Jump to content

Malwarebytes

unable to clean 2 files

- - - - -
Started by martinezgene, Sep 04 2012 01:21 AM


22 replies to this topic

#1
martinezgene
Posted 04 September 2012 - 01:21 AM

    New Member

  • Members
  • Pip
  • 14 posts
The following 2 keep showing on the malware scan after I ran and cleaned the files. Please help me fix this.
Thanks in advance

Registry Keys Detected: 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\GeneSr\AppData\Roaming\log (Stolen.Data) -> Quarantined and deleted successfully.



DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by GeneSr at 1:03:15 on 2012-09-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2490 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\SPLASH.SYS\config\DVMExportService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\StkASv2K.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Users\GeneSr\AppData\Roaming\New folder\ufile.exe
C:\Users\GeneSr\AppData\Roaming\New folder\ufile.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=F4DDF5C4AAEC7723D2A57A4FE444835C&tbp=homepage
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [appmanager] C:\Users\GeneSr\AppData\Roaming\New folder\ufile.exe
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - /105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2A5BF26D-8AE7-4951-BB9E-4FC38F3C29F0} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2A5BF26D-8AE7-4951-BB9E-4FC38F3C29F0}\054616E456470284F6473507F647 : DhcpNameServer = 8.8.8.8
TCP: Interfaces\{2A5BF26D-8AE7-4951-BB9E-4FC38F3C29F0}\251434B4F444F4F444C454 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2A5BF26D-8AE7-4951-BB9E-4FC38F3C29F0}\E45445745414258303 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2A5BF26D-8AE7-4951-BB9E-4FC38F3C29F0}\F66666438346F677E6 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2A5BF26D-8AE7-4951-BB9E-4FC38F3C29F0}\F6666643835707 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2A5BF26D-8AE7-4951-BB9E-4FC38F3C29F0}\F666664383D6964646C656 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2DFFF89C-29C8-4A0C-8C8F-2F5C1CB90638} : DhcpNameServer = 192.168.100.254
TCP: Interfaces\{EE1678AF-CD52-4430-B69A-41F30D495264} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{EE1678AF-CD52-4430-B69A-41F30D495264}\445726F6B6960205F647F6B6D27657563747 : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
LSA: Notification Packages = scecli DPPWDFLT
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
BHO-X64: DigitalPersona Personal Extension - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SSODL-X64: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS-X64: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\GeneSr\AppData\Roaming\Mozilla\Firefox\Profiles\638qymbk.default\
FF - prefs.js: browser.search.selectedEngine - Facemoods Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=F4DDF5C4AAEC7723D2A57A4FE444835C&q=
FF - component: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext\components\dpffcli.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\GeneSr\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Users\GeneSr\AppData\Roaming\Mozilla\Firefox\Profiles\638qymbk.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Users\GeneSr\AppData\Roaming\Mozilla\Firefox\Profiles\638qymbk.default\extensions\widevinemediatransformer@widevine\plugins\npwidevinemediatransformer.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 vididr;Acronis Virtual Disk;C:\Windows\system32\DRIVERS\vididr.sys --> C:\Windows\system32\DRIVERS\vididr.sys [?]
R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\system32\DRIVERS\vsflt53.sys --> C:\Windows\system32\DRIVERS\vsflt53.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 DVMIO;DVMIO;C:\SPLASH.SYS\config\dvmio.sys [2009-9-27 21624]
R1 pfmfs_463;pfmfs_463;C:\Windows\system32\Drivers\pfmfs_463.sys --> C:\Windows\system32\Drivers\pfmfs_463.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-9-2 913792]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [2010-4-30 89600]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SPLASH.SYS\config\DVMExportService.exe [2009-7-8 323584]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-6-24 810144]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-29 655944]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-4-30 2320920]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-1-7 1656112]
R3 cbfs3;EldoS Callback File System driver v3;C:\Windows\system32\DRIVERS\cbfs3.sys --> C:\Windows\system32\DRIVERS\cbfs3.sys [?]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\system32\DRIVERS\mcvidrv_x64.sys --> C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\system32\drivers\mcaudrv_x64.sys --> C:\Windows\system32\drivers\mcaudrv_x64.sys [?]
R3 NMgamingmsFltr;USB Optical Mouse;C:\Windows\system32\drivers\NMgamingms.sys --> C:\Windows\system32\drivers\NMgamingms.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 pnetmdm;PdaNet Modem;C:\Windows\system32\DRIVERS\pnetmdm64.sys --> C:\Windows\system32\DRIVERS\pnetmdm64.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-12-5 228408]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 MotDev;Motorola Inc. USB Device;C:\Windows\system32\DRIVERS\motodrv.sys --> C:\Windows\system32\DRIVERS\motodrv.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 114144]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SKLService64;Run software as Windows service;C:\Program Files (x86)\KAward64\aklservice64.exe [2012-4-21 180224]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 StkTMini;Syntek AVStream USB2.0 ATV;C:\Windows\system32\Drivers\StkTMini.sys --> C:\Windows\system32\Drivers\StkTMini.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-02 15:17:00 -------- d-----w- C:\ProgramData\IObit
2012-09-02 15:16:45 -------- d-----w- C:\Users\GeneSr\AppData\Roaming\IObit
2012-09-02 15:16:41 -------- d-----w- C:\Program Files (x86)\IObit
2012-08-29 15:10:28 -------- d-----w- C:\Users\GeneSr\AppData\Roaming\Malwarebytes
2012-08-29 15:10:20 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-29 15:10:20 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-29 15:10:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-29 06:29:16 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-28 21:06:31 -------- d-----w- C:\Users\GeneSr\AppData\Roaming\New folder
2012-08-28 21:05:45 550272 ----a-w- C:\Users\GeneSr\AppData\Roaming\utorrent.exe
2012-08-20 08:09:39 -------- d-----w- C:\Users\GeneSr\AppData\Local\ESET
2012-08-14 23:07:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-14 23:07:36 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-14 23:07:36 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-14 23:07:36 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-14 19:49:21 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-14 19:49:21 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-14 19:49:17 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-14 19:49:17 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-14 19:49:17 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-14 19:49:16 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-14 19:49:14 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-12 00:29:37 -------- d-----w- C:\Program Files (x86)\MiniTool Partition Wizard Professional Edition 7.5
2012-08-11 12:50:48 -------- d--h--w- C:\ProgramData\k2logs
2012-08-11 05:38:12 -------- d-----w- C:\ModMii
2012-08-07 14:17:11 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{414CDAF6-A0D7-49DE-99AD-71BC67041F60}\mpengine.dll
.
==================== Find3M ====================
.
2012-09-04 05:29:49 151552 ----a-w- C:\Windows\KMSEmulator.exe
2012-08-29 01:24:56 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-08-29 01:24:53 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-25 17:13:35 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-25 17:13:35 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-18 18:34:54 19032 ------w- C:\Windows\System32\pwdrvio.sys
2012-06-18 18:34:52 12384 ------w- C:\Windows\System32\pwdspio.sys
2012-06-18 18:34:50 2966720 ----a-w- C:\Windows\System32\pwNative.exe
2012-06-06 13:49:52 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
.
============= FINISH: 1:03:55.60 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/16/2010 3:18:05 PM
System Uptime: 9/4/2012 12:29:01 AM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 140A
Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz | CPU | 1178/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 214 GiB total, 41.552 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 3.045 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.093 GiB free.
G: is CDROM ()
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP432: 8/17/2012 11:20:32 PM - HPSF Restore Point
RP433: 8/25/2012 1:22:47 PM - Scheduled Checkpoint
RP434: 8/29/2012 11:40:31 AM - clean
RP435: 8/30/2012 8:17:18 PM - Installed calibre
RP436: 9/2/2012 9:52:37 AM - Installed Java™ 6 Update 35
.
==== Installed Programs ======================
.
µTorrent
abgx360 v1.0.6
Acrobat.com
Acronis True Image WD Edition
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2 MUI
Adobe Shockwave Player
Advanced SystemCare 5
Any Video Converter 3.3.2
Apple Application Support
Apple Software Update
calibre
Camtasia Studio 7
Canon IJ Network Scan Utility
Canon IJ Network Tool
CloneCD
ConvertXtoDVD 4.0.10.324
CyberLink DVD Suite
D3DX10
DAEMON Tools Pro
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DHTML Editing Component
Digital Editions Converter
DVD Menu Pack for HP MediaSmart Video
ESU for Microsoft Windows 7
FileZilla Client 3.5.3
Hewlett-Packard ACLM.NET v1.1.1.0
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart DVD
HP MediaSmart Internet TV
HP MediaSmart Live TV
HP MediaSmart Music/Photo/Video
HP MediaSmart SlingPlayer
HP MediaSmart Software Notebook Demo
HP MediaSmart Webcam
HP Quick Launch Buttons
HP QuickWeb
HP Setup
HP Support Assistant
HP Update
HP User Guides 0186
HP Wireless Assistant
HTC Driver Installer
HTC Sync
Hulu Desktop
iDEN Phonebook Manager
IDT Audio
ImgBurn
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Internet TV for Windows Media Center
IrfanView (remove only)
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 35
JDownloader 0.9
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.62.0.1300
ManyCam 3.0.68 (remove only)
Mesh Runtime
Messenger Companion
MFC RunTime files
Microsoft Live Search Toolbar
Microsoft Money 2007 Home & Business
Microsoft Money Shared Libraries
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MiniTool Partition Wizard Professional Edition 7.5
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Premium
neroxml
Outlook2iDen
PdaNet for Android 2.42
Power2Go
PowerDirector
QLBCASL
QuickTime
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek USB2.0&PCIE Card Reader
Recovery Manager
Rosetta Stone Version 3
SDFormatter
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Skype Click to Call
Skype™ 5.10
SmartWebPrinting
Ulead VideoStudio SE DVD
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
USB2.0 ATV
USB2.0 Capture Device
VLC media player 1.0.5
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
9/4/2012 12:29:31 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x0000000000000003, 0xfffffa8006b88270, 0x0000000000000000, 0x1006024001f00705). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090412-23914-01.
9/3/2012 12:00:13 PM, Error: Microsoft-Windows-SharedAccess_NAT [30009] - The DHCP allocator encountered a network error while attempting to reply on IP address 0.0.0.0 to a request from a client. The data is the error code.
9/3/2012 11:59:06 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR17.
9/3/2012 10:44:53 PM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on \\?\Volume{defbf142-f516-11e1-abfa-705ab6a5250e} cannot be read.
9/3/2012 10:41:13 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR18.
9/2/2012 9:59:21 AM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
9/2/2012 8:28:55 PM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on \\?\Volume{defbf0da-f516-11e1-abfa-705ab6a5250e} cannot be read.
9/2/2012 8:25:50 PM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on \\?\Volume{02119667-8a06-11df-85b3-705ab6a5250e} cannot be read.
9/2/2012 8:25:48 PM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on \\?\Volume{02119666-8a06-11df-85b3-705ab6a5250e} cannot be read.
9/2/2012 4:56:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
9/2/2012 4:56:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
9/2/2012 4:38:00 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR12.
9/2/2012 4:31:36 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom10.
9/2/2012 4:29:31 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR11.
9/2/2012 4:29:22 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom9.
9/2/2012 4:27:16 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR10.
9/2/2012 4:27:08 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR9.
9/2/2012 10:16:55 AM, Error: Service Control Manager [7030] - The Advanced SystemCare Service 5 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/2/2012 1:54:58 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom7.
9/2/2012 1:53:33 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR8.
9/2/2012 1:53:18 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR7.
9/2/2012 1:36:07 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom4.
9/2/2012 1:30:50 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR5.
9/2/2012 1:29:22 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom3.
9/2/2012 1:20:41 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR4.
9/2/2012 1:20:24 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
8/30/2012 8:41:27 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================

#2
Maurice Naggar
Posted 04 September 2012 - 08:26 AM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,146 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
Hello matinezgene.

Before you do anything else, please make a complete backup of your system to offline media. The log indicates the disk may be having issue, which may be an indication of disk failure.
On Windows 7, type in backup and restore and select it from list. Do a backup. To an external drive.

Note: If you did not purchase Advanced System Care, un-install it.

Step 1
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 2
To show all files:
  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3
Use your Internet Explorer browser to go here at Virustotal website
Click the Choose File button and then navigate to C:\Users\GeneSr\AppData\Roaming\New folder\ufile.exe, then click the Scan it button.
The various virus scanners will identify the file and if it is not identified, the AV vendors will then have a copy of it for analysis. Save the results, and post back here in a reply.

==
Use your Internet Explorer browser to go here at VirSCAN.org website
Click the Browse button and then navigate to C:\Users\GeneSr\AppData\Roaming\New folder\ufile.exe, then click the Upload button.

Save the results, and post back here in a reply.

=

Use your Internet Explorer browser to go Threatexpert
http://www.threatexp...m/filescan.aspx
Click the Browse button and then navigate to C:\Users\GeneSr\AppData\Roaming\New folder\ufile.exe,
click the checkbox to checkmark "I agree to be bound by the Terms and Conditions"
then click the Submit button.
Save the results, and post back here in a reply.

Step 4
Your logs showed some peer-to-peer filesharing apps: µTorrent. Un-install it and confirm doing so.
Filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.
Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Step 5
Download, & save & then run the MS Safety scanner
http://www.microsoft...us/default.aspx
Let me know the result.

Edited by Maurice Naggar, 04 September 2012 - 08:29 AM.

~Maurice Naggar

I close my threads if there is 5 days without a response.

#3
martinezgene
Posted 04 September 2012 - 11:40 AM

    New Member

  • Members
  • Pip
  • 14 posts
followed your steps and on step 3 I couldn't find the C:\Users\GeneSr\AppData\Roaming\New folder\ufile.exe file. Then on step 5 I did the scan and it found 1 threat which it allowed me to clean. I then ran the malwarebytes program and it states there is no more threats. I think the problem is solved. Is there anymore I should do. How do I really know if it is clean? Thanks for your help

#4
martinezgene
Posted 04 September 2012 - 11:42 AM

    New Member

  • Members
  • Pip
  • 14 posts
sorry forgot to ask. Can I delete the Erunt file and the backup or should it save to a folder not on desktop.

Thanks again

#5
Maurice Naggar
Posted 04 September 2012 - 11:48 AM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,146 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

View Postmartinezgene, on 04 September 2012 - 11:40 AM, said:

followed your steps and on step 3 I couldn't find the C:\Users\GeneSr\AppData\Roaming\New folder\ufile.exe file. Then on step 5 I did the scan and it found 1 threat which it allowed me to clean. I then ran the malwarebytes program and it states there is no more threats. I think the problem is solved. Is there anymore I should do. How do I really know if it is clean? Thanks for your help
Run Full scans with MBAM and with your antivirus program, too. If nothing detected, you are good to go.

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.
Using Internet Explorer browser only, go to ESET Online Scanner website:
http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;

  • Approve the install of the required ActiveX Control, then follow on-screen instructions;

  • Enable (check) the Remove found threats option, and run the scan.

  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.
    Look at contents of this file using Notepad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here
    http://go.eset.com/u...ine-scanner/faq

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)

    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break Posted ImagePosted Image

Re-enable the antivirus program.

Reply with copy of the Eset scan log

View Postmartinezgene, on 04 September 2012 - 11:42 AM, said:

sorry forgot to ask. Can I delete the Erunt file and the backup or should it save to a folder not on desktop.

Thanks again
ERUNT you should keep and use from time to time, to backup Windows registry.
They can save you in case of a future disaster.

In any event, having complete backups is your best friend.

Edited by Maurice Naggar, 04 September 2012 - 11:50 AM.

~Maurice Naggar

I close my threads if there is 5 days without a response.

#6
martinezgene
Posted 04 September 2012 - 06:35 PM

    New Member

  • Members
  • Pip
  • 14 posts
C:\Users\GeneSr\AppData\Roaming\utorrent.exe a variant of Win32/Injector.VZW trojan cleaned by deleting - quarantined
C:\Windows\KMSAct.exe Win32/HackKMS.A application deleted - quarantined
C:\Windows\KMSEmulator.exe a variant of Win32/HackKMS.A application cleaned by deleting - quarantined

I thought is was clean. The malwarebytes didn't find them. I hope it is clean now. I will run another scan

Thanks

#7
Maurice Naggar
Posted 05 September 2012 - 07:44 AM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,146 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
Please follow-up with these tools.
Step 1

Download and Save McAfee Stinger to your Desktop
http://www.mcafee.co...ls/stinger.aspx

Close all browsers before starting. Disable your antivirus program and anti-malware,if any.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

On Windows 7 & Vista systems, Right Click Posted Image and select Run as Administrator.
On XP, double-click to start it.

The GUI interface will look like this
Posted Image

The C drive is the default for scanning.
Press the Preferences button. In the top right-block "On virus detection", click Rename
In the bottom block "Heuristic network check for suspicious files" select High

Click the Scan Now button.
When done, use the File menu and select Save report to file
Stinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.

RE-Enable your anti-virus program.

Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.
It is not intended as virus protection.

Step 2

Download Dr.Web CureIt to the desktop.
  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow Posted Image at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.
~Maurice Naggar

I close my threads if there is 5 days without a response.

#8
martinezgene
Posted 06 September 2012 - 09:40 AM

    New Member

  • Members
  • Pip
  • 14 posts
ok, here is what I have

The stinger log

McAfee® Labs Stinger™ Version 10.2.0.777 built on Sep 5 2012
Copyright © 2012 McAfee, Inc. All Rights Reserved.
Virus data file v1000.0000 created on Sep 5 2012.
Ready to scan for 4923 viruses, trojans and variants.

Scan initiated on Wed Sep 05 20:32:12 2012
Rootkit scan result : Not Scanned


Master Boot Record(s):....1
Possibly Infected:.............0
Boot Sector(s):.................3
Possibly Infected: ............0

Number of clean files: 22253

Scan initiated on Wed Sep 05 20:37:26 2012
Rootkit scan result : Not Scanned

No files scanned

Scan initiated on Wed Sep 05 20:38:33 2012
Rootkit scan result : Not Scanned


Master Boot Record(s):....1
Possibly Infected:.............0
Boot Sector(s):.................3
Possibly Infected: ............0

DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)

in the quarantine folder there are 2 files here is the name of the 1st (4c07e124-33e41d60) and here is the second (descript.ion) don't know if I can send you files on this site?

There is also a CureIt notepad but there is too much info for me to copy and paste it. This site freezes when I try to paste here. Here is what is at the end of report

Scan statistics
-----------------------------------------------------------------------------
Scanned: 747927
Infected: 10
Modifications: 0
Suspicious: 0
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 2
Ignored: 0
Scan speed: 11 Kb/s
Scan time: 6:44:27
-----------------------------------------------------------------------------

=============================================================================
Total session statistics
=============================================================================
Scanned: 872965
Infected: 10
Modifications: 0
Suspicious: 0
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 2
Ignored: 0
Scan speed: 96 Kb/s
Scan time: 7:27:34
=============================================================================

Should I run again to see if the 10 infested are gone.

Thanks I really appreciate the help you are giving

#9
Maurice Naggar
Posted 06 September 2012 - 09:53 AM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,146 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
No, do not re-run the DrWeb tool.

Please do the following, so I can review the reports.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.
  • Right click on RSITx64.exe & select Run as Administrator to start RSITx64. And allow to run when prompted by UAC
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

~Maurice Naggar

I close my threads if there is 5 days without a response.

#10
martinezgene
Posted 06 September 2012 - 10:59 AM

    New Member

  • Members
  • Pip
  • 14 posts
I have the first done here is the log

Results of screen317's Security Check version 0.99.50
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET NOD32 Antivirus 4.2
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 22
Java™ 6 Update 35
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.4.402.265
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (15.0)
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

running the next step now and will post results

log
Logfile of random's system information tool 1.09 (written by random/random)
Run by GeneSr at 2012-09-06 10:51:16
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 65 GB (30%) free of 219 GB
Total RAM: 3895 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:51:43 AM, on 9/6/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\GeneSr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [appmanager] C:\Users\GeneSr\AppData\Roaming\New folder\ufile.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res:///105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicr...osoft/wrc32.ocx
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SPLASH.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Run software as Windows service (SKLService64) - Unknown owner - C:\Program Files (x86)\KAward64\aklservice64.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\Windows\System32\StkASv2K.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 14191 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
winlogon.exe
C:\Windows\system32\WLANExt.exe 25845792
\??\C:\Windows\system32\conhost.exe "3308313591043555998107635558818559760151734581806-296084661587828532-198382802
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe"
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\SPLASH.SYS\config\DVMExportService.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"
C:\Windows\SysWOW64\StkASv2K.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2376
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe"
"C:\Program Files\Apoint2K\Apoint.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\Java\jre6\bin\jusched.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"
"C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
"C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"C:\Program Files\DigitalPersona\Bin\DPAgent.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Apoint2K\ApMsgFwd.exe" -s{05FA8492-C047-4207-BE65-780D8591C113}
"Apntex.exe"
\??\C:\Windows\system32\conhost.exe "404752094-18573392271597626519-1509764955-1798465842924005558148406736896533022
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe" -Embedding
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe" "<hpNotification><Toast><ID>16925</ID><Title>HP Wireless Assistant</Title><Text>WLAN : On</Text><IconPath>C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\images\wireless_on.ico</IconPath><Path>C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe</Path><Parameters>SHOWSTATUS</Parameters></Toast></hpNotification>"
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
taskeng.exe {0F513D83-D4D7-450D-937F-CC270109B377}
"c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
"c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe"
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Users\GeneSr\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\HPCeeScheduleForGeneSr.job

=========Mozilla firefox=========

ProfilePath - C:\Users\GeneSr\AppData\Roaming\Mozilla\Firefox\Profiles\638qymbk.default

prefs.js - "browser.startup.homepage" - "http://www.google.com/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, widevinemediatransformer@widevine:4.5.0.3485, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.8.0.8855, otis@digitalpersona.com:5.0.0.3790, {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.9, {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"
prefs.js - "keyword.URL" - "http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=F4DDF5C4AAEC7723D2A57A4FE444835C&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.265 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35]
"Description"=
"Path"=C:\Windows\SysWOW64\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@unity3d.com/UnityPlayer]
"Description"=Unity Player 2.5.5b4
"Path"=C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.0.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.265 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
fcmdSrch.xml
google.xml
search.xml
twitter.xml
wikipedia.xml
yahoo.xml

C:\Users\GeneSr\AppData\Roaming\Mozilla\Firefox\Profiles\638qymbk.default\extensions\
trash
widevinemediatransformer@widevine
{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
DigitalPersona Personal Extension - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll [2009-12-01 1889856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-05 43520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-30 75232]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
DigitalPersona Personal Extension - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll [2009-12-01 1256512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-08-28 329712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-29 3844768]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Microsoft Live Search Toolbar Helper - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16 82784]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-08-28 59376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - Microsoft Live Search Toolbar - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16 82784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-11-09 166424]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-11-09 390168]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-11-09 408600]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2009-05-14 318464]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2009-10-21 487424]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-05 171520]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-06-24 2903688]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"appmanager"=C:\Users\GeneSr\AppData\Roaming\New folder\ufile.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [2011-06-22 395392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-11 919008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-07-31 38872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams]
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [2012-02-24 59240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-05-30 59280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [2009-01-29 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [2011-08-17 4527424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\facemoods]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileServe Manager Task]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2009-09-29 1685048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPCam_Menu]
c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files (x86)\iTunes\iTunesHelper.exe [2012-06-07 421776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-05-19 2736128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-07-03 462920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe [2012-04-20 2099064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Connectivity Suite]
C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe [2009-11-19 598016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [2012-02-23 59240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2012-03-08 4280184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-08-20 322104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe [2012-04-18 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu]
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [2009-08-25 610872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2011-06-22 2637824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe [2006-08-09 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OfficeSAS.lnk]
C:\PROGRA~2\MICROS~4\Office14\OFFICE~1\OFFICE~2.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^GeneSr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~2\MICROS~4\Office12\ONENOTEM.EXE /tsr []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^GeneSr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
C:\PROGRA~2\MICROS~1\Office14\ONENOTEM.EXE [2010-12-21 227712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^GeneSr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
C:\PROGRA~2\PDANET~1\PdaNetPC.exe [2010-05-28 447952]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
"DpAgent"=C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [2009-12-01 842816]
"WirelessAssistant"=C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2010-05-20 500792]
"IJNetworkScanUtility"=C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [2010-08-23 206240]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-07-03 462920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-10-30 268800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09 190480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09 190480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
DPPWDFLT

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"VIDC.I420"=MSh263.drv
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux4"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux5"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux6"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux7"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux8"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-09-06 10:51:17 ----D---- C:\Program Files\trend micro
2012-09-06 10:51:16 ----D---- C:\rsit
2012-09-05 20:32:17 ----A---- C:\Windows\stinger.sys
2012-09-05 20:30:48 ----D---- C:\Program Files (x86)\stinger
2012-09-04 15:50:40 ----D---- C:\Program Files (x86)\ESET
2012-09-04 10:46:45 ----D---- C:\Windows\ERDNT
2012-09-04 10:44:35 ----D---- C:\Program Files (x86)\ERUNT
2012-09-02 10:17:00 ----D---- C:\ProgramData\IObit
2012-09-02 09:53:22 ----A---- C:\Windows\SYSWOW64\javaws.exe
2012-09-02 09:53:22 ----A---- C:\Windows\SYSWOW64\javaw.exe
2012-09-02 09:53:22 ----A---- C:\Windows\SYSWOW64\java.exe
2012-08-29 10:10:28 ----D---- C:\Users\GeneSr\AppData\Roaming\Malwarebytes
2012-08-29 10:10:20 ----D---- C:\ProgramData\Malwarebytes
2012-08-29 10:10:20 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-29 10:10:20 ----A---- C:\Windows\system32\drivers\mbam.sys
2012-08-14 20:04:43 ----A---- C:\Windows\system32\mshtmled.dll
2012-08-14 20:04:42 ----A---- C:\Windows\SYSWOW64\url.dll
2012-08-14 20:04:42 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-08-14 20:04:42 ----A---- C:\Windows\system32\url.dll
2012-08-14 20:04:42 ----A---- C:\Windows\system32\iertutil.dll
2012-08-14 20:04:41 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-08-14 20:04:41 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-08-14 20:04:41 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-08-14 20:04:41 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-08-14 20:04:41 ----A---- C:\Windows\system32\urlmon.dll
2012-08-14 20:04:41 ----A---- C:\Windows\system32\ieUnatt.exe
2012-08-14 20:04:41 ----A---- C:\Windows\system32\ieui.dll
2012-08-14 20:04:40 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-08-14 20:04:40 ----A---- C:\Windows\system32\wininet.dll
2012-08-14 20:04:40 ----A---- C:\Windows\system32\jscript9.dll
2012-08-14 20:04:39 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-08-14 20:04:39 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-08-14 20:04:39 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-08-14 20:04:39 ----A---- C:\Windows\system32\jsproxy.dll
2012-08-14 20:04:39 ----A---- C:\Windows\system32\jscript.dll
2012-08-14 20:04:38 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-08-14 20:04:37 ----A---- C:\Windows\system32\mshtml.dll
2012-08-14 20:04:36 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-08-14 20:04:36 ----A---- C:\Windows\system32\ieframe.dll
2012-08-14 18:07:36 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2012-08-14 18:07:36 ----A---- C:\Windows\system32\win32spl.dll
2012-08-14 18:07:36 ----A---- C:\Windows\system32\spoolsv.exe
2012-08-14 18:07:36 ----A---- C:\Windows\splwow64.exe
2012-08-14 14:49:21 ----A---- C:\Windows\SYSWOW64\srclient.dll
2012-08-14 14:49:21 ----A---- C:\Windows\system32\srcore.dll
2012-08-14 14:49:17 ----A---- C:\Windows\SYSWOW64\netapi32.dll
2012-08-14 14:49:17 ----A---- C:\Windows\SYSWOW64\browcli.dll
2012-08-14 14:49:17 ----A---- C:\Windows\system32\netapi32.dll
2012-08-14 14:49:17 ----A---- C:\Windows\system32\browser.dll
2012-08-14 14:49:17 ----A---- C:\Windows\system32\browcli.dll
2012-08-14 14:49:16 ----A---- C:\Windows\system32\win32k.sys
2012-08-14 14:49:14 ----A---- C:\Windows\system32\localspl.dll
2012-08-11 20:04:28 ----D---- C:\Users\GeneSr\AppData\Roaming\Leadertech
2012-08-11 19:29:37 ----D---- C:\Program Files (x86)\MiniTool Partition Wizard Professional Edition 7.5
2012-08-11 07:50:48 ----HD---- C:\ProgramData\k2logs
2012-08-11 00:38:12 ----D---- C:\ModMii

======List of files/folders modified in the last 1 month======

2012-09-06 10:51:29 ----D---- C:\Windows\Prefetch
2012-09-06 10:51:17 ----RD---- C:\Program Files
2012-09-06 10:51:17 ----D---- C:\Windows\Temp
2012-09-06 10:41:00 ----D---- C:\Users\GeneSr\AppData\Roaming\uTorrent
2012-09-06 10:40:56 ----AD---- C:\Windows
2012-09-06 10:37:12 ----D---- C:\Users\GeneSr\AppData\Roaming\vlc
2012-09-06 10:37:11 ----A---- C:\ProgramData\HPWALog.txt
2012-09-06 09:45:46 ----D---- C:\temp
2012-09-06 09:44:29 ----RD---- C:\Program Files (x86)
2012-09-06 08:47:47 ----HD---- C:\ProgramData
2012-09-06 08:19:42 ----D---- C:\Windows\system32\config
2012-09-06 08:11:57 ----D---- C:\Windows\System32
2012-09-06 08:11:57 ----D---- C:\Windows\inf
2012-09-06 08:11:57 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-09-06 08:07:48 ----A---- C:\Windows\SYSWOW64\log.txt
2012-09-05 20:49:59 ----D---- C:\Windows\system32\drivers
2012-09-04 23:25:30 ----D---- C:\Windows\debug
2012-09-04 11:47:53 ----SHD---- C:\System Volume Information
2012-09-04 11:28:33 ----D---- C:\Windows\system32\catroot2
2012-09-04 11:12:27 ----D---- C:\Windows\Tasks
2012-09-04 11:12:27 ----D---- C:\Windows\system32\Tasks
2012-09-04 00:34:22 ----D---- C:\Windows\Minidump
2012-09-03 21:41:55 ----HD---- C:\SPLASH.000
2012-09-02 11:13:09 ----SHD---- C:\boot
2012-09-02 10:55:56 ----D---- C:\Users\GeneSr\AppData\Roaming\Skype
2012-09-02 10:54:35 ----SHD---- C:\Windows\Installer
2012-09-02 10:54:35 ----D---- C:\ProgramData\Skype
2012-09-02 10:54:33 ----RD---- C:\Program Files (x86)\Skype
2012-09-02 10:54:33 ----D---- C:\Program Files (x86)\Common Files
2012-09-02 09:55:33 ----D---- C:\Windows\Resources
2012-09-02 09:53:22 ----D---- C:\Windows\SysWOW64
2012-09-02 09:53:21 ----D---- C:\Program Files (x86)\Java
2012-08-30 20:18:58 ----D---- C:\Program Files (x86)\Calibre2
2012-08-29 10:32:18 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-08-29 01:29:16 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-08-29 00:48:23 ----D---- C:\Users\GeneSr\AppData\Roaming\abgx360
2012-08-28 20:24:56 ----A---- C:\Windows\SYSWOW64\npdeployJava1.dll
2012-08-28 20:24:53 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2012-08-27 20:38:06 ----D---- C:\Program Files (x86)\JDownloader
2012-08-25 12:58:06 ----D---- C:\ProgramData\Adobe
2012-08-25 12:13:35 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-08-25 00:10:39 ----D---- C:\Users\GeneSr\AppData\Roaming\Vso
2012-08-20 03:09:39 ----D---- C:\ntroot
2012-08-19 23:14:27 ----HD---- C:\Windows\SYSWOW64\KAward
2012-08-19 23:13:15 ----A---- C:\Windows\SYSWOW64\4E37A837910D.ini
2012-08-17 14:12:53 ----D---- C:\ProgramData\Temp
2012-08-15 01:23:11 ----D---- C:\ProgramData\Microsoft Help
2012-08-14 20:29:05 ----D---- C:\Windows\winsxs
2012-08-14 20:26:34 ----RSD---- C:\Windows\Fonts
2012-08-14 20:26:34 ----D---- C:\Windows\SYSWOW64\migration
2012-08-14 20:26:34 ----D---- C:\Windows\system32\migration
2012-08-14 20:26:34 ----D---- C:\Program Files\Internet Explorer
2012-08-14 20:26:34 ----D---- C:\Program Files (x86)\Internet Explorer
2012-08-14 20:26:33 ----D---- C:\Windows\system32\DriverStore
2012-08-14 20:05:25 ----D---- C:\Windows\system32\catroot
2012-08-14 20:01:35 ----A---- C:\Windows\system32\MRT.exe
2012-08-11 02:25:31 ----A---- C:\Windows\system32\4E37A837910D.ini
2012-08-09 22:01:06 ----D---- C:\Program Files (x86)\iExplorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 30008]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-08-07 408600]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2011-12-09 275552]
R0 timounter;Acronis Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2011-12-09 971360]
R0 vididr;Acronis Virtual Disk; C:\Windows\system32\DRIVERS\vididr.sys [2011-12-09 210016]
R0 vidsflt53;Acronis Disk Storage Filter (53); C:\Windows\system32\DRIVERS\vsflt53.sys [2011-12-09 141920]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-25 271424]
R1 DVMIO;DVMIO; \??\C:\SPLASH.SYS\config\dvmio.sys [2009-09-27 21624]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-04-28 139704]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 31400]
R1 pfmfs_463;pfmfs_463; C:\Windows\system32\Drivers\pfmfs_463.sys [2010-07-07 249704]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-06-24 166984]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-04-28 124760]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 43320]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2009-05-12 239152]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2010-09-05 3060800]
R3 cbfs3;EldoS Callback File System driver v3; C:\Windows\system32\DRIVERS\cbfs3.sys [2012-04-09 352144]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-15 40648]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 HECIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2009-04-29 18432]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-10-30 7770048]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2009-10-12 151040]
R3 IntcDAud;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2009-09-26 233984]
R3 ManyCam;ManyCam Virtual Webcam; C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 mcaudrv_simple;ManyCam Virtual Microphone; C:\Windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
R3 NMgamingmsFltr;USB Optical Mouse; C:\Windows\system32\drivers\NMgamingms.sys [2009-07-24 11264]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-06-24 82816]
R3 pnetmdm;PdaNet Modem; C:\Windows\system32\DRIVERS\pnetmdm64.sys [2007-03-07 17920]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2009-11-12 200736]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys [2009-10-21 501760]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-19 1394688]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [2011-04-19 1254464]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-03-08 48488]
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
S3 ivusb;Initio Driver for USB Default Controller; C:\Windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
S3 MotDev;Motorola Inc. USB Device; C:\Windows\system32\DRIVERS\motodrv.sys [2009-05-08 53632]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2009-10-27 30208]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver; C:\Windows\system32\DRIVERS\netr28ux.sys [2009-09-15 1061888]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 pwdrvio;pwdrvio; \??\C:\Windows\syswow64\pwdrvio.sys []
S3 pwdspio;pwdspio; \??\C:\Windows\syswow64\pwdspio.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2009-07-13 11264]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-11-12 232480]
S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS []
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 StkAMini;Syntek STK1160; C:\Windows\System32\Drivers\StkAMini.sys []
S3 StkScan;Syntek STK1160 Still Image; C:\Windows\System32\Drivers\StkScan.sys []
S3 StkTMini;Syntek AVStream USB2.0 ATV; C:\Windows\System32\Drivers\StkTMini.sys [2007-11-15 528256]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-13 19968]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-02-15 52736]
S3 usbbus;LGE CDMA Composite USB Device; C:\Windows\system32\DRIVERS\lgx64bus.sys []
S3 UsbDiag;LGE CDMA USB Serial Port; C:\Windows\system32\DRIVERS\lgx64diag.sys []
S3 UsbGps;LGE CDMA USB GPS NMEA Port; C:\Windows\system32\DRIVERS\lgx64gps.sys []
S3 USBModem;LGE CDMA USB Modem; C:\Windows\system32\DRIVERS\lgx64modem.sys []
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [2011-06-22 1191656]
R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [2009-03-03 89600]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 DpHost;@C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128; C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe [2009-12-01 322624]
R2 DvmMDES;DeviceVM Meta Data Export Service; C:\SPLASH.SYS\config\DVMExportService.exe [2009-07-08 323584]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-06-24 810144]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 30520]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-05-19 73728]
R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2009-09-30 268824]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-07-06 247152]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe [2009-10-21 240640]
R2 StkASSrv;Syntek STK1160 Service; C:\Windows\System32\StkASv2K.exe []
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-09-28 49152]
R2 UNS;Intel® Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\Windows\system32\vcsFPService.exe [2010-01-07 1926448]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2011-03-28 799800]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 Com4QLBEx;Com4QLBEx; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-06-24 42360]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-12-12 655624]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-06-07 936848]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-29 114144]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-03-14 779824]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 SKLService64;Run software as Windows service; C:\Program Files (x86)\KAward64\aklservice64.exe []
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-17 1255736]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-05-24 55184]
S4 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840]
S4 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe [2009-06-05 250616]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#11
martinezgene
Posted 06 September 2012 - 11:00 AM

    New Member

  • Members
  • Pip
  • 14 posts
It wouldn't all fit on one post here is the rest



info.txt logfile of random's system information tool 1.09 2012-09-06 10:51:47

======Uninstall list======

-->"C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Bob the Builder Can-Do-Zoo\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Dora's Carnival Adventure\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Family Feud 3\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Game Explorer Categories - main\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\HP Game Console\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Jewel Quest Solitaire 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Mah Jong Medley\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Monopoly\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Mystery P.I. - The New York Fortune\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Peggle Nights\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Plants vs. Zombies\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Poker Superstars III\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Scrabble\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\THE GAME OF LIFE\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Totem Tribe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Virtual Families\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Virtual Villagers - The Secret City\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Wheel of Fortune 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Yahtzee\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Zuma Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\InstallShield Installation Information\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\setup.exe" /z-uninstall
-->C:\Program Files (x86)\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
abgx360 v1.0.6-->"C:\Program Files (x86)\abgx360\uninstall.exe"
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Acronis True Image WD Edition-->MsiExec.exe /X{9B683A28-2172-4CF1-B85D-41375E80652A}
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe -maintain plugin
Adobe Reader 9.5.2 MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-A91000000001}
Adobe Shockwave Player-->MsiExec.exe /X{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}
Alps Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
Any Video Converter 3.3.2-->"C:\Program Files (x86)\AnvSoft\Any Video Converter\unins000.exe"
Apple Application Support-->MsiExec.exe /I{122ADF8C-DDA1-480C-9936-C88F2825B265}
Apple Mobile Device Support-->MsiExec.exe /I{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
calibre-->MsiExec.exe /I{5B079F85-A24D-4642-BF1A-32D5A6B3A003}
Camtasia Studio 7-->MsiExec.exe /I{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}
Canon IJ Network Scan Utility-->"C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSU.exe" /UninstallRemove C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\uninst.ini
Canon IJ Network Tool-->C:\Program Files (x86)\Canon\Canon IJ Network Tool\CNMNUU.exe
Canon MX340 series MP Drivers-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series\DelDrv64.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series /L0x0009
CCleaner-->"C:\Program Files (x86)\CCleaner\uninst.exe"
CloneCD-->"C:\Program Files (x86)\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files (x86)\SlySoft\CloneCD"
ConvertXtoDVD 4.0.10.324-->"C:\Program Files (x86)\VSO\ConvertX\4\unins000.exe"
CyberLink DVD Suite-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
CyberLink DVD Suite-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
DAEMON Tools Pro-->C:\Program Files (x86)\DAEMON Tools Pro\uninst.exe
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{D7453B4F-9A57-4B46-9878-48F90223F8F7}" "1033" "0"
DHTML Editing Component-->MsiExec.exe /X{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
Digital Editions Converter-->"C:\Program Files (x86)\PDFsvg\Digital Editions Converter\Uninstall.exe"
DigitalPersona Personal 4.11-->MsiExec.exe /I{F74D69E5-ECFD-45D1-A87A-341208ADD7CC}
DVD Menu Pack for HP MediaSmart Video-->"C:\Program Files (x86)\InstallShield Installation Information\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}\setup.exe" /z-uninstall
DVD Menu Pack for HP MediaSmart Video-->"C:\Program Files (x86)\InstallShield Installation Information\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}\setup.exe" /z-uninstall /zMS
ENE CIR Receiver Driver-->C:\PROGRA~1\DIFX\3BD8E4BC84D41A4F\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\enecir.inf_amd64_neutral_acae3f801586bfb8\enecir.inf
ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"
ESET Online Scanner v3-->C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
ESU for Microsoft Windows 7-->MsiExec.exe /I{3877C901-7B90-4727-A639-B6ED2DD59D43}
FileZilla Client 3.5.3-->C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe
Hewlett-Packard ACLM.NET v1.1.1.0-->MsiExec.exe /I{6F340107-F9AA-47C6-B54C-C3A19F11553F}
HP 3D DriveGuard-->MsiExec.exe /X{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}
HP Advisor-->MsiExec.exe /X{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}
HP Customer Experience Enhancements-->MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544}
HP Games-->"C:\Program Files (x86)\HP Games\Uninstall.exe"
HP MediaSmart DVD-->"C:\Program Files (x86)\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall
HP MediaSmart DVD-->"C:\Program Files (x86)\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall
HP MediaSmart Internet TV-->"C:\Program Files (x86)\InstallShield Installation Information\{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}\setup.exe" /z-uninstall
HP MediaSmart Internet TV-->"C:\Program Files (x86)\InstallShield Installation Information\{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}\setup.exe" /z-uninstall
HP MediaSmart Live TV-->"C:\Program Files (x86)\InstallShield Installation Information\{67626E09-5366-4480-8F1E-93FADF50CA15}\setup.exe" /z-uninstall
HP MediaSmart Live TV-->"C:\Program Files (x86)\InstallShield Installation Information\{67626E09-5366-4480-8F1E-93FADF50CA15}\setup.exe" /z-uninstall
HP MediaSmart Music/Photo/Video-->"C:\Program Files (x86)\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall
HP MediaSmart Music/Photo/Video-->"C:\Program Files (x86)\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall /zMS
HP MediaSmart SlingPlayer-->MsiExec.exe /I{1747DF05-6890-440B-B094-2146F5DC50E0}
HP MediaSmart SmartMenu-->MsiExec.exe /X{88E60521-1E4E-4785-B9F1-1798A4BD0C30}
HP MediaSmart Software Notebook Demo-->MsiExec.exe /X{82A213BD-B6AA-4281-A2D3-59D51893CC56}
HP MediaSmart Webcam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
HP MediaSmart Webcam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall /z
HP Quick Launch Buttons-->"C:\Program Files (x86)\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -runfromtemp -l0x0009 uninst
HP QuickWeb-->MsiExec.exe /X{21FFAF37-E51A-41AB-8749-ACD1F9CF8E37}
HP Setup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17B4760F-334B-475D-829F-1A3E94A6A4E6}\setup.exe" -l0x9 -removeonly
HP Smart Web Printing 4.60-->C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Update-->MsiExec.exe /X{D46D081B-F60E-467E-A7C4-117B70D76731}
HP User Guides 0186-->MsiExec.exe /X{78915DBA-4FD6-4B85-AC4C-5862BB4D884F}
HP Wireless Assistant-->MsiExec.exe /X{F9A43C0C-F274-4EC0-B02E-202C15C09C00}
HTC Driver Installer-->MsiExec.exe /X{6D6664A9-3342-4948-9B7E-034EFE366F0F}
HTC Sync-->MsiExec.exe /I{DFAA3C20-5968-46A3-B7B0-0AF72D758A59}
iDEN Phonebook Manager-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{67EC0571-4B4E-40C2-8A81-8C1B02D87DB0}\Setup.exe"
IDT Audio-->"C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -remove -removeonly
ImgBurn-->"C:\Program Files (x86)\ImgBurn\uninstall.exe"
Intel® Graphics Media Accelerator Driver-->C:\Program Files (x86)\Intel\Intel® Graphics Media Accelerator Driver\Uninstall\setup.exe -uninstall
Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall
Intel® Matrix Storage Manager-->C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
Internet TV for Windows Media Center-->MsiExec.exe /X{9D318C86-AF4C-409F-A6AC-7183FF4CF424}
IrfanView (remove only)-->C:\Program Files (x86)\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}
Java™ 6 Update 15 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86416015FF}
Java™ 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022F0}
Java™ 6 Update 35-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216033FF}
Java™ SE Development Kit 6 Update 15 (64-bit)-->MsiExec.exe /I{64A3A4F4-B792-11D6-A78A-00B0D0160150}
JDownloader 0.9-->C:\Program Files (x86)\JDownloader\JDUninstall.exe
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
LightScribe System Software-->MsiExec.exe /X{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}
Malwarebytes Anti-Malware version 1.62.0.1300-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
ManyCam 3.0.68 (remove only)-->"C:\Program Files (x86)\ManyCam\uninstall.exe"
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Messenger Companion-->MsiExec.exe /I{50816F92-1652-4A7C-B9BC-48F682742C4B}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /x64 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{8E34682C-8118-31F1-BC4C-98CD9675E1C2}
Microsoft Live Search Toolbar-->c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\OEMSetup.exe /Uninstall
Microsoft Live Search Toolbar-->MsiExec.exe /X{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}
Microsoft Money 2007 Home & Business-->"C:\Program Files (x86)\Microsoft Money 2007\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries-->MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}
Microsoft Money Shared Libraries-->MsiExec.exe /X{7F1B3341-A94E-4F5C-B587-CA0EB964221E}
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0015-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0019-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{99ACCA38-6DD3-48A8-96AE-A283C9759279}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-0000-0000000FF1CE}" "{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0409-1000-0000000FF1CE}" "{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-0409-0000-0000000FF1CE}" "{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{047B0968-E622-4FAA-9B4B-121FA109EDDE}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{4560037C-E356-444A-A015-D21F487D809E}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0115-0409-0000-0000000FF1CE}" "{4560037C-E356-444A-A015-D21F487D809E}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0116-0409-1000-0000000FF1CE}" "{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0117-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-0000-0000000FF1CE}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2010-->MsiExec.exe /X{90140000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall SINGLEIMAGE /dll OSETUP.DLL
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (English) 2010-->MsiExec.exe /X{90140000-002A-0409-1000-0000000FF1CE}
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0116-0409-1000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE}
Microsoft Office Single Image 2010-->MsiExec.exe /X{90140000-003D-0000-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570-->MsiExec.exe /X{8338783A-0968-3B85-AFC7-BAAE0A63DC50}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
MiniTool Partition Wizard Professional Edition 7.5-->"C:\Program Files (x86)\MiniTool Partition Wizard Professional Edition 7.5\unins000.exe"
Movie Theme Pack for HP MediaSmart Video-->"C:\Program Files (x86)\InstallShield Installation Information\{3023EBDA-BF1B-4831-B347-E5018555F26E}\setup.exe" /z-uninstall
Movie Theme Pack for HP MediaSmart Video-->"C:\Program Files (x86)\InstallShield Installation Information\{3023EBDA-BF1B-4831-B347-E5018555F26E}\setup.exe" /z-uninstall /zMS
Mozilla Firefox 15.0 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 7 Premium-->MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Outlook2iDen-->C:\WINDOWS\st6unst.exe -n "C:\Program Files (x86)\Outlook2iDen\ST6UNST.LOG"
PdaNet for Android 2.42-->"C:\Program Files (x86)\PdaNet for Android\unins000.exe"
Pismo File Mount Audit Package-->"C:\Program Files\Pismo File Mount Audit Package\pfmuninstall.exe"
Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
QLBCASL-->MsiExec.exe /I{F1D7AC58-554A-4A58-B784-B61558B1449A}
QuickTime-->MsiExec.exe /I{0E64B098-8018-4256-BA23-C316A43AD9B0}
Realtek Ethernet Controller Driver For Windows Vista and Later-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek USB2.0&PCIE Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe" -runfromtemp -l0x0009 -removeonly
Recovery Manager-->"C:\Program Files (x86)\InstallShield Installation Information\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\setup.exe" /z-uninstall
Rosetta Stone Version 3-->MsiExec.exe /X{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}
SDFormatter-->MsiExec.exe /X{15EB20D6-5F13-41D0-BEF9-C9C44D6AC620}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {9D621E6E-E010-3C80-A055-135891134750} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Extended
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{B76D8C6D-1F13-42A7-9931-D7504CB89D6D}" "1033" "0"
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{3D0733E7-4A94-4BE6-97DA-9F09A26ADE0D}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2553091)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{07CA44F3-F5B3-4D12-8C91-EDC5FE91D45C}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2553096)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{10802A6D-EDBF-4383-BCBD-9D5B32F56D35}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{ED57715B-D523-4EC9-854B-FB3E768E4349}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{CCC48FE2-175F-4CDE-82DF-F7BC4672C1A3}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{CC39BA1F-7A25-440C-86A7-77E35D8CC88C}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{DCE6D0BF-93E4-46C5-9A7C-F1EFF9707C02}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{87149E40-4C8B-4E16-8571-D54E9B817D0B}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{54A1B66B-F5B2-45AD-8B19-5F51A027A1B9}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{B5489515-6DD4-47A5-AE4E-64751D15F10E}" "1033" "0"
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{61461470-8168-4F4B-97B7-617AF354F028}" "1033" "0"
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{337A3FB9-281D-4EC8-9CC1-7F6DDAC2359F}" "1033" "0"
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{0A682BA4-3C78-42C3-8DDF-EB9A6ABE5535}" "1033" "0"
Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
Skype™ 5.10-->MsiExec.exe /X{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}
Ulead VideoStudio SE DVD-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}\Setup.exe" -l0x9
Unity Web Player-->C:\Program Files (x86)\Unity\WebPlayer\Uninstall.exe
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
Update for Microsoft .NET Framework 4 Extended (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2533523)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2600217)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Extended
Update for Microsoft Office 2010 (KB2553065)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{A8686D24-1E89-43A1-973E-05A258D2B3F8}" "1033" "0"
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}" "1033" "0"
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{18B3CF2A-73F7-4716-B1AE-86D68726D408}" "1033" "0"
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{15058154-469F-4794-ACD5-94F8420F9B80}" "1033" "0"
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-0000-0000000FF1CE}" "{995A7832-B512-46D5-87C9-2D71FB541435}" "1033" "0"
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{C06ABC7E-8923-4BB1-A7A2-197F5A3E0973}" "1033" "0"
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{73E67A3A-8D61-44EF-90C2-1697C3DBE668}" "1033" "0"
Update for Microsoft Office 2010 (KB2566458)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{EFB525A0-E1C0-4E32-9968-FE401BC87363}" "1033" "0"
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}" "1033" "0"
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{06ABCB4E-77D8-4420-B2EA-EF51558DBFD1}" "1033" "0"
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{06ABCB4E-77D8-4420-B2EA-EF51558DBFD1}" "1033" "0"
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0409-0000-0000000FF1CE}" "{9865DC3A-2898-48D9-B96A-46397571C934}" "1033" "0"
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{3613AECC-1454-4DDD-AC36-C42DC16D6DEE}" "1033" "0"
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{3613AECC-1454-4DDD-AC36-C42DC16D6DEE}" "1033" "0"
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{5EBDE1DE-3B28-4134-AB00-85CFF2B4F94D}" "1033" "0"
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{38990592-F6A1-4A26-96C7-0600E36AE794}" "1033" "0"
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}" "1033" "0"
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}" "1033" "0"
USB2.0 ATV-->C:\Program Files (x86)\InstallShield Installation Information\{3C873221-12B9-475D-8DCB-62D0B2179AF9}\setup.exe -runfromtemp -l0x0009 -removeonly
USB2.0 ATV-->C:\Windows\StkUnist.exe
USB2.0 Capture Device-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E337B156-DF81-48D8-8977-B1574EE87BCF}\Setup.exe" -l0x9
Validity Sensors DDK-->MsiExec.exe /X{62A20ECA-920E-4052-BF77-88C78DD20FAA}
VLC media player 1.0.5-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live Family Safety-->MsiExec.exe /I{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}
Windows Live Family Safety-->MsiExec.exe /X{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector-->MsiExec.exe /I{027E5FAB-1476-4C59-AAB4-32EF28520399}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}
Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}
Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Messenger Companion Core-->MsiExec.exe /I{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}
Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}
Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}
Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live Remote Client Resources-->MsiExec.exe /I{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}
Windows Live Remote Client-->MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B}
Windows Live Remote Service Resources-->MsiExec.exe /I{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}
Windows Live Remote Service-->MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
Windows Media Center Add-in for Flash-->MsiExec.exe /X{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======System event log======

Computer Name: GeneSr-PC
Event Code: 51
Message: An error was detected on device \Device\Harddisk2\DR3 during a paging operation.
Record Number: 204450
Source Name: Disk
Time Written: 20120623014431.257560-000
Event Type: Warning
User:

Computer Name: GeneSr-PC
Event Code: 1014
Message: Name resolution for the name safebrowsing.clients.google.com timed out after none of the configured DNS servers responded.
Record Number: 204438
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20120623012608.017458-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: GeneSr-PC
Event Code: 4307
Message: Initialization failed because the transport refused to open initial addresses.
Record Number: 204434
Source Name: NetBT
Time Written: 20120623012250.043135-000
Event Type: Error
User:

Computer Name: GeneSr-PC
Event Code: 1014
Message: Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded.
Record Number: 204382
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20120623011305.900724-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: GeneSr-PC
Event Code: 1014
Message: Name resolution for the name urlfilter.vmn.net timed out after none of the configured DNS servers responded.
Record Number: 204357
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20120623010931.662470-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

=====Application event log=====

Computer Name: GeneSr-PC
Event Code: 100
Message: Task Scheduling Error: Continuously busy for more than a second
Record Number: 368588
Source Name: Bonjour Service
Time Written: 20120503160940.000000-000
Event Type: Error
User:

Computer Name: GeneSr-PC
Event Code: 1
Message: LMS Service cannot connect to Intel® MEI driver
Record Number: 368550
Source Name: LMS
Time Written: 20120503152939.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: GENESR-PC
Event Code: 100
Message: DNS Message from 192.168.1.2:5353 to 224.0.0.251:5353 length 0 too short
Record Number: 366055
Source Name: Bonjour Service
Time Written: 20120502035312.000000-000
Event Type: Error
User:

Computer Name: GENESR-PC
Event Code: 100
Message: DNS Message from 192.168.1.2:5353 to 224.0.0.251:5353 length 0 too short
Record Number: 366054
Source Name: Bonjour Service
Time Written: 20120502035312.000000-000
Event Type: Error
User:

Computer Name: GENESR-PC
Event Code: 100
Message: DNS Message from 192.168.1.2:5353 to 224.0.0.251:5353 length 0 too short
Record Number: 366053
Source Name: Bonjour Service
Time Written: 20120502035312.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: GeneSr-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x23d6962

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 98002
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111112230611.613477-000
Event Type: Audit Success
User:

Computer Name: GeneSr-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x23d6b08
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: BONI-PC
Source Network Address: 192.168.1.6
Source Port: 58906

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 98001
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111112230558.313717-000
Event Type: Audit Success
User:

Computer Name: GeneSr-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x23d6962
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: BONI-PC
Source Network Address: 192.168.1.6
Source Port: 58905

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 98000
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111112230557.454668-000
Event Type: Audit Success
User:

Computer Name: GeneSr-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x23d42b3

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 97999
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111112230553.653450-000
Event Type: Audit Success
User:

Computer Name: GeneSr-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x23d4144

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 97998
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111112230553.628449-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Broadcom\Broadcom 802.11\Driver;C:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Common Files\Teleca Shared;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=2502
"OnlineServices"=Online Services
"Platform"=MCD
"PCBRAND"=Pavilion
"asl.log"=Destination=file
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Here is everything. I hope it is good now.

#12
Maurice Naggar
Posted 06 September 2012 - 11:44 AM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,146 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
You will want to print out or copy these instructions to Notepad for Safe offline reference!

These steps are for martinezgene only. If you are a casual viewer, do NOT try this on your system!
If you are not martinezgene and have a similar problem, do NOT post here; start your own topic


The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to any other system!

You will want to print out or copy these instructions to Notepad for offline reference!

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
For help reference, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

If you have a prior copy of Combofix, delete it now !

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages
It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.
You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.
Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)


Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

Posted Image


Posted Image


* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop
If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.


2. Open notepad and copy/paste the text in the quotebox below into it:

http://forums.malwarebytes.org/index.php?showtopic=115294
KILLALL::

Suspect::[4] 
uRun: [appmanager] C:\Users\GeneSr\AppData\Roaming\New folder\ufile.exe

Driver::
appmanager

Registry:: 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"appmanager"=-

File::
C:\Users\GeneSr\AppData\Roaming\New folder\ufile.exe

Folder::
C:\Users\GeneSr\AppData\Roaming\New folder

Save this as CFScript.txt, in the same location as ComboFix.exe

3. Close any (all) open browsers.

4:
Posted Image


Refering to the picture above, drag CFScript into ComboFix.exe

When CF finishes running, it pops out with the CF log and this message box:
Posted Image


Clicking OK will begin the auto-upload of the zipped file.
Posted Image


When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

Notes:
[1] IF after Combofix reboot you get the message

Quote

Illegal operation attempted on registry key that has been marked for deletion
....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed. :excl:

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.
That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh !

RE-Enable your antivirus program when all done :excl:

Edited by Maurice Naggar, 06 September 2012 - 11:47 AM.

~Maurice Naggar

I close my threads if there is 5 days without a response.

#13
martinezgene
Posted 06 September 2012 - 04:44 PM

    New Member

  • Members
  • Pip
  • 14 posts
ComboFix 12-09-06.02 - GeneSr 09/06/2012 16:14:45.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2530 [GMT -5:00]
Running from: c:\users\GeneSr\Desktop\Combo-Fix.exe
Command switches used :: c:\users\GeneSr\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\GeneSr\AppData\Roaming\New folder\ufile.exe"
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\GeneJr\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A50461EC-BEAC-44C3-B4DD-061044DD1C81}.xps
c:\users\GeneJr\AppData\Roaming\.#
c:\users\GeneSr\AppData\Roaming\.#
.
.
((((((((((((((((((((((((( Files Created from 2012-08-06 to 2012-09-06 )))))))))))))))))))))))))))))))
.
.
2012-09-06 21:23 . 2012-09-06 21:23 -------- d-----w- c:\users\Mcx1-GENESR-PC\AppData\Local\temp
2012-09-06 21:23 . 2012-09-06 21:23 -------- d-----w- c:\users\GeneJr\AppData\Local\temp
2012-09-06 21:23 . 2012-09-06 21:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-06 15:51 . 2012-09-06 15:51 -------- d-----w- c:\program files\trend micro
2012-09-06 15:51 . 2012-09-06 15:51 -------- d-----w- C:\rsit
2012-09-06 01:52 . 2012-09-06 05:15 -------- d-----w- c:\users\GeneSr\DoctorWeb
2012-09-06 01:32 . 2012-09-06 01:38 16200 ----a-w- c:\windows\stinger.sys
2012-09-06 01:30 . 2012-09-06 01:43 -------- d-----w- c:\program files (x86)\stinger
2012-09-04 20:50 . 2012-09-04 20:50 -------- d-----w- c:\program files (x86)\ESET
2012-09-04 15:44 . 2012-09-04 15:45 -------- d-----w- c:\program files (x86)\ERUNT
2012-09-02 15:54 . 2012-09-02 15:54 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-02 15:17 . 2012-09-02 15:17 -------- d-----w- c:\programdata\IObit
2012-08-29 15:10 . 2012-08-29 15:10 -------- d-----w- c:\users\GeneSr\AppData\Roaming\Malwarebytes
2012-08-29 15:10 . 2012-08-29 15:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-29 15:10 . 2012-08-29 15:10 -------- d-----w- c:\programdata\Malwarebytes
2012-08-29 15:10 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-29 06:29 . 2012-08-29 06:29 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-20 08:09 . 2012-08-20 08:09 -------- d-----w- c:\users\GeneSr\AppData\Local\ESET
2012-08-14 23:07 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-14 23:07 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-14 23:07 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-14 23:07 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-14 19:49 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-14 19:49 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-14 19:49 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-14 19:49 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-14 19:49 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-14 19:49 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-14 19:49 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-14 19:49 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-12 01:04 . 2012-08-12 01:04 -------- d-----w- c:\users\GeneSr\AppData\Roaming\Leadertech
2012-08-12 00:29 . 2012-08-12 00:36 -------- d-----w- c:\program files (x86)\MiniTool Partition Wizard Professional Edition 7.5
2012-08-11 12:50 . 2012-08-11 12:50 -------- d--h--w- c:\programdata\k2logs
2012-08-11 05:38 . 2012-08-28 01:26 -------- d-----w- C:\ModMii
2012-08-08 00:21 . 2012-08-08 00:21 -------- d-----w- c:\users\GeneJr\AppData\Local\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-29 01:24 . 2012-05-11 04:27 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-29 01:24 . 2010-06-16 23:25 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-25 17:13 . 2012-04-05 15:43 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-25 17:13 . 2011-05-19 20:52 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 01:01 . 2010-06-17 16:55 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-06-29 10:04 . 2012-08-07 14:17 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{414CDAF6-A0D7-49DE-99AD-71BC67041F60}\mpengine.dll
2012-06-18 18:34 . 2010-06-17 16:36 19032 ------w- c:\windows\system32\pwdrvio.sys
2012-06-18 18:34 . 2010-06-17 16:36 12384 ------w- c:\windows\system32\pwdspio.sys
2012-06-18 18:34 . 2010-06-17 16:36 2966720 ----a-w- c:\windows\system32\pwNative.exe
2012-06-09 05:43 . 2012-07-11 18:03 14172672 ----a-w- c:\windows\system32\shell32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 21:27 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
@="{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}"
[HKEY_CLASSES_ROOT\CLSID\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
2010-07-07 17:57 153064 ----a-w- c:\windows\SysWOW64\pfmshx_463.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-12-01 842816]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux8"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2011-04-19 1254464]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2009-05-08 53632]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-29 114144]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2009-09-15 1061888]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-06-18 19032]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-06-18 12384]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-11-12 232480]
R3 SKLService64;Run software as Windows service;c:\program files (x86)\KAward64\aklservice64.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 StkTMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkTMini.sys [2007-11-16 528256]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgx64gps.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-17 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2011-12-09 210016]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2011-12-09 141920]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-26 271424]
S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-09-27 21624]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-28 139704]
S1 pfmfs_463;pfmfs_463;c:\windows\system32\Drivers\pfmfs_463.sys [2010-07-07 249704]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [2009-03-03 89600]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-07-09 323584]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-06-24 166984]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-06-24 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-04-28 124760]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-07 1926448]
S3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\DRIVERS\cbfs3.sys [2012-04-09 352144]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-13 151040]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-09-26 233984]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
S3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2009-07-24 11264]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-06-24 82816]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [2007-03-07 17920]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2009-11-12 200736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 15:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-04 c:\windows\Tasks\HPCeeScheduleForGeneSr.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 21:27 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
@="{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}"
[HKEY_CLASSES_ROOT\CLSID\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
2010-07-07 17:57 173544 ----a-w- c:\windows\System32\pfmshx_463.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-10 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-10 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-10 408600]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-15 318464]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-10-21 487424]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-05 171520]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2903688]
"combofix"="c:\combo-fix\CF11400.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - /105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\GeneSr\AppData\Roaming\Mozilla\Firefox\Profiles\638qymbk.default\
FF - prefs.js: browser.search.selectedEngine - Facemoods Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=F4DDF5C4AAEC7723D2A57A4FE444835C&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\windows\SysWOW64\StkASv2K.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
.
**************************************************************************
.
Completion time: 2012-09-06 16:38:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-06 21:38
.
Pre-Run: 67,530,715,136 bytes free
Post-Run: 67,748,995,072 bytes free
.
- - End Of File - - 0C48D82BD4F657D447B97C85B1B68F1C


I hope it is clean,

Thanks again

#14
Maurice Naggar
Posted 06 September 2012 - 06:11 PM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,146 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
You will want to print out or copy these instructions to Notepad for Safe offline reference!

These steps are for martinezgene only. If you are a casual viewer, do NOT try this on your system!
If you are not martinezgene and have a similar problem, do NOT post here; start your own topic


The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to any other system!

You will want to print out or copy these instructions to Notepad for offline reference!

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
For help reference, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

If you have a prior copy of Combofix, delete it now !

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages
It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.
You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.
Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)


2. Open notepad and copy/paste the text in the quotebox below into it:

Registry:: 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

3. Close any (all) open browsers.

4:
Posted Image


Refering to the picture above, drag CFScript into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

Notes:
[1] IF after Combofix reboot you get the message

Quote

Illegal operation attempted on registry key that has been marked for deletion
....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.
That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh !

Save and close any work documents, close any apps that you started.
Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.
Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.
Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & Paste the contents of the MBAM scan log.

Make sure your antivirus program is back ON.

Edited by Maurice Naggar, 06 September 2012 - 06:12 PM.

~Maurice Naggar

I close my threads if there is 5 days without a response.

#15
martinezgene
Posted 06 September 2012 - 06:27 PM

    New Member

  • Members
  • Pip
  • 14 posts
sorry I am a little confused do I run combofix before step 2 then again after it create the CFScript.txt which is step 4. I don't want mess this up.

#16
Maurice Naggar
Posted 07 September 2012 - 05:38 AM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,146 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
You run it only 1 time after first creating CFScript.txt (which when you save, you need to allow to over-write the old CFScript).

~Maurice Naggar

I close my threads if there is 5 days without a response.

#17
martinezgene
Posted 07 September 2012 - 10:55 AM

    New Member

  • Members
  • Pip
  • 14 posts
Here is the first log of combofix. I am restarting my system then I will run malwarebytes

ComboFix 12-09-07.03 - GeneSr 09/07/2012 10:29:39.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2435 [GMT -5:00]
Running from: c:\users\GeneSr\Desktop\ComboFix.exe
Command switches used :: c:\users\GeneSr\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-07 to 2012-09-07 )))))))))))))))))))))))))))))))
.
.
2012-09-07 15:37 . 2012-09-07 15:37 -------- d-----w- c:\users\Mcx1-GENESR-PC\AppData\Local\temp
2012-09-07 15:37 . 2012-09-07 15:37 -------- d-----w- c:\users\GeneJr\AppData\Local\temp
2012-09-07 15:37 . 2012-09-07 15:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-06 21:11 . 2012-09-06 21:39 -------- d-----w- C:\Combo-Fix
2012-09-06 15:51 . 2012-09-06 15:51 -------- d-----w- c:\program files\trend micro
2012-09-06 15:51 . 2012-09-06 15:51 -------- d-----w- C:\rsit
2012-09-06 01:52 . 2012-09-06 05:15 -------- d-----w- c:\users\GeneSr\DoctorWeb
2012-09-06 01:32 . 2012-09-06 01:38 16200 ----a-w- c:\windows\stinger.sys
2012-09-06 01:30 . 2012-09-06 01:43 -------- d-----w- c:\program files (x86)\stinger
2012-09-04 20:50 . 2012-09-04 20:50 -------- d-----w- c:\program files (x86)\ESET
2012-09-04 15:44 . 2012-09-04 15:45 -------- d-----w- c:\program files (x86)\ERUNT
2012-09-02 15:54 . 2012-09-02 15:54 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-02 15:17 . 2012-09-02 15:17 -------- d-----w- c:\programdata\IObit
2012-08-29 15:10 . 2012-08-29 15:10 -------- d-----w- c:\users\GeneSr\AppData\Roaming\Malwarebytes
2012-08-29 15:10 . 2012-08-29 15:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-29 15:10 . 2012-08-29 15:10 -------- d-----w- c:\programdata\Malwarebytes
2012-08-29 15:10 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-29 06:29 . 2012-08-29 06:29 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-20 08:09 . 2012-08-20 08:09 -------- d-----w- c:\users\GeneSr\AppData\Local\ESET
2012-08-14 23:07 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-14 23:07 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-14 23:07 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-14 23:07 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-14 19:49 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-14 19:49 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-14 19:49 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-14 19:49 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-14 19:49 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-14 19:49 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-14 19:49 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-14 19:49 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-12 01:04 . 2012-08-12 01:04 -------- d-----w- c:\users\GeneSr\AppData\Roaming\Leadertech
2012-08-12 00:29 . 2012-08-12 00:36 -------- d-----w- c:\program files (x86)\MiniTool Partition Wizard Professional Edition 7.5
2012-08-11 12:50 . 2012-08-11 12:50 -------- d--h--w- c:\programdata\k2logs
2012-08-11 05:38 . 2012-08-28 01:26 -------- d-----w- C:\ModMii
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-29 01:24 . 2012-05-11 04:27 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-29 01:24 . 2010-06-16 23:25 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-25 17:13 . 2012-04-05 15:43 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-25 17:13 . 2011-05-19 20:52 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 01:01 . 2010-06-17 16:55 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-06-29 10:04 . 2012-08-07 14:17 9133488 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{414CDAF6-A0D7-49DE-99AD-71BC67041F60}\mpengine.dll
2012-06-18 18:34 . 2010-06-17 16:36 19032 ------w- c:\windows\system32\pwdrvio.sys
2012-06-18 18:34 . 2010-06-17 16:36 12384 ------w- c:\windows\system32\pwdspio.sys
2012-06-18 18:34 . 2010-06-17 16:36 2966720 ----a-w- c:\windows\system32\pwNative.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-06_21.34.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-09-06 21:24 . 2012-09-06 21:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-07 15:38 . 2012-09-07 15:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-06 21:24 . 2012-09-06 21:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-07 15:38 . 2012-09-07 15:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-09-07 15:43 660546 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-09-06 21:29 660546 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-07 15:43 121442 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-09-06 21:29 121442 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-09-06 21:23 412804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-07 15:37 412804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-06-16 20:26 . 2012-09-07 15:37 11188004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2012704306-2476911596-1284546715-1001-8192.dat
- 2010-06-16 20:26 . 2012-09-06 21:23 11188004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2012704306-2476911596-1284546715-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 21:27 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
@="{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}"
[HKEY_CLASSES_ROOT\CLSID\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
2010-07-07 17:57 153064 ----a-w- c:\windows\SysWOW64\pfmshx_463.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-12-01 842816]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux8"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2011-04-19 1254464]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2009-05-08 53632]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-29 114144]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2009-09-15 1061888]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-06-18 19032]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-06-18 12384]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-11-12 232480]
R3 SKLService64;Run software as Windows service;c:\program files (x86)\KAward64\aklservice64.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 StkTMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkTMini.sys [2007-11-16 528256]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgx64gps.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-17 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2011-12-09 210016]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2011-12-09 141920]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-26 271424]
S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-09-27 21624]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-28 139704]
S1 pfmfs_463;pfmfs_463;c:\windows\system32\Drivers\pfmfs_463.sys [2010-07-07 249704]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [2009-03-03 89600]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-07-09 323584]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-06-24 166984]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-06-24 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-04-28 124760]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-07 1926448]
S3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\DRIVERS\cbfs3.sys [2012-04-09 352144]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-13 151040]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-09-26 233984]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
S3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2009-07-24 11264]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-06-24 82816]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [2007-03-07 17920]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2009-11-12 200736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 15:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-04 c:\windows\Tasks\HPCeeScheduleForGeneSr.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 21:27 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
@="{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}"
[HKEY_CLASSES_ROOT\CLSID\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
2010-07-07 17:57 173544 ----a-w- c:\windows\System32\pfmshx_463.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-10 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-10 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-10 408600]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-15 318464]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-10-21 487424]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-05 171520]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2903688]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - /105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\GeneSr\AppData\Roaming\Mozilla\Firefox\Profiles\638qymbk.default\
FF - prefs.js: browser.search.selectedEngine - Facemoods Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=F4DDF5C4AAEC7723D2A57A4FE444835C&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\windows\SysWOW64\StkASv2K.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-09-07 10:50:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-07 15:50
ComboFix2.txt 2012-09-06 21:38
.
Pre-Run: 71,812,931,584 bytes free
Post-Run: 75,772,493,824 bytes free
.
- - End Of File - - 9B3BF8C09D11CCC767776B9E2E911BB7

#18
martinezgene
Posted 07 September 2012 - 11:54 AM

    New Member

  • Members
  • Pip
  • 14 posts
Here is the malware log. Please tell me it is good to go. I know I have said it before but thanks again for all your help and time

Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.07.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
GeneSr :: GENESR-PC [administrator]

Protection: Enabled

9/7/2012 11:01:01 AM
mbam-log-2012-09-07 (11-01-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 244326
Time elapsed: 3 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#19
Maurice Naggar
Posted 07 September 2012 - 01:04 PM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,146 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
Three utilities that you always need to monitor for updates are: Java runtime, Flash Player, & Adobe Reader.
The publishers release security updates regularly and if you do not have them, the bad guys always have their methods to infect you if you have to fall-into the wrong website or even view an infected document or view an infected video or even an infected ad.

Adobe Flash
To de-install Flash Player
Use Programs and Features (Windows 7 & Vista) or Add-or-Remove Programs (Windows XP) to de-install older versions of Flash Player.

For stubborn cases,
Download and save the Flash Player uninstaller >> uninstall Flash Player for 32-bit Windows<<

If you have Windows 64-bit, use this Flash Player uninstaller >> uninstall Flash Player for 64-bit Windows<<


Close all browsers and instant messenger (IM) programs.
Run the uninstaller.


To get latest Flash Player
Go to http://www.adobe.com/go/getflash
and get the latest Flash Player

Un-Check any checkbox for McAfee Security Scan Plus, or Google or any other widget or toolbar !!!


Reference: How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
http://support.microsoft.com/kb/827218

Adobe Reader
Older versions of Adobe Reader pose a potential security risk.
De-install your Adobe Reader: Use Control Panel's Program and Features, Un-install Adobe Reader.
Get latest Adobe Reader version
http://get.adobe.com/reader/
Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

Java runtime
Posted Image Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Accept the EULA & Download the latest version of >> Windows Offline << from here
    or >> from here <<
    and save it to your desktop.

  • Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

  • Close any programs you may have running - especially your web browser(s).
  • Go to Start > Settings > Control Panel, select Programs and Features and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.

  • Reboot your computer once all Java components are removed.

  • Then from your desktop double-click on jre-7u7-windows-i586.exe to install the newest version.
    ( jre-7u7-windows-x64.exe if this is a 64-bit Windows o.s.)
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) Posted Image
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:
Click Advanced Tab. Expand the Miscellaneous item.
UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

Cleanups
We can wrap this up now. I see that you are clear of your original issues.
If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it Combo-Fix Posted Image),
put that name in the RUN box stated just below.
The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.
Note the space before the slash mark.
The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

  • Highlight the line in this CODEBOX.
    Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
    c:\users\GeneSr\Desktop\Combo-Fix.exe /uninstall

  • Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.

    Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
    Then tap Enter

IF in the case Combofix un-install has an issue, skip that step.

NEXT

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:
SecurityCheck.exe
Stinger.exe
DrWeb Cure-It
CFscript.txt
RSITx64.exe

Use Control Panel's Program and Features, Un-install ESET Online scanner
Exit Control Panel

Safer practices & malware prevention
We are finished here. Best regards. Posted Image
~Maurice Naggar

I close my threads if there is 5 days without a response.

#20
martinezgene
Posted 07 September 2012 - 05:16 PM

    New Member

  • Members
  • Pip
  • 14 posts
I did everything that was listed. Should I install SpywareBlaster along with malewarebytes or should I uninstall maleware? Thanks again for all your help.
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us