46:40 | 000,024,226 | -H-- | C] () -- C:\Users\Suska\AppData\Roaming\UserTile.png
[2010/01/03 14:18:27 | 000,031,232 | ---- | C] () -- C:\Users\Suska\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/04 15:06:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/02/23 05:54:43 | 000,007,620 | ---- | C] () -- C:\Users\Suska\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 09:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 11:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 01:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 20:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/11/13 10:36:04 | 000,000,000 | -H-D | M] -- C:\Users\Suska\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/07 20:41:04 | 000,000,000 | -H-D | M] -- C:\Users\Suska\AppData\Roaming\d6ssWL8qYwUrt1v
[2012/06/19 18:10:25 | 000,000,000 | ---D | M] -- C:\Users\Suska\AppData\Roaming\DVDVideoSoft
[2012/06/19 18:10:08 | 000,000,000 | ---D | M] -- C:\Users\Suska\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/10/07 20:40:51 | 000,000,000 | -H-D | M] -- C:\Users\Suska\AppData\Roaming\lQ77EKghXUez
[2011/02/02 17:49:27 | 000,000,000 | ---D | M] -- C:\Users\Suska\AppData\Roaming\OpenOffice.org
[2012/04/08 20:40:43 | 000,000,000 | ---D | M] -- C:\Users\Suska\AppData\Roaming\PC-FAX TX
[2010/03/03 22:46:39 | 000,000,000 | -H-D | M] -- C:\Users\Suska\AppData\Roaming\PeerNetworking
[2011/05/01 13:57:30 | 000,000,000 | -H-D | M] -- C:\Users\Suska\AppData\Roaming\Sammsoft
[2011/06/27 00:12:55 | 000,000,000 | -H-D | M] -- C:\Users\Suska\AppData\Roaming\Template
[2011/02/02 14:16:23 | 000,000,000 | ---D | M] -- C:\Users\Suska\AppData\Roaming\Thinstall
[2011/10/07 20:52:16 | 000,000,000 | -H-D | M] -- C:\Users\Suska\AppData\Roaming\v00uuvS2ib3pG5Q

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >




OTL Extras logfile created on: 11/17/2012 5:58:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Suska\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.97 Gb Available Physical Memory | 79.38% Memory free
7.68 Gb Paging File | 7.03 Gb Available in Paging File | 91.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.24 Gb Total Space | 177.77 Gb Free Space | 61.89% Space Free | Partition Type: NTFS
Drive D: | 10.85 Gb Total Space | 1.84 Gb Free Space | 16.93% Space Free | Partition Type: NTFS

Computer Name: SUSKA-PC | User Name: Suska | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-919466413-2021914507-2831054707-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 6F B5 F5 53 0A 0B CD 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{23BE710F-106D-4D05-A032-0AA1410B8EF8}" = rport=138 | protocol=17 | dir=out | app=system |
"{2B839D82-3F18-4B38-A597-530B1484A856}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2C2BF2AB-4AEF-4EA9-AEDD-E7A0795C293F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{77BC28D8-9E29-4BD1-A448-1E308CC493B2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{808FEE97-E1BE-4AC6-B91D-78EB21E936A7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{82E52775-D5AC-46C2-A7FA-28C643513E58}" = lport=137 | protocol=17 | dir=in | app=system |
"{88707B09-043E-4333-A302-82C179ADC675}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A8E268A4-AC4B-44E5-BCD4-8847BC09A653}" = rport=139 | protocol=6 | dir=out | app=system |
"{AEB31CD6-6E23-4972-BED7-8E89217E5958}" = lport=138 | protocol=17 | dir=in | app=system |
"{B955C2C8-4650-4DBF-A304-89B1B30EA0C8}" = lport=139 | protocol=6 | dir=in | app=system |
"{CBBFB9D0-054D-464F-AE50-52929BC47F15}" = lport=445 | protocol=6 | dir=in | app=system |
"{D7F585F3-3AEA-4F4B-8189-FB7368A66BD0}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{DF5512BD-6C0D-4439-8B7D-6E1D3E4FCAD0}" = rport=445 | protocol=6 | dir=out | app=system |
"{E32B43CB-C595-44B8-B697-A14049014772}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E3F021A1-3E8B-4CD4-8346-E0AC6B320A52}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F0E132F1-9970-46EC-9807-5AF1A77D5A1C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F7322E4C-0C40-43BD-8181-810B32E47C6B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FC3229E8-2B74-4C2C-A6D2-9CF41225C6D5}" = rport=137 | protocol=17 | dir=out | app=system |
"{FE6DFF5F-B8D3-4223-BB32-23E41C4E4C50}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D35FFA-6003-4A7B-8119-C8D520262441}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{04EE56F0-2E65-4593-B389-EA1E289BCE03}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{10F5EDBE-68E5-45CA-A1D8-33D50B4E164B}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |
"{1529514B-173B-48E9-A0AB-2967F7C58521}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{2AEDE045-FECA-429E-BCB2-9C7A21977F12}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{32B7E0D0-2A98-4DFB-BA04-8ACE128B5C3B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{47A15724-C4E3-467B-B2AF-16A80011CAD6}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
"{571ABEBD-59D2-46EA-91B6-3C3F6C2B68FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam1\steam.exe |
"{8831D651-D4BC-4D4C-890A-4D4956B82A71}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9435543C-D29E-4020-9FAC-EA9314F2B793}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{972C1640-5E72-4489-A785-FBCE37DCED9E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9904CF86-8424-409E-90AE-CDC276EFA05D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{A5F0DAA5-4827-4C48-BD26-74C5647949ED}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl10c\faxrx.exe |
"{A87D0E88-4BE2-4516-BF68-FF9B179C1684}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{ABA99E3F-0C7F-4C34-93DA-DA16A0534FC5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B1CD1147-F5CE-4D05-BC79-91E8069611D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam1\steam.exe |
"{B823A97B-3794-41A1-A5F4-497BB9C6DF81}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C7E3680D-5FF3-4355-9715-5B395D6B430C}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl10c\faxrx.exe |
"{E5C5D8D6-F190-425B-9DF9-EF12D7115BC7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{0279CAA4-7529-433A-AC5C-50C76743C34C}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{0F4696A5-6A3A-456E-AF25-E01F6273A4BF}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{16757DAB-197F-4D6F-B6FF-CBAB435406B6}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{12A8DEB1-A658-4DC4-A3D9-BDF0199E5871}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{C58BD239-1859-4448-9C93-338E88527FB4}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{CD0702EA-0784-433E-AB1B-579FA84ED017}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7401FCC8-5B1A-394B-F8AF-E5F01561FBB8}" = ccc-utility64
"{7A0D5844-6ED1-26E5-A646-C2D2867EDADC}" = ATI Catalyst Install Manager
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01B10898-0693-5E45-8C0B-CB4B0C2CB5C9}" = CCC Help Spanish
"{01E71682-7A62-31B6-2E19-82C4C2C410C3}" = CCC Help Korean
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05F5ADF7-B9BF-E5AC-FDA4-C412C150763F}" = Catalyst Control Center Localization Greek
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0892BA56-B55A-EA45-74A7-C728BEFCEE4A}" = Catalyst Control Center Localization Norwegian
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0BCE001B-D952-7242-1378-6B3188B7CDB6}" = Catalyst Control Center Localization Swedish
"{111CE1DA-F2B6-B449-8BDC-BFA807EEF343}" = Catalyst Control Center Localization Thai
"{1550A772-F3DF-9DCA-70E4-5BA5FEDBDDEE}" = CCC Help Norwegian
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1B835521-00CB-B242-2072-DA41AE7E9F11}" = CCC Help Turkish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{246771C5-5589-C809-90A3-95D380CAEB0C}" = CCC Help Dutch
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2ACA4FB1-A1DB-BACF-05D8-9F654ED1F6F9}" = CCC Help Danish
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{335901DF-7FC7-76E9-AEFB-3BD15D5C1B8E}" = Catalyst Control Center Localization German
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{37F36B08-76D1-58D0-0B62-C873B3F1E04A}" = Catalyst Control Center Graphics Full Existing
"{3FA93E4C-CB3B-4B25-B091-9DB0FCC56A74}" = Catalyst Control Center - Branding
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{43519E32-0AC9-ACBF-0AC9-000CEDEBCAFB}" = CCC Help Russian
"{440EE84D-A37A-E283-D538-0A4E94AC6243}" = Catalyst Control Center Localization Dutch
"{456B2B42-C082-8B6F-923C-2C8920ECF559}" = Catalyst Control Center Localization Czech
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{48382386-BA53-3B91-668C-DE3F4969C00C}" = ccc-core-static
"{49521D72-2856-C7B9-F54E-26B116606B0D}" = Catalyst Control Center Localization Hungarian
"{50C5DCCD-C82F-3D45-AAC8-1E094717FF9B}" = CCC Help Czech
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{54F98E59-AC27-F6D6-8DF3-29E38BB1AFF9}" = Catalyst Control Center Localization Korean
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{57921C23-454B-1B45-6C32-B1A8BFC76875}" = Catalyst Control Center Localization French
"{5C9B4046-4B37-3595-7BAF-1FFF58F2BA88}" = Catalyst Control Center Core Implementation
"{61C2601F-D1F4-6CC3-858B-80A54A1C1360}" = CCC Help Greek
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E25BE3B-8E16-3A78-2BA7-1482A2D4743F}" = CCC Help English
"{6F26A541-E756-4C24-A36B-EFD3C6217EAF}" = CCC Help German
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7491471D-DA69-6E11-623D-F3BCAF65F922}" = CCC Help Italian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7F82D79D-81EF-DC6C-69FF-A45C282B1986}" = CCC Help Swedish
"{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}" = Brother MFL-Pro Suite MFC-J615W
"{81ACE059-6894-21DE-E3AB-E8D6AF38B5C4}" = Catalyst Control Center Localization Portuguese
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{8572742E-08EA-FCEF-458A-4CE90851E804}" = Catalyst Control Center Localization Russian
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8702D4FD-296D-405C-9C73-E6023A3EB98E}" = Analyst's TurtleFarm 1.0.5
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8F0CFF10-034C-EE7E-3B2D-8C7F117BB3A6}" = Catalyst Control Center Localization Finnish
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9075DF27-7C34-D2D5-4E66-970E0E99E320}" = Catalyst Control Center Graphics Light
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9858B284-0ACC-3EB1-BBF7-B0D1A5D0C2FD}" = CCC Help Japanese
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9A85A260-CC99-8DA9-0D03-60C12BE82189}" = CCC Help Polish
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D6C29FF-850B-9425-7B34-B21526874121}" = Catalyst Control Center Graphics Previews Vista
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{9EBF6795-816C-06EB-BF29-06317FD5A730}" = Catalyst Control Center Localization Chinese Standard
"{9F2D3FB4-895E-A9F2-5B3A-118EDCE4E409}" = CCC Help Chinese Traditional
"{A2F6EEA0-DBCD-2389-BA8D-9A16DB60FAD8}" = Catalyst Control Center Graphics Full New
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5737DB-03C3-1526-F31E-D45A588D8459}" = Catalyst Control Center Localization Japanese
"{ADBFC909-D682-10E2-43C6-790F25FA3296}" = CCC Help Finnish
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B5DA1D7B-9494-A847-F185-EE4B8C48D905}" = CCC Help Hungarian
"{B8169E45-8E23-430B-91D1-EC64540C8ED0}" = HP User Guides 0103
"{BD2CC796-A584-9399-098A-2C2F291ABD1A}" = Catalyst Control Center Localization Spanish
"{C05A2E05-73A2-2672-7B82-59F3932AF6AD}" = CCC Help Thai
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1C9D5E7-761D-817F-DBF2-1E77E20121BB}" = CCC Help Portuguese
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C39B346D-1E0D-CB23-CAC5-78CD5CBB495A}" = Catalyst Control Center Localization Italian
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5E794F3-2EAC-CA94-79ED-1E3E3267F40B}" = CCC Help Chinese Standard
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C9690E1F-06A0-559B-37D2-B573DA95CA54}" = Catalyst Control Center Localization Danish
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CF217146-C889-3CB8-1490-07DA0DDB1318}" = CCC Help French
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D68147A7-E42F-DA4B-209A-38CCC53702EC}" = Catalyst Control Center Localization Chinese Traditional
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F7D7E6EA-2B25-ABB1-0F4A-F39764C2D15B}" = Skins
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FAF0230B-8A11-8052-AFC9-5DB998020FD5}" = Catalyst Control Center Localization Polish
"{FC7C3B82-C7CB-125A-23FE-EE268799F5E3}" = Catalyst Control Center Localization Turkish
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.24.608
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.3.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 2.0.1
"WildTangent hp Master Uninstall" = My HP Games
"Yahoo! Companion" = Yahoo! Toolbar
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-919466413-2021914507-2831054707-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/27/2012 5:51:52 AM | Computer Name = Suska-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/27/2012 5:55:27 AM | Computer Name = Suska-PC | Source = .NET Runtime Optimization Service | ID = 1107
Description =

Error - 3/27/2012 5:55:28 AM | Computer Name = Suska-PC | Source = .NET Runtime Optimization Service | ID = 1107
Description =

Error - 3/27/2012 5:55:29 AM | Computer Name = Suska-PC | Source = .NET Runtime Optimization Service | ID = 1107
Description =

Error - 3/27/2012 8:29:13 PM | Computer Name = Suska-PC | Source = Application Error | ID = 1000
Description = Faulting application ie4uinit.exe, version 9.0.8112.16421, time stamp
0x4d762546, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x7476a57d, process id 0xfc8, application start time
0x01cd0c79cc398430.

Error - 3/27/2012 8:31:49 PM | Computer Name = Suska-PC | Source = BackItUp5 | ID = 5225
Description =

Error - 3/27/2012 8:32:39 PM | Computer Name = Suska-PC | Source = Application Error | ID = 1000
Description = Faulting application zmxqc.exe, version 7.6.0.7, time stamp 0x4f587bfc,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x7476a57d, process id 0x10d4, application start time 0x01cd0c7a33d394a0.

Error - 3/28/2012 4:04:26 AM | Computer Name = Suska-PC | Source = Application Error | ID = 1000
Description = Faulting application unlodctr.exe, version 6.0.6001.18000, time stamp
0x47918b8f, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x7476a57d, process id 0x1714, application start time
0x01cd0cb963daf730.

Error - 3/28/2012 4:14:06 AM | Computer Name = Suska-PC | Source = Application Error | ID = 1000
Description = Faulting application NDP35SP1-KB2657424-x64.exe, version 9.0.30729.3678,
time stamp 0x429de67b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x7476a57d, process id 0x1618, application
start time 0x01cd0cbab8434880.

Error - 3/28/2012 4:32:41 AM | Computer Name = Suska-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 11/1/2010 8:23:35 PM | Computer Name = Suska-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 11/17/2012 7:15:58 PM | Computer Name = Suska-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:52:35 PM on 11/17/2012 was unexpected.

Error - 11/17/2012 7:16:26 PM | Computer Name = Suska-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 11/17/2012 7:17:12 PM | Computer Name = Suska-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/17/2012 7:17:12 PM | Computer Name = Suska-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/17/2012 7:49:03 PM | Computer Name = Suska-PC | Source = DCOM | ID = 10005
Description =

Error - 11/17/2012 7:49:12 PM | Computer Name = Suska-PC | Source = DCOM | ID = 10005
Description =

Error - 11/17/2012 7:49:16 PM | Computer Name = Suska-PC | Source = DCOM | ID = 10005
Description =

Error - 11/17/2012 7:49:53 PM | Computer Name = Suska-PC | Source = DCOM | ID = 10005
Description =

Error - 11/17/2012 7:49:53 PM | Computer Name = Suska-PC | Source = DCOM | ID = 10005
Description =

Error - 11/17/2012 7:53:25 PM | Computer Name = Suska-PC | Source = DCOM | ID = 10005
Description =


< End of report >
Sinnamon
Active Member
 
Posts: 12
Joined: November 14th, 2012, 10:18 pm

Re: HELP! Malware Bytes!

Unread postby askey127 » November 18th, 2012, 8:15 am

Sinnamon
-------------------------------------------------
Please download RogueKiller.exe and save it to your desktop.

Run RogueKiller
  • First, quit all running programs.
  • Start RogueKiller.exe. (Double click in XP, Right click and choose "Run as administrator" in Vista/Win7)
  • Note: If the program is blocked, do not hesitate to try several times.
    If it really does not work (it could happen), rename it to winlogon.exe or RogueKiller.com.
  • Wait until prescan has finished.
  • Click on the Scan button in the upper right. Wait for it to finish.
  • When the scan is complete, a file icon named RKreport.txt should appear on your desktop.
  • Please double click that file RKreport.txt and post its contents in your next Reply.
    (You can also open the report by clicking the Report button on the right).
  • When you exit RogueKiller, you may get a popup reporting "None of the Elements have been deleted. Do you want to quit?" Click "Yes".

--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    (Vista - W7 users: Right-click and select "Run As Administrator")
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
    If you try to change the filename and extension, you may get a warning message from Windows because of the change of file extension. OK the change.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: HELP! Malware Bytes!

Unread postby Sinnamon » November 18th, 2012, 5:11 pm

Before I begin....Thank You, askey127 for your help and guidance. It has been and is, very much appreciated!

I struggled all day to run RogueKiller. Downloading it was not a problem but everytime I ran it it would go about 80% to completion and then stop unexpectedly whereupon I would an error message. I tried it multiple times and also renamed it twice and got the same results each time. So I ran TDSSKiller successfully and removed one item / threat. Then I ran RogueKiller again, this time successfully. I am able to post the results of RogueKiller but I am puzzled as to how to post TDSS....I have various items in my C drive under the title "TDSSKiller_Quarentine" one file is named 18.11.2012_14.32.39 that has a subfolder named mbr0000 which has a subfolder named mbr0000 which has a subfolder named tdlfs0000. I tried to copy and paste the contents of these folders and I am able to "Copy" but I do not have the option to "Paste" so I am unsure as to what I am supposed to copy and paste for results of the TDSS scan.

RogueKiller V8.3.0 [Nov 18 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Suska [Admin rights]
Mode : Scan -- Date : 11/18/2012 14:50:04

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][ROGUE ST] HKCU\[...]\Run : 1336253764 (C:\Users\Suska\AppData\Local\Temp\tmph3630922692156204336.tmp) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : cftmon (C:\Users\Suska\AppData\Roaming\zmxqc.exe) -> FOUND
[RUN][ROGUE ST] HKUS\S-1-5-21-919466413-2021914507-2831054707-1000[...]\Run : 1336253764 (C:\Users\Suska\AppData\Local\Temp\tmph3630922692156204336.tmp) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-919466413-2021914507-2831054707-1000[...]\Run : cftmon (C:\Users\Suska\AppData\Roaming\zmxqc.exe) -> FOUND
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[SHELLSPWN] HKCU\[...]\command : ("%1" %*) -> FOUND
[SHELLSPWN] HKUS\S-1-5-21-919466413-2021914507-2831054707-1000[...]\command : ("%1" %*) -> FOUND
[SHELLSPWN] HKCR\[...]\command : ("%1" %*) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[Tr.Karagany][FOLDER] plugs : C:\Users\Suska\AppData\Roaming\Adobe\plugs --> FOUND
[Tr.Karagany][FOLDER] shed : C:\Users\Suska\AppData\Roaming\Adobe\shed --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHZ2320BH G2 ATA Device +++++
--- User ---
[MBR] bc05cb0507fe5be6d903fbcee843d35a
[BSP] 09dcba3c1ae844e244e16926e245f787 : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 294134 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 602388480 | Size: 11107 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11182012_02d1450.txt >>
RKreport[1]_S_11182012_02d1450.txt
Sinnamon
Active Member
 
Posts: 12
Joined: November 14th, 2012, 10:18 pm

Re: HELP! Malware Bytes!

Unread postby Sinnamon » November 18th, 2012, 5:18 pm

found it....TDSSKiller log

14:45:09.0992 3860 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:45:11.0040 3860 ============================================================
14:45:11.0040 3860 Current date / time: 2012/11/18 14:45:11.0040
14:45:11.0040 3860 SystemInfo:
14:45:11.0041 3860
14:45:11.0041 3860 OS Version: 6.0.6002 ServicePack: 2.0
14:45:11.0041 3860 Product type: Workstation
14:45:11.0041 3860 ComputerName: SUSKA-PC
14:45:11.0108 3860 UserName: Suska
14:45:11.0108 3860 Windows directory: C:\Windows
14:45:11.0108 3860 System windows directory: C:\Windows
14:45:11.0108 3860 Running under WOW64
14:45:11.0108 3860 Processor architecture: Intel x64
14:45:11.0108 3860 Number of processors: 2
14:45:11.0108 3860 Page size: 0x1000
14:45:11.0108 3860 Boot type: Normal boot
14:45:11.0108 3860 ============================================================
14:45:17.0607 3860 BG loaded
14:45:18.0391 3860 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:45:18.0458 3860 ============================================================
14:45:18.0496 3860 \Device\Harddisk0\DR0:
14:45:18.0503 3860 MBR partitions:
14:45:18.0503 3860 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23E7B7C1
14:45:18.0503 3860 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23E7B800, BlocksNum 0x15B1800
14:45:18.0503 3860 ============================================================
14:45:18.0631 3860 C: <-> \Device\Harddisk0\DR0\Partition1
14:45:18.0821 3860 D: <-> \Device\Harddisk0\DR0\Partition2
14:45:18.0821 3860 ============================================================
14:45:18.0821 3860 Initialize success
14:45:18.0821 3860 ============================================================
14:45:44.0603 3824 Deinitialize success
Sinnamon
Active Member
 
Posts: 12
Joined: November 14th, 2012, 10:18 pm

Re: HELP! Malware Bytes!

Unread postby askey127 » November 19th, 2012, 12:07 pm

Sinnamon,
-------------------------------------------------
Run RogueKiller
  • First, quit all running programs.
  • Start RogueKiller.exe. (Double click in XP, Right click and choose "Run as administrator" in Vista/Win7)
  • Note: If the program is blocked, do not hesitate to try several times.
    If it really does not work (it could happen), rename it to winlogon.exe or RogueKiller.com.
  • Wait until prescan has finished.
  • Click on the Delete button in the upper right. Wait for it to finish.
  • When the scan is complete, a file icon named RKreport.txt should appear on your desktop.
  • Please double click that file RKreport.txt and post its contents in your next Reply.
    (You can also open the report by clicking the Report button on the right).
-----------------------------------------
Check hard Drive for Errors
Open Notepad... then copy and paste the following line into Notepad:
(Notepad is in Start, Programs, Accessories)
Code: Select all
cmd  /c  chkdsk  c:  |find  /v  "percent"  >> "%userprofile%\desktop\checkhd.txt"

Now Save the NotePad file like this:
  • Click on File from the top menu bar.
  • Select Save As, use Filename: testhd.bat and Save As Type: All Files.
  • Choose Desktop as the location
  • Click Save.
Right click on testhd.bat on your desktop and select Run As Administrator to run it. OK the UAC.
A Command Prompt box will pop up, then close after a couple minutes.
Please post the contents of the new checkhd.txt file from your desktop.
If the file is very long, just copy and paste the LAST 20 or 30 lines into your reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: HELP! Malware Bytes!

Unread postby Sinnamon » November 19th, 2012, 10:37 pm

RogueKiller V8.3.0 [Nov 18 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Suska [Admin rights]
Mode : Remove -- Date : 11/19/2012 19:52:33

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][ROGUE ST] HKCU\[...]\Run : 1336253764 (C:\Users\Suska\AppData\Local\Temp\tmph3630922692156204336.tmp) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : cftmon (C:\Users\Suska\AppData\Roaming\zmxqc.exe) -> DELETED
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[SHELLSPWN] HKCU\[...]\command : ("%1" %*) -> REPLACED ("%1" %*)

¤¤¤ Particular Files / Folders: ¤¤¤
[Tr.Karagany][FOLDER] ROOT : C:\Users\Suska\AppData\Roaming\Adobe\plugs --> REMOVED
[Tr.Karagany][FOLDER] ROOT : C:\Users\Suska\AppData\Roaming\Adobe\shed --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHZ2320BH G2 ATA Device +++++
--- User ---
[MBR] bc05cb0507fe5be6d903fbcee843d35a
[BSP] 09dcba3c1ae844e244e16926e245f787 : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 294134 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 602388480 | Size: 11107 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_D_11192012_02d1952.txt >>
RKreport[1]_S_11182012_02d1450.txt ; RKreport[2]_S_11192012_02d1952.txt ; RKreport[3]_D_11192012_02d1952.txt


The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
1956 large file records processed.

0 bad file records processed.

0 EA records processed.

60 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
44497 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

301194208 KB total disk space.
124902412 KB in 199845 files.
130984 KB in 44498 indexes.
0 KB in bad sectors.
370800 KB in use by the system.
4096 KB occupied by the log file.
175790012 KB available on disk.

4096 bytes in each allocation unit.
75298552 total allocation units on disk.
43947503 allocation units available on disk.

!!!!!!!!!!!!!!!!!!!!!!!! again~ thank you, askey127 for your time and your advice and direction is much appreciated!
Sinnamon
Active Member
 
Posts: 12
Joined: November 14th, 2012, 10:18 pm

Re: HELP! Malware Bytes!

Unread postby askey127 » November 20th, 2012, 8:17 am

Sinnamon,
-----------------------------------------------------------
Hard Disk Repair
ChkDsk needs to run a different sequence upon reboot to do repairs. It can't repair the file system while Windows is running.
DO NOT START THIS SEQUENCE UNLESS YOU CAN DO WITHOUT THE MACHINE FOR AN HOUR OR TWO. It may not take very long , but could, depending on the number of files and folders.
It will not relinquish control until it is done. You cannot stop it, and it would be a BIG mistake to pull the plug.

  1. Open Notepad... then copy and paste the following into Notepad:
    Code: Select all
    cmd  /c  chkdsk  c:  /F  /R
  2. Now Save the NotePad file like this:
    • Click on File from the top menu bar.
    • Select Save As, use Filename: fixhd.bat. and Save As Type: All Files.
    • Choose Desktop as the location
    • Click Save.
  3. Right click on fixhd.bat on your desktop and select Run As Administrator to run it.
  4. You will get a message that the volume is locked, with a request to do the repair on Reboot. Answer Y
  5. Click Continue at the UAC prompt.
Go to Start, Turn Off Computer and choose Reboot
It will scan again when it boots up and make the repairs as the first part of the reboot process.
-----------------------------------------------------------
Check Hard Disk For Errors

Once the computer boots up again, please delete your original file Checkhd.txt If it's present on your Desktop.

Right click on testhd.bat on your desktop and select Run As Administrator to run it.
Click Continue at the UAC prompt.
A Command Prompt box will pop up, then close after a couple minutes.
Please post the contents of the new checkhd.txt file from your desktop.
If it's very long, just post the last 30-50 lines.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: HELP! Malware Bytes!

Unread postby Sinnamon » November 21st, 2012, 2:06 am

checkhd.txt

The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
1955 large file records processed.

0 bad file records processed.

0 EA records processed.

60 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
44502 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.

301194208 KB total disk space.
130189848 KB in 199865 files.
130992 KB in 44503 indexes.
4 KB in bad sectors.
368236 KB in use by the system.
4096 KB occupied by the log file.
170505128 KB available on disk.

4096 bytes in each allocation unit.
75298552 total allocation units on disk.
42626282 allocation units available on disk.
Sinnamon
Active Member
 
Posts: 12
Joined: November 14th, 2012, 10:18 pm

Re: HELP! Malware Bytes!

Unread postby askey127 » November 21st, 2012, 7:51 am

Sinnamon,
If your system now runs without problems, you may be OK, or maybe not.
If your system runs, but still blue screens or displays other peculiar behavior, you may be experiencing the early signs of a Hard drive failure.

In any case, you need to back up every important document or other data to a separate storage device -external hard drive, flash, CD, DVD etc.
This should be your first priority.


You can check the Hard Drive any time by first deleting the old results file checkhd.txt from your desktop, then running testhd.bat again.
If you get any more lines in the report indicating a problem with the file system, you can be quite sure you need a replacement hard drive.
The 4kb in bad sectors in the report will not go away, and has been "marked" by CHKDSK.
Once Hard Drives start to fail, they can go to "unbootable" very quickly
Check for lines like this:
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.
Reports of any Bitmap errors are usually not critical.

If you see signs of changes in the hard drive report, you will need to get a replacement hard drive quickly, and replace it yourself, or take it to a repair shop while the old drive is still (mostly) readable.

Tell me how it's running, but back up your data first.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: HELP! Malware Bytes!

Unread postby askey127 » November 26th, 2012, 8:39 am

Since a permanent solution to this problem will likely require replacement hardware, this thread will be closed.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 26 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware