also @ TechSpot: Bitcoin's big mystery: who created the virtual currency system?

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

[A] Sirefef.fy has taken over

Discussion in 'Virus and Malware Removal' started by Viatos, Aug 10, 2012.

Page 2 of 3

Viatos Newcomer, in training Posts: 24

Extras.txt

OTL Extras logfile created on: 8/11/2012 9:47:24 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Viatos\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 5.65 Gb Available Physical Memory | 70.85% Memory free
15.95 Gb Paging File | 13.36 Gb Available in Paging File | 83.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 245.84 Gb Total Space | 55.94 Gb Free Space | 22.76% Space Free | Partition Type: NTFS
Drive D: | 194.91 Gb Total Space | 87.01 Gb Free Space | 44.64% Space Free | Partition Type: NTFS
Drive Z: | 465.75 Gb Total Space | 465.05 Gb Free Space | 99.85% Space Free | Partition Type: NTFS

Computer Name: ALHAZRED | User Name: Viatos | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2104077627-2372248632-2989925620-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromiumHTML] -- C:\Program Files (x86)\SRWare Iron\iron.exe (SRWare)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{50AD731E-8A5F-4383-868D-76AAC2F05A48}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F4E214-A611-4952-B48F-59208E55F104}" = protocol=58 | dir=in | app=system |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Intel(R) PROSet/Wireless WiFi Software
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4A5AC986-912D-4B40-BF2C-7A159923632D}" = Fresco Logic USB3.0 Host Controller
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7095F86C-BB1A-4254-96A0-7C63A1F8D403}" = TortoiseSVN 1.7.3.22386 (64 bit)
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.16
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.16
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.16
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBCA6D68-2FBE-4A52-8EAA-856CFEA714C8}" = Intel® PROSet/Wireless WiMAX Software
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"GameFast_is1" = GameFast.exe
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"Rotation Desktop for G Series_is1" = Rotation Desktop for G Series.exe
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C4FF2FE-9E75-4DBF-B2DA-11CE1F10C4B5}" = Roxio AACS Certificate
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{19EA33FB-B34E-40EA-8B8A-61743AEB795A}" = Wireless Console 3
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{24176A21-AFC8-3DCC-A2BB-901734AA64B9}" = Google Talk Plugin
"{2436A979-497D-47C4-B448-D0625035F77E}" = Nero Video 11
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3648886E-B7B7-49E2-8C7F-BB440F979DB5}_is1" = RifE 1.31
"{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"{36E0CAAD-D410-4CA8-9AC0-BBE2691B4A19}" = calibre
"{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{51485B01-005D-40DA-A416-097995B61268}" = Nero 11 Collection 1
"{578485F8-60F3-4C61-9183-0698E581B902}" = From Dust
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{6037B8AD-7D5B-4D50-9BCA-A586C44EEF34}" = Ace of Spades
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS FaceLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8096752A-E1BF-4D2E-999C-65D471E1F5F1}_is1" = RifE 1.31 Religious Soundtracks
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9907D913-3672-4C73-8B47-7D69FB4FE3B3}_is1" = RifE 1.4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B11AB9C8-18A6-41DC-98B4-4988CC030136}" = THX TruStudio
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C03F3D5B-0D83-4F81-A324-32F4E7F1BF6A}" = Roxio CinePlayer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 15.0.900.2
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C734578-A91A-4466-8D98-1CA9E286F48E}_is1" = FFH Wild Mana 8.34
"{CB5CB8BF-D93F-4CCD-9D87-29368010DB2A}_is1" = Master of Mana 1.3
"{CD7D9B17-B96B-44F9-AC78-233137325FED}_is1" = RifE 1.31.195
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{EFAE77E4-0AF7-4B6D-8140-538EE6481CA2}_is1" = RifE 1.30
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F6D8331A-FC4F-4EC6-834E-BAE578E5D93F}" = Roxio CinePlayer
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"Anathema" = Anathema
"Asus Vibe2.0" = AsusVibe2.0
"AsusScr_G74 Series_ENG" = AsusScr_G74 Series_ENG
"BOSS" = BOSS
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
"Google Chrome" = Google Chrome
"InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mass Effect 2_is1" = Mass Effect 2
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PowerISO" = PowerISO
"Steam App 203850" = Microsoft Flight
"Steam App 440" = Team Fortress 2
"The Elder Scrolls V Skyrim Update 1.7.7.0.6 1.7.7.0.6" = The Elder Scrolls V Skyrim Update 1.7.7.0.6 1.7.7.0.6
"The Sith Lords Restored Content Mod_is1" = TSLRCM 1.6
"The Witcher 2 - Assassins of Kings Enhanced Edition_is1" = The Witcher 2 - Assassins of Kings Enhanced Edition
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"Warcraft III Reign of Chaos & The Frozen Throne" = Warcraft III Reign of Chaos & The Frozen Throne
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2104077627-2372248632-2989925620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Flux" = F.lux
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/13/2012 5:18:19 PM | Computer Name = Alhazred | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: mshtml.dll, version: 9.0.8112.16443, time
stamp: 0x4f4c81a4 Exception code: 0xc0000005 Fault offset: 0x00000000002ecf42 Faulting
process id: 0x54bc Faulting application start time: 0x01cd613cd3e5f933 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\mshtml.dll
Report
Id: 4485c5e8-cd30-11e1-9273-14dae920e85b

Error - 7/13/2012 5:25:03 PM | Computer Name = Alhazred | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: mshtml.dll, version: 9.0.8112.16443, time
stamp: 0x4f4c81a4 Exception code: 0xc0000005 Fault offset: 0x00000000002ecf42 Faulting
process id: 0xcf0 Faulting application start time: 0x01cd613db9d9c809 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\mshtml.dll
Report
Id: 354d7fa5-cd31-11e1-9273-14dae920e85b

Error - 7/13/2012 5:31:41 PM | Computer Name = Alhazred | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: mshtml.dll, version: 9.0.8112.16443, time
stamp: 0x4f4c81a4 Exception code: 0xc0000005 Fault offset: 0x00000000002ecf42 Faulting
process id: 0x35e8 Faulting application start time: 0x01cd613eaaa99835 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\mshtml.dll
Report
Id: 228cefc4-cd32-11e1-9273-14dae920e85b

Error - 7/13/2012 5:38:17 PM | Computer Name = Alhazred | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: mshtml.dll, version: 9.0.8112.16443, time
stamp: 0x4f4c81a4 Exception code: 0xc0000005 Fault offset: 0x00000000002ecf42 Faulting
process id: 0x6e0c Faulting application start time: 0x01cd613f97f23037 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\mshtml.dll
Report
Id: 0e920689-cd33-11e1-9273-14dae920e85b

Error - 7/13/2012 5:45:19 PM | Computer Name = Alhazred | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x0000006b45ad7000 Faulting process id: 0x550c Faulting
application start time: 0x01cd6140873985e3 Faulting application path: C:\Windows\system32\svchost.exe
Faulting
module path: unknown Report Id: 0a1e8fc4-cd34-11e1-9273-14dae920e85b

Error - 7/13/2012 5:52:02 PM | Computer Name = Alhazred | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: mshtml.dll, version: 9.0.8112.16443, time
stamp: 0x4f4c81a4 Exception code: 0xc0000005 Fault offset: 0x00000000002ecf42 Faulting
process id: 0xccc Faulting application start time: 0x01cd614181c58b4c Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\mshtml.dll
Report
Id: f9c9d8d7-cd34-11e1-9273-14dae920e85b

Error - 7/13/2012 5:58:02 PM | Computer Name = Alhazred | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: mshtml.dll, version: 9.0.8112.16443, time
stamp: 0x4f4c81a4 Exception code: 0xc0000005 Fault offset: 0x00000000002ecf42 Faulting
process id: 0x2318 Faulting application start time: 0x01cd61426f45129c Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\mshtml.dll
Report
Id: d0572b34-cd35-11e1-9273-14dae920e85b

Error - 7/13/2012 6:04:27 PM | Computer Name = Alhazred | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000006b02d0 Faulting process id: 0x2a50 Faulting
application start time: 0x01cd614345b9374a Faulting application path: C:\Windows\system32\svchost.exe
Faulting
module path: unknown Report Id: b65ea964-cd36-11e1-9273-14dae920e85b

Error - 7/13/2012 6:11:28 PM | Computer Name = Alhazred | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00006b4779e00000 Faulting process id: 0x1ca0 Faulting
application start time: 0x01cd6144322eebd5 Faulting application path: C:\Windows\system32\svchost.exe
Faulting
module path: unknown Report Id: b0f891b1-cd37-11e1-9273-14dae920e85b

Error - 7/13/2012 6:18:14 PM | Computer Name = Alhazred | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: mshtml.dll, version: 9.0.8112.16443, time
stamp: 0x4f4c81a4 Exception code: 0xc0000005 Fault offset: 0x00000000002ecf42 Faulting
process id: 0x6144 Faulting application start time: 0x01cd614527f085f9 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\mshtml.dll
Report
Id: a2bf218a-cd38-11e1-9273-14dae920e85b

Error - 7/13/2012 6:24:47 PM | Computer Name = Alhazred | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: mshtml.dll, version: 9.0.8112.16443, time
stamp: 0x4f4c81a4 Exception code: 0xc0000005 Fault offset: 0x00000000002ecf42 Faulting
process id: 0x6de4 Faulting application start time: 0x01cd61461809ada8 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\mshtml.dll
Report
Id: 8d8d3a61-cd39-11e1-9273-14dae920e85b

[ System Events ]
Error - 7/30/2012 2:30:02 PM | Computer Name = Alhazred | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 7/30/2012 2:30:02 PM | Computer Name = Alhazred | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 7/30/2012 2:30:13 PM | Computer Name = Alhazred | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 7/30/2012 2:30:13 PM | Computer Name = Alhazred | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 7/30/2012 2:30:13 PM | Computer Name = Alhazred | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 7/30/2012 2:30:13 PM | Computer Name = Alhazred | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 7/30/2012 6:39:41 PM | Computer Name = Alhazred | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 7/30/2012 6:39:41 PM | Computer Name = Alhazred | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 7/30/2012 6:39:41 PM | Computer Name = Alhazred | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 7/30/2012 6:39:41 PM | Computer Name = Alhazred | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

< End of report >

Viatos, Aug 11, 2012

#21
Broni Malware Annihilator Posts: 39,288 +175
All clean

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.
Broni, Aug 11, 2012

#22
Viatos Newcomer, in training Posts: 24

checkup.txt

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java(TM) 6 Update 31
Java(TM) 7 Update 5
Adobe Reader X (10.1.3)
Google Chrome 21.0.1180.60
Google Chrome 21.0.1180.75
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````

Viatos, Aug 12, 2012

#23
Viatos Newcomer, in training Posts: 24

FSS.txt

Farbar Service Scanner Version: 06-08-2012
Ran by Viatos (administrator) on 12-08-2012 at 00:49:54
Running from "C:\Users\Viatos\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Viatos, Aug 12, 2012

#24
Viatos Newcomer, in training Posts: 24

Temp File Cleaner ran for just under two hours (seemed to hit a brick wall after cleaning %systemroot%\...\Temporary Internet Files). I stopped and restarted it (I had to kill it from Task Manager as its Exit function and red clickable X both 'clicked' but to no effect) and it's still taking super long now that it's hit that point, but the green "doing stuff" bar varies speed occasionally so I am not sure if it is legitimately slogging through or if something is wrong. I'll leave it run for now; should I try a computer restart?

It did close my applications as advertised, but it has not made the desktop disappear.

Viatos, Aug 12, 2012

#25

Broni Malware Annihilator Posts: 39,288 +175

Re-run it from safe mode.

Broni, Aug 12, 2012

#26

Viatos Newcomer, in training Posts: 24

It just freezes - same point, immediately after cleaning %systemroot%'s Temporary Internet Files.

Also, Windows installed like 23 updates, for a total of 6732 update actions, many of which seemed to involve the registry, when I restarted.

Viatos, Aug 12, 2012

#27
Broni Malware Annihilator Posts: 39,288 +175

Download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Unselect Cookies.
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Unselect Cookies.
Click the Empty Selected button.

If you use Opera browser
Click Opera at the top and choose: Select All
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Unselect Cookies.
Click the Empty Selected button.

Click Exit on the Main menu to close the program.

Broni, Aug 12, 2012

#28
Viatos Newcomer, in training Posts: 24

ATFCleaner worked like a charm and cleaned 30.54 MB.

ESETscan.txt

C:\FRST\Quarantine\services.exe
Win64/Patched.B.Gen trojandeleted - quarantined
C:\FRST\Quarantine\{7b4daeba-da5c-0677-b4d7-3a253913c31d}\nWin64/Sirefef.W trojancleaned by deleting - quarantined
C:\FRST\Quarantine\{7b4daeba-da5c-0677-b4d7-3a253913c31d}\U\80000000.@Win64/Sirefef.AL trojancleaned by deleting - quarantined
C:\FRST\Quarantine\{7b4daeba-da5c-0677-b4d7-3a253913c31d}\{7b4daeba-da5c-0677-b4d7-3a253913c31d}\nWin64/Sirefef.W trojancleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\ProgramData\adob\123.reg.virREG/RunKeys.NAI trojancleaned by deleting - quarantined
C:\Windows\System32\mprdin.dlla variant of Win32/Delf.OGP trojancleaned by deleting (after the next restart) - quarantined
D:\Torrents\RegGenie v2.0 By Harsh\RegGenie.v2.0. + Keygen.rara variant of Win32/Adware.RegGenie applicationdeleted - quarantined
D:\Torrents\SKYRIM_UPDATE_1.7.7\Setup.exeREG/RunKeys.NAI trojancleaned by deleting - quarantined

Viatos, Aug 12, 2012

#29
Broni Malware Annihilator Posts: 39,288 +175

Don't forget to re-enable MSE.

Uninstall Java(TM) 6 Update 31.

We have one corrupted registry key affecting Windows updates.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/

Download Seven.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip the file.
You'll find several files inside.
Double click on bits.reg file and confirm the prompt.
Restart computer.
Post new FSS log.

Broni, Aug 12, 2012

#30
Viatos Newcomer, in training Posts: 24

MSE cannot update definitions, citing Internet connectivity, except the Internet works fine.

Uninstalled Java 6-31. I still have Java 7-5.

Created recovery point.

Ran bits.reg.

FSS.txt

Farbar Service Scanner Version: 06-08-2012
Ran by Viatos (administrator) on 12-08-2012 at 17:14:01
Running from "C:\Users\Viatos\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Viatos, Aug 12, 2012

#31
Broni Malware Annihilator Posts: 39,288 +175

ZeroAccess rootkit is know for messing with MSE.

Did you try to update MSE AFTER running registry fix and restarting computer?

If so, reinstall MSE.

Broni, Aug 12, 2012

#32
Viatos Newcomer, in training Posts: 24

Ah! I tried it again now (I had tried it BEFORE running registry fix) and it updated successfuly.

Viatos, Aug 12, 2012

#33
Broni Malware Annihilator Posts: 39,288 +175
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL :Commands [purity] [emptytemp] [EMPTYFLASH] [emptyjava] [CLEARALLRESTOREPOINTS] [Reboot]

Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
Broni, Aug 12, 2012

#34
Viatos Newcomer, in training Posts: 24

OTL hangs every time I get to the emptytemp stage - program stops responding.

Viatos, Aug 16, 2012

#35
Broni Malware Annihilator Posts: 39,288 +175

Run the fix from safe mode.

Broni, Aug 16, 2012

#36
Broni Malware Annihilator Posts: 39,288 +175

Still with me?

Broni, Aug 21, 2012

#37
Viatos Newcomer, in training Posts: 24

Yup, sorry! It's been a hectic week. I'll go down the list again tomorrow - on the offchance it doesn't run in safe mode (happened to something earlier, right?) what's plan B?

Viatos, Aug 22, 2012

#38
Broni Malware Annihilator Posts: 39,288 +175

It should run in safe mode no problem.

Broni, Aug 22, 2012

#39
Broni Malware Annihilator Posts: 39,288 +175

Still with me?

Broni, Aug 27, 2012

#40

Page 2 of 3

Topic Status:: Not open for further replies.

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.