Yockie Posted December 7, 2012 Posted December 7, 2012 Hi guys, I am not sure should I do first what Starbuck is asking (Before posting for malware removal help), because I have Microsoft essentials, which didn’t work very well the last few days, I uninstalled it, installed it again and it start pop up every 5 min with some Trojan:JS/Medfos.B virus. Currently it’s in quarantine, but I have to clean it often, and don’t think that’s a proper permanent solution. Any ideas and help very welcome. Quote "Lets see which one of you nuts has got any guts?"------------------"But I tried. God ******, I sure ashell did that much. Didn't I?"
etavares Posted December 8, 2012 Posted December 8, 2012 Hi Yockie, My name is etavares and I'll be helping you with this issue. The fact MSE is detecting this virus shows that MSE is properly working. The real question is why do you keep getting reinfected? Let's take a look. Please follow the instructions in the following link and I'll help you remove it. Before posting for Malware Removal help. -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Yockie Posted December 8, 2012 Author Posted December 8, 2012 Hi etavares, Thank you. I did what I had to do, it took really long time, almost all day. Hope I can post all the result: 2012/12/08 12:35:15 GMT SMALLY Owner MESSAGE Executing scheduled update: Daily 2012/12/08 12:35:34 GMT SMALLY Owner MESSAGE Starting protection 2012/12/08 12:35:35 GMT SMALLY Owner MESSAGE Protection started successfully 2012/12/08 12:35:35 GMT SMALLY Owner MESSAGE Starting IP protection 2012/12/08 12:35:44 GMT SMALLY Owner MESSAGE Scheduled update executed successfully: database updated from version v2012.09.29.05 to version v2012.12.08.04 2012/12/08 12:36:04 GMT SMALLY Owner MESSAGE IP Protection started successfully 2012/12/08 12:36:04 GMT SMALLY Owner MESSAGE Starting database refresh 2012/12/08 12:36:04 GMT SMALLY Owner MESSAGE Stopping IP protection 2012/12/08 12:36:04 GMT SMALLY Owner MESSAGE IP Protection stopped successfully 2012/12/08 12:36:23 GMT SMALLY Owner MESSAGE Database refreshed successfully 2012/12/08 12:36:23 GMT SMALLY Owner MESSAGE Starting IP protection 2012/12/08 12:36:57 GMT SMALLY Owner MESSAGE IP Protection started successfully 2012/12/08 17:59:19 GMT SMALLY Owner MESSAGE Starting protection 2012/12/08 17:59:19 GMT SMALLY Owner MESSAGE Protection started successfully 2012/12/08 17:59:19 GMT SMALLY Owner MESSAGE Starting IP protection 2012/12/08 17:59:50 GMT SMALLY Owner MESSAGE IP Protection started successfully Malwarebytes Anti-Malware (Trial) 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.08.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Owner :: SMALLY [administrator] Protection: Enabled 08/12/2012 12:37:27 mbam-log-2012-12-08 (12-37-27).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 328773 Time elapsed: 4 hour(s), 11 minute(s), 20 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Documents and Settings\Owner\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\7\4427ca07-12a15555 (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP750\A0090473.sys (Rootkit.0Access) -> Quarantined and deleted successfully. (end) Malwarebytes Anti-Malware (Trial) 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.08.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Owner :: SMALLY [administrator] Protection: Enabled 08/12/2012 12:37:27 mbam-log-2012-12-08 (12-37-27).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 328773 Time elapsed: 4 hour(s), 11 minute(s), 20 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Documents and Settings\Owner\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\7\4427ca07-12a15555 (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP750\A0090473.sys (Rootkit.0Access) -> Quarantined and deleted successfully. (end) Quote "Lets see which one of you nuts has got any guts?"------------------"But I tried. God ******, I sure ashell did that much. Didn't I?"
Yockie Posted December 8, 2012 Author Posted December 8, 2012 OTL Extras logfile created on: 08/12/2012 18:16:37 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1015.17 Mb Total Physical Memory | 257.22 Mb Available Physical Memory | 25.34% Memory free 2.38 Gb Paging File | 1.26 Gb Available in Paging File | 52.63% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 116.43 Gb Total Space | 86.91 Gb Free Space | 74.64% Space Free | Partition Type: NTFS Drive D: | 116.43 Gb Total Space | 116.33 Gb Free Space | 99.92% Space Free | Partition Type: NTFS Computer Name: SMALLY | User Name: Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Documents and Settings\All Users\Application Data\Vivox\VVS\Current\VivoxVoiceService.exe" = C:\Documents and Settings\All Users\Application Data\Vivox\VVS\Current\VivoxVoiceService.exe:*:Disabled:VivoxVoiceService -- (Vivox Inc.) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{1959CCD2-1227-4de4-97E7-04F29D526762}_is1" = AnyMedia Player 1.2.6 "{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only) "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = ASUS USB2.0 UVC VGA WebCam "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device "{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{47BACF74-5A07-48BD-BADB-A769550F0F5A}" = FontResizer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840 "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox "{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client "{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP) "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2944BE7-9BFF-4EF0-A362-CB3281B7C50D}" = LG United Mobile Drivers "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}" = LightScribe System Software 1.10.27.1 "{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}" = WinZip 15.5 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D6A0DD73-6EF2-9A8D-6F60-4F338F922B37}" = BBC iPlayer Desktop "{D806E63B-0C11-4061-8DA9-1E980FB9A9EB}" = Data Sync "{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety "{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = Uninstall LG PC Suite III "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp "{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers "{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100 "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery "{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Audacity_is1" = Audacity 2.0.2 "AVIConverter" = AVIConverter 5.1.0 "BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop "Boots F2CD Picture Suite" = Boots F2CD Picture Suite "Eee Docking_is1" = Eee Docking 1.3.6.0 "HDMI" = Intel® Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 7.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0 "HPExtendedCapabilities" = HP Customer Participation Program 7.0 "HPOCR" = OCR Software by I.R.I.S 7.0 "ie8" = Windows Internet Explorer 8 "ISSC WLAN" = ISSC WLAN "Java Web Start" = Java Web Start "LAME_is1" = LAME v3.99.3 (for Windows) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "Mobile Broadband HL Service" = Mobile Broadband HL Service "MP3 Rocket" = MP3 Rocket "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "OU SPSS data for DD202" = OU SPSS data for DD202 "SynTPDeinstKey" = Synaptics Pointing Device Driver "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinLiveSuite_Wave3" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.2 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "f031ef6ac137efc5" = Dell Driver Download Manager "Google Chrome" = Google Chrome "UnityWebPlayer" = Unity Web Player "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 05/12/2012 14:44:31 | Computer Name = SMALLY | Source = Application Hang | ID = 1001 Description = Fault bucket 472072914. Error - 06/12/2012 18:46:23 | Computer Name = SMALLY | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 06/12/2012 18:46:29 | Computer Name = SMALLY | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. Error - 07/12/2012 07:41:03 | Computer Name = SMALLY | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.1.522.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. Error - 07/12/2012 07:41:14 | Computer Name = SMALLY | Source = Microsoft Security Client | ID = 5000 Description = Error - 07/12/2012 07:41:14 | Computer Name = SMALLY | Source = Microsoft Security Client | ID = 5000 Description = Error - 08/12/2012 11:32:38 | Computer Name = SMALLY | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 08/12/2012 11:32:55 | Computer Name = SMALLY | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. Error - 08/12/2012 14:13:16 | Computer Name = SMALLY | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 08/12/2012 14:13:33 | Computer Name = SMALLY | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. [ OSession Events ] Error - 08/03/2011 10:34:49 | Computer Name = COMPUTERNAME01 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1346 seconds with 1020 seconds of active time. This session ended with a crash. Error - 08/05/2011 06:54:40 | Computer Name = COMPUTERNAME01 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 910 seconds with 360 seconds of active time. This session ended with a crash. Error - 16/05/2011 08:57:54 | Computer Name = COMPUTERNAME01 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6121 seconds with 660 seconds of active time. This session ended with a crash. Error - 02/06/2011 08:25:32 | Computer Name = COMPUTERNAME01 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11673 seconds with 540 seconds of active time. This session ended with a crash. Error - 30/06/2011 09:47:08 | Computer Name = COMPUTERNAME01 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10782 seconds with 7500 seconds of active time. This session ended with a crash. Error - 05/07/2011 09:47:56 | Computer Name = COMPUTERNAME01 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12536 seconds with 6360 seconds of active time. This session ended with a crash. Error - 06/07/2011 09:46:55 | Computer Name = COMPUTERNAME01 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3016 seconds with 1560 seconds of active time. This session ended with a crash. Error - 17/07/2012 11:36:53 | Computer Name = COMPUTERNAME01 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 139 seconds with 0 seconds of active time. This session ended with a crash. Error - 14/08/2012 18:37:01 | Computer Name = COMPUTERNAME01 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7971 seconds with 5580 seconds of active time. This session ended with a crash. Error - 23/11/2012 08:06:36 | Computer Name = COMPUTERNAME01 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7437 seconds with 2940 seconds of active time. This session ended with a crash. < End of report > Quote "Lets see which one of you nuts has got any guts?"------------------"But I tried. God ******, I sure ashell did that much. Didn't I?"
Yockie Posted December 8, 2012 Author Posted December 8, 2012 OTL logfile created on: 08/12/2012 18:16:37 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1015.17 Mb Total Physical Memory | 257.22 Mb Available Physical Memory | 25.34% Memory free 2.38 Gb Paging File | 1.26 Gb Available in Paging File | 52.63% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 116.43 Gb Total Space | 86.91 Gb Free Space | 74.64% Space Free | Partition Type: NTFS Drive D: | 116.43 Gb Total Space | 116.33 Gb Free Space | 99.92% Space Free | Partition Type: NTFS Computer Name: SMALLY | User Name: Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbService.exe () PRC - C:\Documents and Settings\All Users\Application Data\Vivox\HDN\Current\Vivox.HDN.Up.exe (Vivox) PRC - C:\Documents and Settings\All Users\Application Data\Vivox\VVS\Current\VivoxVoiceService.exe (Vivox Inc.) PRC - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe () PRC - C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe () PRC - C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Google\Google Talk\googletalk.exe (Google) PRC - C:\Program Files\issc\IS89C35\wwu.exe (Integrated System Solution Corp.) PRC - C:\WINDOWS\system32\wbsecsvc.exe (Integrated System Solution Corp.) PRC - C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe () ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\b809681da85a58046cb39f268b6697ad\System.Web.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\188d6391f7485a07e1218b5fc4ec2207\System.Deployment.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll () MOD - C:\Program Files\Yahoo!\Messenger\yui.dll () MOD - C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbService.exe () MOD - C:\Documents and Settings\All Users\Application Data\Vivox\VVS\Current\ortp.dll () MOD - C:\WINDOWS\system32\quartz.dll () MOD - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe () MOD - C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe () MOD - C:\Program Files\ASUS\LiveUpdate\Enumeration.dll () MOD - C:\Program Files\ASUS\LiveUpdate\Parser.dll () MOD - C:\Program Files\ASUS\LiveUpdate\ClientSocket.dll () MOD - C:\WINDOWS\system32\devenum.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll () MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll () MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll () MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll () MOD - C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe () ========== Services (SafeList) ========== SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (Mobile Broadband HL Service) -- C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbService.exe () SRV - (GSService) -- C:\WINDOWS\system32\GSService.exe () SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (wbsecsvc) -- C:\WINDOWS\System32\wbsecsvc.exe (Integrated System Solution Corp.) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (cmplpukl) -- C:\WINDOWS\system32\drivers\cmplpukl.sys File not found DRV - (Changer) -- File not found DRV - (BTWUSB) -- System32\Drivers\btwusb.sys File not found DRV - (btwhid) -- system32\DRIVERS\btwhid.sys File not found DRV - (BTWDNDIS) -- system32\DRIVERS\btwdndis.sys File not found DRV - (BTDriver) -- system32\DRIVERS\btport.sys File not found DRV - (btaudio) -- system32\drivers\btaudio.sys File not found DRV - (AmUStor) -- system32\drivers\AmUStor.SYS File not found DRV - (adiusbaw) -- system32\DRIVERS\adiusbaw.sys File not found DRV - (ADILOADER) -- System32\Drivers\adildr.sys File not found DRV - (hitmanpro36) -- C:\WINDOWS\system32\drivers\hitmanpro36.sys () DRV - (A2DDA) -- C:\Documents and Settings\Administrator\Desktop\EmsisoftEmergencyKit\Run\a2ddax86.sys (Emsi Software GmbH) DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (ANDModem) -- C:\WINDOWS\system32\drivers\lgandmodem.sys (LG Electronics Inc.) DRV - (AndGps) -- C:\WINDOWS\system32\drivers\lgandgps.sys (LG Electronics Inc.) DRV - (AndDiag) -- C:\WINDOWS\system32\drivers\lganddiag.sys (LG Electronics Inc.) DRV - (Andbus) -- C:\WINDOWS\system32\drivers\lgandbus.sys (LG Electronics Inc.) DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (FlashUSB) -- C:\WINDOWS\system32\drivers\FlashUSB.sys (Danish Wireless Design A/S) DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation) DRV - (LgBttPort) -- C:\WINDOWS\system32\drivers\lgbtport.sys (LG Electronics Inc.) DRV - (LGVMODEM) -- C:\WINDOWS\system32\drivers\lgvmodem.sys (LG Electronics Inc.) DRV - (lgbusenum) -- C:\WINDOWS\system32\drivers\lgbtbus.sys (LG Electronics Inc.) DRV - (RT80x86) -- C:\WINDOWS\system32\drivers\rt2860.sys (Ralink Technology, Corp.) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys () DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.) DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (uvclf) -- C:\WINDOWS\system32\drivers\uvclf.sys (GenesysLogic Technologies, Inc.) DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative) DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.) DRV - (W35UND) -- C:\WINDOWS\system32\drivers\W35UND.SYS (Integrated System Solution Corp.) DRV - (wbsecdrv) -- C:\WINDOWS\system32\drivers\wbsecdrv.sys (Winbond) DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=SnapdoSoftonic&dpid=SnapdoSoftonic&co=GB&userid=1eba8fe6-61e6-4164-b5e0-b463e81bb4e3&searchtype=ds&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=SnapdoSoftonic&dpid=SnapdoSoftonic&co=GB&userid=1eba8fe6-61e6-4164-b5e0-b463e81bb4e3&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=SnapdoSoftonic&dpid=SnapdoSoftonic&co=GB&userid=1eba8fe6-61e6-4164-b5e0-b463e81bb4e3&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=SnapdoSoftonic&dpid=SnapdoSoftonic&co=GB&userid=1eba8fe6-61e6-4164-b5e0-b463e81bb4e3&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=SnapdoSoftonic&dpid=SnapdoSoftonic&co=GB&userid=1eba8fe6-61e6-4164-b5e0-b463e81bb4e3&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes,DefaultScope = {1DF5FAE3-974F-448E-BAD5-1E1FD6A2BF77} IE - HKCU\..\SearchScopes\{1DF5FAE3-974F-448E-BAD5-1E1FD6A2BF77}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) [2011/02/03 13:56:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions [2011/02/03 13:56:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\home2@tomtom.com [2012/08/25 14:45:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions ========== Chrome ========== CHR - homepage: http://feed.snap.do/?publisher=SnapdoSoftonic&dpid=SnapdoSoftonic&co=GB&userid=1eba8fe6-61e6-4164-b5e0-b463e81bb4e3&searchtype=hp CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://feed.snap.do/?publisher=SnapdoSoftonic&dpid=SnapdoSoftonic&co=GB&userid=1eba8fe6-61e6-4164-b5e0-b463e81bb4e3&searchtype=hp CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Yammi Theme = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkbfhihfcaohpgcpoegjgipjkmofgcid\1.0_0\ CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2008/04/14 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {C8748F11-F4AD-47AF-AB50-C7DF5792096B} - No CLSID value found. O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll File not found O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [asidf] C:\Documents and Settings\Owner\Application Data\asidf.dll (ELAN Microelectronics Corp.) O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe () O4 - HKLM..\Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe File not found O4 - HKLM..\Run: [synAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKLM..\Run: [VivoxHDN] C:\Documents and Settings\All Users\Application Data\Vivox\HDN\Current\Vivox.HDN.Up.exe (Vivox) O4 - HKLM..\Run: [wilas] C:\Documents and Settings\Owner\Application Data\wilas.dll (CodeGear) O4 - HKCU..\Run: [boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe () O4 - HKCU..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe () O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.) O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\WWU.lnk = C:\Program Files\issc\IS89C35\wwu.exe (Integrated System Solution Corp.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - mswsock.dll File not found O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {7B43048F-DA7A-458F-AF35-D825BDBB6816} http://84.252.54.2/codebase/NetVideoOCX.cab (NetVideoOCX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.4.1/jinstall-1_4_1_02-windows-i586.cab (Java Plug-in 1.4.1_02) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{527B02B3-3B95-47F7-B376-2808B87A959F}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Eee PC Seashell_1.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Eee PC Seashell_1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/08/11 13:16:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{790dbd69-2961-11e0-a768-485b395d8009}\Shell - "" = AutoRun O33 - MountPoints2\{790dbd69-2961-11e0-a768-485b395d8009}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{790dbd69-2961-11e0-a768-485b395d8009}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe O33 - MountPoints2\{bf8b0a70-054c-11e2-ab9c-001d2b383685}\Shell - "" = AutoRun O33 - MountPoints2\{bf8b0a70-054c-11e2-ab9c-001d2b383685}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{bf8b0a70-054c-11e2-ab9c-001d2b383685}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{c7cf2138-863c-11de-bb57-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{c7cf2138-863c-11de-bb57-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c7cf2138-863c-11de-bb57-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/12/08 18:14:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe [2012/12/08 18:12:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr Quote "Lets see which one of you nuts has got any guts?"------------------"But I tried. God ******, I sure ashell did that much. Didn't I?"
Yockie Posted December 8, 2012 Author Posted December 8, 2012 THIS ONE FOLLOWS THE PREVIOUS, TO POST IT ALL WAS JUST TO MUCH: [2012/12/08 12:34:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes [2012/12/08 12:34:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/12/08 12:33:46 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/12/08 12:33:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/12/08 12:32:13 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.65.1.1000.exe [2012/12/07 11:40:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012/12/07 07:39:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2012/12/07 07:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2012/12/07 07:10:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PC Cleaners [2012/12/07 07:10:34 | 004,584,760 | ---- | C] (PC Cleaners) -- C:\WINDOWS\uninst.exe [2012/12/07 07:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PCPro [2012/12/07 07:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC1Data [2012/12/06 18:53:58 | 000,579,584 | ---- | C] (ELAN Microelectronics Corp.) -- C:\Documents and Settings\Owner\Application Data\asidf.dll [2012/12/06 18:52:37 | 000,156,672 | ---- | C] (CodeGear) -- C:\Documents and Settings\Owner\Application Data\wilas.dll [2012/12/01 11:28:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype [2012/12/01 11:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012/11/21 07:14:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro [2012/11/20 23:50:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012/11/20 23:48:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2012/11/20 22:44:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\E0ADE867C10EEE170000E0AD07BEF250 [2012/11/20 21:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla [2011/03/25 15:21:22 | 000,110,592 | ---- | C] (LG Electronics) -- C:\Documents and Settings\Owner\LGMobileDL.dll [2010/12/15 16:38:45 | 004,938,120 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Silverlight.exe [6 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ] [2 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/12/08 18:43:06 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1467870581-1007085115-327826852-1003Core.job [2012/12/08 18:43:05 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1467870581-1007085115-327826852-1003UA.job [2012/12/08 18:16:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/12/08 18:14:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe [2012/12/08 18:12:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr [2012/12/08 18:09:19 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012/12/08 17:58:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/12/08 12:34:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/12/08 12:32:52 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.65.1.1000.exe [2012/12/07 11:41:26 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2012/12/07 11:38:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/12/07 07:29:13 | 004,584,760 | ---- | M] (PC Cleaners) -- C:\WINDOWS\uninst.exe [2012/12/06 18:54:00 | 000,579,584 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Documents and Settings\Owner\Application Data\asidf.dll [2012/12/06 18:52:38 | 000,156,672 | ---- | M] (CodeGear) -- C:\Documents and Settings\Owner\Application Data\wilas.dll [2012/12/01 11:48:17 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2012/11/30 11:50:43 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk [2012/11/30 11:50:43 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/11/21 20:59:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\lgfwup.ini [2012/11/21 07:25:34 | 000,027,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys [2012/11/21 07:24:11 | 000,001,590 | ---- | M] () -- C:\WINDOWS\System32\.crusader [2012/11/21 07:23:33 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/11/15 07:47:19 | 000,250,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/11/15 03:29:52 | 000,503,710 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/11/15 03:29:52 | 000,089,084 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/11/15 03:05:48 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [6 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ] [2 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/12/08 12:34:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/12/07 12:05:57 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012/12/07 11:41:11 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk [2012/12/01 11:28:07 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2012/11/21 07:25:34 | 000,027,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys [2012/11/21 07:24:11 | 000,001,590 | ---- | C] () -- C:\WINDOWS\System32\.crusader [2012/10/25 20:46:21 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat [2012/04/29 09:07:26 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2012/02/15 08:39:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/12/20 19:24:04 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat [2011/04/16 10:48:48 | 000,004,638 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\40437d14 [2011/04/16 10:48:48 | 000,004,638 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\3f124410 [2011/04/16 10:46:43 | 000,004,638 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\a2a04f24 [2011/04/16 10:46:43 | 000,004,638 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\a195a714 [2011/04/16 10:46:43 | 000,004,638 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\9f61eba8 [2011/04/16 10:46:43 | 000,004,638 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\9e187b60 [2011/04/16 10:45:52 | 000,004,638 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\6791b200 [2011/04/16 10:45:52 | 000,004,638 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\66637458 [2011/04/16 10:45:49 | 000,004,638 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\69f4e4d8 [2011/04/16 10:45:49 | 000,004,638 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\669ffc4c [2011/04/16 10:45:44 | 000,004,638 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\aaf4db90 [2011/04/16 10:45:44 | 000,004,638 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\a94f5c8c [2011/04/16 10:45:44 | 000,004,638 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\a6fd8650 [2011/04/16 10:45:44 | 000,004,638 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\a5d67cc4 [2011/04/16 10:45:44 | 000,004,638 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\a4a7bc00 [2011/04/16 10:45:44 | 000,004,638 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\a1397000 [2011/04/16 10:45:44 | 000,004,638 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\9f457cf8 [2011/04/16 10:45:44 | 000,004,638 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\9c8a5160 [2011/04/16 10:45:44 | 000,004,638 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\9aaa7e48 [2011/04/16 10:45:44 | 000,004,638 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\828274a4 [2011/04/16 10:45:44 | 000,004,638 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\7e64296c [2011/04/16 10:45:44 | 000,004,638 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\7b6413d0 [2011/04/16 10:45:44 | 000,004,638 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\79bf3c0c [2011/04/16 10:45:44 | 000,004,638 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\7663f344 [2011/04/16 10:45:44 | 000,004,638 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\74c605ec [2011/02/24 13:10:25 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll [2011/02/02 20:19:16 | 000,000,493 | ---- | C] () -- C:\WINDOWS\PrintDat.Ini [2011/02/02 17:20:57 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/02/02 10:28:08 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\GSService.exe [2011/01/29 21:05:49 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2011/01/15 21:29:47 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/12/27 16:58:02 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll [2010/12/27 16:58:02 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini [2010/12/15 17:08:54 | 001,606,064 | ---- | C] () -- C:\Documents and Settings\All Users\googletalk-setup.exe [2010/07/22 19:45:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat ========== ZeroAccess Check ========== [2012/12/06 18:53:11 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$91a753bc077104e66f6118b4e1fd4019\L [2012/12/07 12:12:58 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$91a753bc077104e66f6118b4e1fd4019\U [2009/08/11 19:24:54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2009/03/02 23:04:03 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 12:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011/02/01 20:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ant.com [2011/05/08 09:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10 [2012/08/25 14:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon [2012/12/06 18:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\E0ADE867C10EEE170000E0AD07BEF250 [2012/11/21 07:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro [2011/01/26 17:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX [2011/01/16 11:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe [2011/05/08 09:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2012/09/23 07:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MobileBrServ [2012/12/07 07:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC1Data [2009/08/20 12:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver [2011/02/02 20:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tipard Studio [2011/02/03 13:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom [2011/12/08 18:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivox [2011/08/23 18:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2011/04/16 10:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AimOne [2012/09/20 20:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Audacity [2012/08/25 14:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Babylon [2010/10/10 12:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1 [2011/02/03 10:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Download Helper [2012/12/05 21:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics [2012/04/19 18:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gretl [2010/11/08 10:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express [2011/01/26 15:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LG Electronics [2012/09/06 14:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MP3Rocket [2012/07/03 19:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oracle [2012/12/07 07:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Cleaners [2012/12/07 07:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PCPro [2011/12/20 19:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\spiral [2010/07/27 14:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template [2011/02/06 09:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tific [2011/02/03 13:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TomTom [2011/03/16 21:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Transcend [2011/04/16 10:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Xilisoft Corporation [2011/02/03 11:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Youtube Downloader HD [2011/01/26 15:45:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\{D94BA408-F110-488B-A65E-3AE7945F79E6} ========== Purity Check ========== ========== Custom Scans ========== ========== Drive Information ========== Physical Drives --------------- Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media Interface type: IDE Media Type: Fixed\thard disk media Model: ST9250315AS Partitions: 3 Status: OK Status Info: 0 Partitions --------------- DeviceID: Disk #0, Partition #0 PartitionType: Installable File System Bootable: True BootPartition: True PrimaryPartition: True Size: 116.00GB Starting Offset: 32256 Hidden sectors: 0 DeviceID: Disk #0, Partition #1 PartitionType: Installable File System Bootable: False BootPartition: False PrimaryPartition: True Size: 116.00GB Starting Offset: 125016030720 Hidden sectors: 0 DeviceID: Disk #0, Partition #2 PartitionType: Unknown Bootable: False BootPartition: False PrimaryPartition: True Size: 24.00MB Starting Offset: 250032061440 Hidden sectors: 0 < %SYSTEMDRIVE%\*.* > [2012/06/30 13:44:24 | 000,000,268 | ---- | M] () -- C:\ab_1.gif [2009/08/11 13:16:06 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010/07/23 08:59:39 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2009/08/11 13:16:06 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2012/06/30 13:44:25 | 000,000,103 | ---- | M] () -- C:\del_1.gif [2012/06/30 13:44:24 | 000,000,304 | ---- | M] () -- C:\dir.bmp [2012/06/30 13:44:25 | 000,000,380 | ---- | M] () -- C:\edu.bmp [2012/06/30 13:44:25 | 000,000,138 | ---- | M] () -- C:\flk2.gif [2012/06/30 13:44:24 | 000,000,279 | ---- | M] () -- C:\hj_1.gif [2009/08/11 13:16:06 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011/01/26 15:45:11 | 058,000,600 | ---- | M] (LG Electronics ) -- C:\LGPCSuiteIII_Setup.exe [2012/06/30 13:44:26 | 000,000,277 | ---- | M] () -- C:\mov_1.gif [2009/08/11 13:16:06 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008/04/14 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/04/14 12:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr [2012/12/08 17:58:51 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys [2012/04/27 18:59:28 | 000,000,000 | ---- | M] () -- C:\playm4.log [2010/12/26 21:00:05 | 000,000,184 | ---- | M] () -- C:\setuplog.exe [2012/06/30 13:44:24 | 000,000,235 | ---- | M] () -- C:\srch_1.gif [2012/06/30 13:44:24 | 000,000,265 | ---- | M] () -- C:\srch_ans_1.gif [2012/06/30 13:44:24 | 000,000,113 | ---- | M] () -- C:\srch_aud_1.gif [2012/06/30 13:44:24 | 000,000,112 | ---- | M] () -- C:\srch_img_1.gif [2012/06/30 13:44:24 | 000,000,131 | ---- | M] () -- C:\srch_loc_1.gif [2012/06/30 13:44:25 | 000,000,284 | ---- | M] () -- C:\srch_map_1.gif [2012/06/30 13:44:24 | 000,000,121 | ---- | M] () -- C:\srch_nws_1.gif [2012/06/30 13:44:24 | 000,000,123 | ---- | M] () -- C:\srch_sh_1.gif [2012/06/30 13:44:27 | 000,000,240 | ---- | M] () -- C:\srch_site_1.gif [2012/06/30 13:44:26 | 000,000,273 | ---- | M] () -- C:\srch_stk_1.gif [2012/06/30 13:44:24 | 000,000,112 | ---- | M] () -- C:\srch_vid_1.gif [2012/06/30 13:44:27 | 000,000,274 | ---- | M] () -- C:\trav_1.gif [2012/08/25 14:45:45 | 000,000,304 | ---- | M] () -- C:\user.js < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll [2006/04/10 13:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\hpzpp054.dll [2006/10/27 02:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\msonpppr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2009/08/11 06:09:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2009/08/11 06:09:15 | 001,064,960 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2009/08/11 06:09:15 | 000,909,312 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\* > < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/11/28 03:43:18 | 001,242,728 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/11/28 03:43:18 | 001,242,728 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/11/28 03:43:18 | 001,242,728 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/11/28 03:43:18 | 001,242,728 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/11/28 03:43:18 | 001,242,728 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/28 12:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/28 12:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/28 12:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 21:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 21:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/11/28 03:43:18 | 001,242,728 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/11/28 03:43:18 | 001,242,728 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/11/28 03:43:18 | 001,242,728 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/11/28 03:43:18 | 001,242,728 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/11/28 03:43:18 | 001,242,728 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/28 12:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/28 12:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/28 12:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 21:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 21:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) ========== Files - Unicode (All) ========== [2012/12/04 19:22:42 | 000,022,528 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\????????? ????? ???....doc) -- C:\Documents and Settings\Owner\My Documents\Разликата между поч....doc [2012/10/28 10:57:47 | 000,022,528 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\????????? ????? ???....doc) -- C:\Documents and Settings\Owner\My Documents\Разликата между поч....doc [2012/10/28 10:57:47 | 000,000,162 | -H-- | M] ()(C:\Documents and Settings\Owner\My Documents\~$??????? ????? ???....doc) -- C:\Documents and Settings\Owner\My Documents\~$зликата между поч....doc [2012/10/28 10:57:47 | 000,000,162 | -H-- | C] ()(C:\Documents and Settings\Owner\My Documents\~$??????? ????? ???....doc) -- C:\Documents and Settings\Owner\My Documents\~$зликата между поч....doc [2011/11/06 12:32:57 | 000,543,954 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\???????? ??? ???? ?????????? ??????? ? ??????? ????????.docx) -- C:\Documents and Settings\Owner\My Documents\Пчелният мед като хранителен продукт е идеално средство.docx [2011/11/06 12:32:55 | 000,543,954 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\???????? ??? ???? ?????????? ??????? ? ??????? ????????.docx) -- C:\Documents and Settings\Owner\My Documents\Пчелният мед като хранителен продукт е идеално средство.docx ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\WINDOWS\$NtUninstallKB61530$] -> Error: Cannot create file handle -> Unknown point type < End of report > Quote "Lets see which one of you nuts has got any guts?"------------------"But I tried. God ******, I sure ashell did that much. Didn't I?"
etavares Posted December 9, 2012 Posted December 9, 2012 Hello, Yockie. OK, bad news. The virus you had is quite nasty...the Medfos.B virus isn't a big deal, but there are signs of 0Access in your log. It doesn't appear to be active right now, but I do need to warn you about this: Backdoor Warning One or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information and download and execute files. I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? When Should I Format, How Should I Reinstall We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below. Step 1 Next, please download ComboFix from one of these locations: Bleepingcomputer InfoSpyware * IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.) Double click on etavaresCF.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: http://img.photobucket.com/albums/v706/ried7/whatnext.png Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs. Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear. etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Yockie Posted December 9, 2012 Author Posted December 9, 2012 ComboFix 12-12-07.01 - Owner 09/12/2012 15:07:32.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.655 [GMT 0:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\data c:\data\default\uk_sres.data c:\documents and settings\All Users\googletalk-setup.exe c:\documents and settings\Owner\Application Data\3f124410 c:\documents and settings\Owner\Application Data\40437d14 c:\documents and settings\Owner\Application Data\66637458 c:\documents and settings\Owner\Application Data\669ffc4c c:\documents and settings\Owner\Application Data\6791b200 c:\documents and settings\Owner\Application Data\69f4e4d8 c:\documents and settings\Owner\Application Data\74c605ec c:\documents and settings\Owner\Application Data\7663f344 c:\documents and settings\Owner\Application Data\79bf3c0c c:\documents and settings\Owner\Application Data\7b6413d0 c:\documents and settings\Owner\Application Data\7e64296c c:\documents and settings\Owner\Application Data\828274a4 c:\documents and settings\Owner\Application Data\9aaa7e48 c:\documents and settings\Owner\Application Data\9c8a5160 c:\documents and settings\Owner\Application Data\9e187b60 c:\documents and settings\Owner\Application Data\9f457cf8 c:\documents and settings\Owner\Application Data\9f61eba8 c:\documents and settings\Owner\Application Data\a1397000 c:\documents and settings\Owner\Application Data\a195a714 c:\documents and settings\Owner\Application Data\a2a04f24 c:\documents and settings\Owner\Application Data\a4a7bc00 c:\documents and settings\Owner\Application Data\a5d67cc4 c:\documents and settings\Owner\Application Data\a6fd8650 c:\documents and settings\Owner\Application Data\a94f5c8c c:\documents and settings\Owner\Application Data\aaf4db90 c:\documents and settings\Owner\Application Data\asidf.dll c:\documents and settings\Owner\Application Data\wilas.dll c:\documents and settings\Owner\My Documents\~WRL0001.tmp c:\documents and settings\Owner\My Documents\~WRL0002.tmp c:\documents and settings\Owner\My Documents\~WRL0003.tmp c:\documents and settings\Owner\My Documents\~WRL0004.tmp c:\documents and settings\Owner\My Documents\~WRL1892.tmp c:\documents and settings\Owner\My Documents\~WRL2256.tmp c:\windows\$NtUninstallKB61530$ c:\windows\$NtUninstallKB61530$\1786143696 c:\windows\$NtUninstallKB61530$\941213763\@ c:\windows\$NtUninstallKB61530$\941213763\Desktop.ini c:\windows\$NtUninstallKB61530$\941213763\L\00000004.@ c:\windows\$NtUninstallKB61530$\941213763\L\201d3dde c:\windows\$NtUninstallKB61530$\941213763\L\vwsernay c:\windows\$NtUninstallKB61530$\941213763\U\00000004.@ c:\windows\$NtUninstallKB61530$\941213763\U\00000008.@ c:\windows\$NtUninstallKB61530$\941213763\U\000000cb.@ c:\windows\$NtUninstallKB61530$\941213763\U\80000000.@ c:\windows\$NtUninstallKB61530$\941213763\U\80000032.@ c:\windows\EventSystem.log c:\windows\system32\avgfwdx.dll c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\Thumbs.db c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-11-09 to 2012-12-09 ))))))))))))))))))))))))))))))) . . 2012-12-08 18:15 . 2012-11-08 10:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7557553-2DB2-47AF-8B46-B65A2158DED3}\mpengine.dll 2012-12-08 12:34 . 2012-12-08 12:34 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2012-12-08 12:33 . 2012-12-08 12:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-12-08 12:33 . 2012-09-29 19:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-07 11:44 . 2012-11-08 10:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-12-07 11:40 . 2012-12-07 11:41 -------- d-----w- c:\program files\Microsoft Security Client 2012-12-07 07:10 . 2012-12-07 07:10 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Cleaners 2012-12-07 07:10 . 2012-12-07 07:29 4584760 ----a-w- c:\windows\uninst.exe 2012-12-07 07:10 . 2012-12-07 07:29 -------- d-----w- c:\documents and settings\Owner\Application Data\PCPro 2012-12-07 07:10 . 2012-12-07 07:10 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data 2012-12-01 11:28 . 2012-12-01 11:28 -------- d-----w- c:\program files\Common Files\Skype 2012-11-21 07:25 . 2012-11-21 07:25 27976 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys 2012-11-21 07:14 . 2012-11-21 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro 2012-11-20 23:50 . 2012-11-20 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-11-20 23:48 . 2012-11-20 23:48 -------- d--h--w- c:\windows\PIF 2012-11-20 23:41 . 2012-11-20 23:43 -------- d-----w- c:\documents and settings\Administrator 2012-11-20 22:44 . 2012-12-06 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\E0ADE867C10EEE170000E0AD07BEF250 2012-11-20 21:40 . 2012-11-20 21:40 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-07 17:47 . 2012-04-03 06:37 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-07 17:47 . 2011-05-19 15:05 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-25 20:33 . 2012-10-25 20:37 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll 2012-10-22 08:37 . 2009-08-11 13:03 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-10-02 18:04 . 2009-08-11 13:03 58368 ----a-w- c:\windows\system32\synceng.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-07-27 397312] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-12-05 2295072] "Boots Insert Detect"="c:\program files\Boots F2CD\Picture Suite\InsDetect.exe" [2003-02-17 262144] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-17 630784] "AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304] "AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-17 118784] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744] "LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2009-06-25 712704] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-04-09 79144] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "VivoxHDN"="c:\documents and settings\All Users\Application Data\Vivox\HDN\Current\Vivox.HDN.Up.exe" [2012-02-22 8507752] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . c:\documents and settings\Owner\Start Menu\Programs\Startup\ WWU.lnk - c:\program files\issc\IS89C35\wwu.exe [2011-4-3 955392] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-8-11 376832] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Documents and Settings\\All Users\\Application Data\\Vivox\\VVS\\Current\\VivoxVoiceService.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R1 A2DDA;A2 Direct Disk Access Support Driver;c:\documents and settings\Administrator\Desktop\EmsisoftEmergencyKit\Run\a2ddax86.sys [21/11/2012 07:36 17904] R1 wbsecdrv;wbsecdrv Protocol Driver;c:\windows\system32\drivers\wbsecdrv.sys [03/04/2011 08:57 17952] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [08/12/2012 12:33 399432] R2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\documents and settings\All Users\Application Data\MobileBrServ\mbbService.exe [23/09/2012 07:04 232288] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16/07/2010 00:45 35088] R2 wbsecsvc;wbsecsvc;c:\windows\system32\wbsecsvc.exe [03/04/2011 08:57 274432] R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29/09/2009 08:11 12160] R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29/09/2009 08:11 10496] R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29/09/2009 08:11 12928] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08/12/2012 12:33 22856] R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [20/08/2009 12:24 1015424] S1 cmplpukl;cmplpukl;\??\c:\windows\system32\drivers\cmplpukl.sys --> c:\windows\system32\drivers\cmplpukl.sys [?] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08/12/2012 12:33 676936] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [09/11/2012 11:21 160944] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/08/2009 19:00 1684736] S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS --> c:\windows\system32\drivers\AmUStor.SYS [?] S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [07/12/2010 13:12 14336] S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [07/12/2010 13:12 20736] S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [07/12/2010 13:12 20096] S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [07/12/2010 13:12 25088] S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUSB.sys [26/01/2011 15:35 16896] S3 GSService;GSService;c:\windows\system32\GSService.exe [02/02/2011 10:28 122880] S3 hitmanpro36;HitmanPro 3.6 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [21/11/2012 07:25 27976] S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [28/04/2009 01:59 38912] S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [28/04/2009 05:47 39040] S3 W35UND;IS89C35 802.11bg WLAN USB Adapter Driver;c:\windows\system32\drivers\W35UND.SYS [03/04/2011 08:57 117632] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-12-05 12:27 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-12-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 17:47] . 2012-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1467870581-1007085115-327826852-1003Core.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-23 18:03] . 2012-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1467870581-1007085115-327826852-1003UA.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-23 18:03] . 2012-12-09 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 17:25] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoSoftonic&dpid=SnapdoSoftonic&co=GB&userid=1eba8fe6-61e6-4164-b5e0-b463e81bb4e3&searchtype=ds&q={searchTerms} IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 DPF: {7B43048F-DA7A-458F-AF35-D825BDBB6816} - hxxp://84.252.54.2/codebase/NetVideoOCX.cab . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe HKLM-Run-wilas - c:\documents and settings\Owner\Application Data\wilas.dll HKLM-Run-asidf - c:\documents and settings\Owner\Application Data\asidf.dll HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe SafeBoot-mbamchameleon MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe AddRemove-MP3 Rocket - c:\program files\MP3 Rocket\Uninstall.exe AddRemove-OU SPSS data for DD202 - c:\dd202\UNINST~1\UNWISE.EXE . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-12-09 15:27 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2688) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\program files\Java\jre7\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\system32\wscntfy.exe c:\windows\system32\igfxsrvc.exe c:\windows\RTHDCPL.EXE c:\windows\system32\igfxext.exe c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe c:\documents and settings\All Users\Application Data\Vivox\VVS\Current\VivoxVoiceService.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe . ************************************************************************** . Completion time: 2012-12-09 15:33:32 - machine was rebooted ComboFix-quarantined-files.txt 2012-12-09 15:33 . Pre-Run: 93,117,255,680 bytes free Post-Run: 94,251,360,256 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 7D927250E3FFC3631081198781CCD79D Quote "Lets see which one of you nuts has got any guts?"------------------"But I tried. God ******, I sure ashell did that much. Didn't I?"
Yockie Posted December 9, 2012 Author Posted December 9, 2012 Hi etavares, Thank you for the elegant way you served me with the good news. I did what you asked me to do, I didn’t know that it’s that bad. I always thought that the computer is just a bit slow lately. Ignorance is bliss, I suppose. This is a small notepad that I am using, it’s insured fully until August 2013. However, I had to return it ones in the start when I bought it 2 years ago, and I was not impressed by the service I received. In addition, I know that if I send it now they will install Windows 7, and I don’t like it. I have Windows XP which I can run over the existing one, but I suppose this will invalid my insurance + the disc in a week away from me (means I have to wait 1 week in order to go back home and use it). I don’t want to spend at least an hour of my life waiting on the phone to ask them (the pre-paid insurance help) is this the case. The computer was working a bit funny lately, but not as funny for me to suspect something. Had to reinstall Microsoft Essentials few days ago, as it was stuck and didn’t want to function. After the reinstall it got into quarantine the virus I came originally here for and the rest you know from this treat. There was a small note during the function of Combofix, which said: You are infected with Rootkit.ZeroAcesss! It has inserted itself into the tcp/ip stack. This is a particularly difficult infection. If for any reason that you’re unable to connect to the internet after running ComboFix, reboot once and see if that fixes the problem. Quote "Lets see which one of you nuts has got any guts?"------------------"But I tried. God ******, I sure ashell did that much. Didn't I?"
etavares Posted December 10, 2012 Posted December 10, 2012 Hello, Yockie. Thanks for the information. That warning confirmed what MBAM showed, but it looks like we got it based on the log. We still have more work to do. Step 1 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open Notepad and copy/paste the text in the codebox below into Notepad: File:: C:\WINDOWS\assembly\Desktop.ini Folder:: c:\documents and settings\All Users\Application Data\E0ADE867C10EEE170000E0AD07BEF250 C:\RECYCLER\S-1-5-18\$91a753bc077104e66f6118b4e1fd4019\L C:\RECYCLER\S-1-5-18\$91a753bc077104e66f6118b4e1fd4019\U RegLock:: [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}] [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\Elevation] [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\TypeLib] [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}] [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] Save this as CFScript.txt, in the same location as ComboFix.exe http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear. etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Yockie Posted December 10, 2012 Author Posted December 10, 2012 Hello etavares, I did what you told me to do and I have the log and everything, however I have restarted it as it would not connect to the internet and now its going only up to the point where it cannot load up Windows. I do have the black screen with the three blue squares running at the bottom of the screen and then I get to the sky blue windows logo with two dark blue line at the top and the bottom and that is it. It does not want to me go further. I have pressed F8 several times, whilst trying to switch the PC on again, and I have pressed “Windows with Safemode”, “Safemode with Network”, “Reboot”, “Last Known Good Configuration” but it just goes again on the black screen with the Windows logo and the three moving blue squares at the bottom and then on the blue screen with the Windows logo and that is it. I am writing from my daughter’s PC. I don’t have my Windows disk to reload and I don’t have the numbers and details of my insurance and I don’t know what to actually do now. I have made my daughter do the StarBuck tests with MalwareBytes and OTL and it seems she has more bugs than I did. However, I will put her reports in a different thread, not to confuse the situation with my PC here. Quote "Lets see which one of you nuts has got any guts?"------------------"But I tried. God ******, I sure ashell did that much. Didn't I?"
etavares Posted December 11, 2012 Posted December 11, 2012 Hi Yockie, We'll roll back our fix. 1. Restart your computer 2. Before Windows loads, you will be prompted to choose which Operating System to start 3. Use the up and down arrow key to select Microsoft Windows Recovery Console 4. You must enter which Windows installation to log onto. Type 1 and press enter. 5. At the C:\Windows prompt, type the following bolded text, and press Enter: cd erdnt\hiv-backup 6. At the next prompt, type the following bolded text, and press Enter: batch erdnt.con 7. The erunt backups will begin copying. 8. At the next prompt, type the following bolded text, and press Enter: exit Reboot your computer and let me know if it starts. Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Yockie Posted December 11, 2012 Author Posted December 11, 2012 Hi etavares,Yes, it starts now, thank you. I rebooted as well, seems to work normally now.Here is the last log you asked me for: ComboFix 12-12-07.01 - Owner 10/12/2012 22:00:24.2.2 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.510 [GMT 0:00]Runninag from: c:\documents and settings\Owner\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Owner\Desktop\CFScript.txtAV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}.FILE ::"c:\windows\assembly\Desktop.ini"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Application Data\E0ADE867C10EEE170000E0AD07BEF250c:\documents and settings\All Users\Application Data\E0ADE867C10EEE170000E0AD07BEF250\E0ADE867C10EEE170000E0AD07BEF250c:\documents and settings\All Users\Application Data\E0ADE867C10EEE170000E0AD07BEF250\E0ADE867C10EEE170000E0AD07BEF250.ico..((((((((((((((((((((((((( Files Created from 2012-11-10 to 2012-12-10 )))))))))))))))))))))))))))))))..2012-12-10 21:19 . 2012-12-10 21:19 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{553C0FE8-EAB2-4CAC-9F1B-917F75C1B7E5}\MpKsl31e1e677.sys2012-12-10 08:37 . 2012-11-08 10:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{553C0FE8-EAB2-4CAC-9F1B-917F75C1B7E5}\mpengine.dll2012-12-10 08:34 . 2012-11-08 10:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2012-12-08 12:34 . 2012-12-08 12:34 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes2012-12-08 12:33 . 2012-12-08 12:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-12-08 12:33 . 2012-09-29 19:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2012-12-07 11:40 . 2012-12-07 11:41 -------- d-----w- c:\program files\Microsoft Security Client2012-12-07 07:10 . 2012-12-07 07:10 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Cleaners2012-12-07 07:10 . 2012-12-07 07:29 4584760 ----a-w- c:\windows\uninst.exe2012-12-07 07:10 . 2012-12-07 07:29 -------- d-----w- c:\documents and settings\Owner\Application Data\PCPro2012-12-07 07:10 . 2012-12-07 07:10 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data2012-12-01 11:28 . 2012-12-01 11:28 -------- d-----w- c:\program files\Common Files\Skype2012-11-21 07:25 . 2012-11-21 07:25 27976 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys2012-11-21 07:14 . 2012-11-21 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro2012-11-20 23:50 . 2012-11-20 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2012-11-20 23:48 . 2012-11-20 23:48 -------- d--h--w- c:\windows\PIF2012-11-20 23:41 . 2012-11-20 23:43 -------- d-----w- c:\documents and settings\Administrator2012-11-20 21:40 . 2012-11-20 21:40 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-11-07 17:47 . 2012-04-03 06:37 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-11-07 17:47 . 2011-05-19 15:05 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-10-25 20:33 . 2012-10-25 20:37 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll2012-10-22 08:37 . 2009-08-11 13:03 1866368 ----a-w- c:\windows\system32\win32k.sys2012-10-02 18:04 . 2009-08-11 13:03 58368 ----a-w- c:\windows\system32\synceng.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-07-27 397312]"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-12-05 2295072]"Boots Insert Detect"="c:\program files\Boots F2CD\Picture Suite\InsDetect.exe" [2003-02-17 262144]"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-17 630784]"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-17 118784]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744]"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2009-06-25 712704]"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-04-09 79144]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]"VivoxHDN"="c:\documents and settings\All Users\Application Data\Vivox\HDN\Current\Vivox.HDN.Up.exe" [2012-02-22 8507752]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080].c:\documents and settings\Owner\Start Menu\Programs\Startup\WWU.lnk - c:\program files\issc\IS89C35\wwu.exe [2011-4-3 955392].c:\documents and settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-8-11 376832]HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472].[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"c:\\Documents and Settings\\All Users\\Application Data\\Vivox\\VVS\\Current\\VivoxVoiceService.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=.R1 cmplpukl;cmplpukl;c:\windows\system32\drivers\cmplpukl.sys [x]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]R2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\documents and settings\All Users\Application Data\MobileBrServ\mbbservice.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [x]R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [x]R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [x]R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [x]R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [x]R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB.sys [x]R3 GSService;GSService;c:\windows\system32\GSService.exe [x]R3 hitmanpro36;HitmanPro 3.6 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1c51x86.sys [x]R3 uvclf;uvclf;c:\windows\system32\DRIVERS\uvclf.sys [x]R3 W35UND;IS89C35 802.11bg WLAN USB Adapter Driver;c:\windows\system32\DRIVERS\W35UND.SYS [x]S1 A2DDA;A2 Direct Disk Access Support Driver;c:\documents and settings\Administrator\Desktop\EmsisoftEmergencyKit\Run\a2ddax86.sys [x]S1 MpKsl31e1e677;MpKsl31e1e677;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{553C0FE8-EAB2-4CAC-9F1B-917F75C1B7E5}\MpKsl31e1e677.sys [x]S1 wbsecdrv;wbsecdrv Protocol Driver;c:\windows\system32\DRIVERS\wbsecdrv.sys [x]S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]S2 wbsecsvc;wbsecsvc;c:\windows\system32\wbsecsvc.exe [x]S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\DRIVERS\RT2860.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - MPKSL31E1E677.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]2007-12-05 12:27 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe.Contents of the 'Scheduled Tasks' folder.2012-12-10 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 17:47].2012-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1467870581-1007085115-327826852-1003Core.job- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-23 18:03].2012-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1467870581-1007085115-327826852-1003UA.job- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-23 18:03].2012-12-10 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 17:25]..------- Supplementary Scan -------.uStart Page = hxxp://www.yahoo.com/uInternet Connection Wizard,ShellNext = iexploreuSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoSoftonic&dpid=SnapdoSoftonic&co=GB&userid=1eba8fe6-61e6-4164-b5e0-b463e81bb4e3&searchtype=ds&q={searchTerms}IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTCP: DhcpNameServer = 192.168.1.1 192.168.1.1DPF: {7B43048F-DA7A-458F-AF35-D825BDBB6816} - hxxp://84.252.54.2/codebase/NetVideoOCX.cab.- - - - ORPHANS REMOVED - - - -.SafeBoot-Wdf01000.sys...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-12-10 22:11Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{00207CE8-C69B-4C21-BC93-6644554A1E21}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{02EA3DB3-128D-47A0-9D82-2F8CE9B98A66}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{03BFFABB-64E1-49AA-8B4A-1BF44582BAF5}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{04130F13-A8FD-4448-8ED1-8F7BC2AE5AAF}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{050B475C-FB79-4777-BDE9-7C35529607A7}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{0590BF59-8FAE-4109-8103-9611E11D2FFF}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{059636F6-70D3-4EF3-81BB-1CFAA896AE86}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{06ABE828-3612-462D-9389-CE59B70C6F12}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{07120512-47D1-44F3-AF8A-952798EE09EA}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{0796B859-0D2E-43B1-8C15-B94D1FB00ACA}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{096C14FF-DFF5-46EC-84FB-C160BEB7BE63}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{09895F48-05ED-43C4-B66E-147149D20CAD}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{0CC1873A-D0A9-408A-B77C-FB99A9546E2B}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{0EEC211C-65C1-406D-B501-EAE04841F68E}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{0F2F8D58-E4DD-4073-A0C0-8A94568E4374}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{10167DE9-9D6A-4B40-9C5A-69ECF8F0D423}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{1022ACF4-ECF1-4E3B-A06B-02A06EA28B70}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{104C5497-3C49-476C-937A-9640E48D8450}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{11290E80-0829-46DA-B2E4-C38A1A8DC09E}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{136B5933-E0D5-46FC-915D-0327F69A5BD5}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{137CF105-D8E9-414F-B9A0-F0449D844193}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{14196191-B62E-4CC7-B8A2-6E6666269D96}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{15206759-FE74-4D76-B12D-C93C4755A693}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{1818EA6A-699B-4DB8-AB78-60F2CF94E9FB}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{18D8589E-36BA-463C-A6A6-F10F9B713A5D}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{1AE23F59-5476-4A08-8047-7B6A7F408747}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{1C443049-A819-4E57-9542-7EC5F0F21EBB}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{1C4EB349-238A-4829-B5A4-63231D96BF19}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{1C62AB29-71F7-40C3-90B2-F42D1C60D80A}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{1EF78278-2111-4CFB-A75A-BD013A740141}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{1F60E065-9726-49C0-BBC5-5705AD317E82}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{1FAD8D60-48DF-4814-887D-EDC0DD36ECBF}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{2050BF79-09F9-451B-8D29-963417C51246}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{20F7C35B-D8D9-48C3-B924-A6717F849CE0}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{217FC516-25D1-494F-A197-60046F742453}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{21B4D745-41E7-4931-981C-4BD574C8AF78}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{22673033-B9F3-4212-AB91-391AECF129AB}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{2355C346-80B6-4846-A675-FE44F407E2E9}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{23EA2685-1CFE-4D10-97F6-49D2DB8B4D3E}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{23F43826-AD38-4F8B-A6F2-E9254F7F26C9}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{24E4DC01-72AD-4DA7-ACAC-699A0F50E548}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{2535D163-87BB-4B57-8D96-8C485263F2D5}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{2548E56D-387B-474E-B2BC-BAE11C0EDF18}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{25CEC43B-6ADB-4B14-8DA5-27FB8EEE5BB7}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{25FAA4DE-66ED-412B-AF3F-77DA96C0D76F}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{262F4ED2-2DA8-42FC-B5B0-CC1849709618}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{2672D0A7-9A01-4D4B-A18B-1E8F4F4A3866}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{26BCD163-FF69-499A-AB27-D2B056BD38F6}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{26E3BE5B-8A9D-4F5B-A040-53C53168192C}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{2734972E-0958-43BB-BE01-5FE83C7DC352}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{28022EA9-3CA9-4505-B729-C0F847C05891}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{29DC652D-5335-4E5A-A01A-C3ED376AF26E}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{2A576404-AF9B-40D7-89A2-4BDFB91EB928}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{2C4FEB45-5852-4EBA-9355-2FA7829B518F}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{2CA03D99-7974-4420-8CE2-F39282791523}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{2D54B0DA-407E-4175-9A03-78BCBFA2A9C0}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{2DA206A0-997A-4FD0-9D0B-E44D7B62B79A}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{2DC54213-9811-417A-8C06-BBD600F66E8A}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{2F2B032E-18C1-4BB9-8F42-48AB9F4D9E83}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{2F69F6F3-0456-47B4-970D-11E49E110E25}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{30633D4D-8FDD-4841-BBFA-47873848353E}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{30AE6436-00FC-4201-BD7B-B6FEFA8A8013}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{3446DD7C-9CB8-49F6-82EF-FDDE0A45C2B7}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{357A9ABF-48A2-48C5-8DB4-0D91367DD32A}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{361570DA-9083-4E02-8C40-B569A87EEDFC}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{367D5A75-BE4D-469D-82A1-03AFB9D8F8C1}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{36900768-0FB5-4A29-8AF0-6E918D668C5C}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{3694EB94-B344-4D93-996E-12D03442B5F3}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{3A0EEC21-BD94-4C30-8BC4-5AF0361C0369}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{3B8D5B3D-45BA-423E-A516-A0A2D9EAE308}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{3C36994C-78F4-4D37-B5A9-B5D849BC22D4}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{3C93F1A6-7C6F-4EC6-952B-A546F52FBC9B}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{3F1EBB61-EF75-4805-99F5-5E5A5C03B53F}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{3F9D6BF6-D403-41EA-AC5E-3E354D2AA2F3}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{3FAF786D-17BA-4AE0-A30A-5DE163BD2CE4}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{407059D2-52C6-4409-AC58-2283840E8587}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{438227C2-0788-41B6-9EC4-086F45CFE653}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{46886E83-0C67-4C4F-9AE1-7B35994B7375}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{46C5D289-0683-4C97-B1F6-B2819C723765}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{4789CFBA-B54E-42F0-A763-F35253F10896}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{483FB6CF-F967-4433-878D-EA5263942C89}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{489EB3BD-0AF1-4C75-8188-9596F98E91D0}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{49BE86ED-3C07-49CD-875C-113D7C1E493F}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{4A7D2902-8238-496D-B050-96A1BE088DBE}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{4B376DFA-5A37-42C0-951C-935847857270}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{4B445BD7-83DA-4C6D-82A4-3E6638999982}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{4BE5BD97-E13D-48D4-A970-CE3E96308BC4}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{4C7F35A3-86EF-4A22-B907-253ACE8AC8FF}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{4C9905B7-F9CF-4CD0-B3FD-56FDECD18499}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{4CD3E482-9903-4A2B-A94B-F8DE0474B767}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{4D000210-F704-4C84-B593-1F3CFEA6286E}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{4EB2B75A-7B7C-4E2A-A9BD-4E67B083EAF7}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{4F43A22C-2629-4516-9F88-392FE886053C}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{5137DCC1-ABCD-4894-BDDD-5AA37C362F30}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{5145CADC-B1F2-4623-B7D7-681A861BBB16}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{516A0048-D488-4520-9730-DD591B6B6DA0}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{5233C162-3A75-4EC1-B877-E343CAB6D090}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{52713725-EFBA-4F4D-AF32-FFEDF49CCD00}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{52C022EB-C8A4-49F7-A58B-BD444F5A56C0}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{537E95D8-8857-4348-8693-3DBBD0630DEC}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{545123B5-A40F-484A-89BC-12B08E8DCBC9}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{5594C8F0-8FEB-46AF-98BB-FA7723D09ADC}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{55BF54C9-2A56-41DF-BB4E-6D1340296DD2}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{562B53D2-1FD1-4B54-872C-7B6EB8B1228B}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{56A601C5-7DE2-4988-B323-817667F2E7CF}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{56AE6F4D-36CD-484D-AC37-A488C5B83036}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{56D7FE31-7FF6-4905-903A-F289033FE853}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{57E1AC53-3333-4CBA-9852-E6ECA52E9889}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{58E4FDA6-3125-4434-A981-D6545F528341}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{59676FE5-E003-4196-ACBF-4BF6CFE65222}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{5A6938F0-ADE8-4348-B54E-614459280D9B}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{5AEFA5C0-2654-43EE-B0FC-CCF3E0F094D5}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{5AF0D6C7-B9D5-4FE7-A7C5-59BDBEFC4B65}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{5D2F81F2-3F14-4F6A-8AB9-247B0160AD08}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{5DE5AE3B-4E08-4BBF-A2AD-45AE29EF1B9F}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{5ED028E9-B2C3-47E1-9732-415990B225D2}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{5F1D4037-DD52-4A61-8706-274995C6C3DD}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{5FCB911B-CB12-4C04-9B74-1E18E7D97448}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{6123025C-A582-4E07-A582-FE7BDF17801E}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{62C32A1D-7629-4A7B-B389-8CB66661817D}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{630C2BD5-4B12-48A8-B4B6-5F7387B8259A}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{635DB821-D5CD-4556-B6F5-6131A652643B}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{6365E541-D6CB-4C0A-B77F-DCFC4D514EFD}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{63FB36F7-2429-481C-9B12-4BD840F88C59}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{64F4BE80-3F83-428E-8DCA-C3DE54CDD7E1}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{6612D8FB-79FD-4EED-878E-9EE4C6D7209E}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{66B25009-46B7-42B7-9F76-5B5CBA514E32}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{66BA1945-3BB5-41DB-B0B3-C41533F14238}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{68C393B0-BCB9-4C84-9FEC-C2187FBD8B05}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{68E2D48F-F3EE-43F2-866B-257437ACDFE0}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{6C1D06F4-CB26-4C20-99E9-990862EDD0E3}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{71966CD1-09A0-4B72-BB10-89F4DFFE565A}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{71AE647C-FB4C-400C-82FE-1AA7B93E8F82}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{71FB61BC-AC76-4735-954E-E1B4B72F48BA}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{72B30F8E-2BF1-4205-B1C3-098C077793A5}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{739BB196-278F-4F47-9471-939C607306D7}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{746B13D2-A7B9-4229-A161-3CA41CE29992}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{757A446D-262C-4232-BDBB-CB51E171B7D9}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{769992E8-415C-4819-93F3-80F5C034DBE3}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{77017185-13B2-4F4D-BB60-964F7B7F2BFE}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{77B866F5-3BF5-4955-8E04-EF9370BD044E}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{78AAB45C-4DCF-4760-9995-CEAAAFA62995}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{7917CA48-A6CC-4623-867A-4912AD2FC061}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{791F831B-4729-42E3-91E8-CD038367F929}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{79297396-86F9-45A4-8595-6EBD33534F99}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{7C228060-5126-4CE8-86EA-39572F9B0966}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{7C415F1E-9532-42E1-8EE3-C09B8118FFA7}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{7D8610CF-7711-499F-BFC2-593E4DFA47E0}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{7DFD28B7-756E-4417-9FA0-3AE313B9DD69}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{7E6E8EEE-E9EB-4B7B-93FF-EB783DC86FC4}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{7FE8176B-3878-4212-A9D8-3CFA35447AAA}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{8259FF51-C7D8-43EC-8C40-7577F9D51AEB}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{8269806A-ACF8-4CE1-8762-D4FC7BC1A5E7}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{829433AF-1E4A-4D38-94B4-1F59D8977337}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{82C1C439-C733-4FD0-AC36-BD41EA2DB150}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{83A303B1-EEA1-4E9D-85F3-CF4082CE0AFD}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{84720A9D-B613-4805-8A1E-E4A099D4EC8F}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{85E2C8B8-3C8B-4DA9-89AB-4ADF9F7E1CB6}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{85E8257C-7978-40D9-A106-6DB9748AA303}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{85F109B8-006E-48A9-BA79-65CF1E6DBB71}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{869A1F1E-4301-497A-8462-4695E33EFBC4}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{877EE3FC-8EA3-452B-9B3B-3A3E84777A71}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{881F4467-183D-4F3E-A977-C5335AC5EC8C}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{885122A9-959F-4470-A70B-B20241FCED94}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{88F1D1C4-39AB-4D9A-B4A6-879A2B2F6D75}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{89A85667-6A63-4889-90BA-97B153DF03CF}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{8AFA7AB2-5908-48B9-917F-503FD84C84B9}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{8BA20471-F31C-46DC-88C2-30C970B82F3F}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{8C231C4E-41A6-46B3-8225-BE8A703180BE}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{8CB8EF34-776F-4A36-86FA-5ABE56EBD933}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{8DA0AAA1-FD6C-43F1-8431-81743DA09B82}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{8F19F0FD-AEE0-4ADB-AA91-6507BD2A541E}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{8F76837C-65D1-4E44-A391-BF97D6561AF0}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{905CD670-6E2D-420B-8BDE-E53D39882EF1}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{90AFA9D4-05B5-4825-9884-458361B26005}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{9138BC82-33C0-49C1-8A0F-B944B75A3D89}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{918FAA38-5E95-46A4-B630-7B15B17029B8}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{9358035D-763C-49BC-9A74-1316326D39A7}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{94C4497E-59D9-490E-9F0D-2F9D29ACA8E4}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{98507E2C-88F2-4324-B048-391E9CDE26CC}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{9AD376A6-A85A-40FD-BD35-657DF4733CF1}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{9C77F99F-812C-4B84-92EF-D70676F2B625}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{9D072C71-10F2-4CC3-AB67-459B5B8BA2D1}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{9EA4DA87-BB6F-4912-A837-34E57965D3AB}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{A04ACA83-4A2E-483C-8B48-2C9A057E06B9}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{A1D33AF2-6053-4FB1-A5E9-7ABA109DB7CC}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{A2B48264-DC8D-416E-B0BB-EFD96B46ADFF}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{A2C6E160-5CB4-43EF-BE0F-D6B6BD336EBD}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{A4343B97-4F86-49E9-95E7-F91FE80E6192}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{A6673B88-BC32-44BA-AB23-34667EF3DA02}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{A83946C2-4AFC-48C8-8E48-23980A5DD610}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{A859A3BC-4221-4728-870E-F55583FBBBD2}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{A9F12317-29BE-4626-AE94-275D892E8FF6}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{AB9B4031-02C4-4F9D-8EF1-6C4DDFDC9727}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{AEA76D79-F42F-4DDA-B779-6C247FF918D9}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{AF521F43-5512-4EC4-B475-0981F7E6360A}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{B056990F-DAC5-4C64-8556-A8C58E88E7FB}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{B07FE61D-BCC5-404C-A17D-5096F685C052}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{B14A2867-DA18-434F-AEA4-94B2192489F0}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{B14AE228-4730-47DD-8244-C70E6AFC33C3}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{B25D47D0-54B0-493B-82D3-E5A1FE6D266F}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{B40B048F-DA24-401C-92EE-2E4EB5D989B4}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{B50BB066-83C7-4C71-80C3-C23BA3FCC430}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{B5E767E7-B52B-41A3-9AB7-399BAFE847A8}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{B7F041BB-3B85-4D1B-BCB0-0187FB610B0A}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{B9A7402F-346C-41DF-BB58-DE486D662DB3}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{BA8BFBF2-89C4-4C26-97A4-8F5E198599BE}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{BB597CC8-CCF1-4D83-BC8E-CC4C8C636610}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{BE438D35-9C6B-464B-9B27-0E4E2458759F}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{BEFC008B-C803-4567-966D-7A300CA63994}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{C0E7576C-302F-49FE-A766-E8DAC477657A}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{C0FE5A5B-AB4A-442D-A69D-59399FCF2156}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{C14B85A2-E0ED-4D39-BF36-69F7B65BB7A4}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{C14BC95F-9FE4-4D20-9EBB-B6D9904FFD5E}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{C3B868A0-051C-42B4-8ADC-7FF06DFDA8D6}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{C47D744E-7709-4EC1-9FA1-4AEFCD6F5921}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{C51CB415-D293-4601-BEB1-075EFE47A131}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{C61F7B47-529F-41AA-BD3D-97BB766C06E5}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{C63EB040-F4F5-4778-95D7-02922037DFFC}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{C6E5EE2F-F7AE-47FF-AED1-F82E8890AA05}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{C6EA41AE-F7BB-4852-8FCF-DC8AFE2D2968}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{C725C073-23EB-4C70-A545-C56925E1AC27}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{C9584063-39E2-4DB3-BF04-93C791206193}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{CB9517EF-891F-49D4-87AF-C9EFB1E0C8EC}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{CCA00D19-054C-4671-A0B4-9030173F9AD1}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{CCB0C970-DDA4-4E51-B4FF-F7F55D5B0C45}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{CD5291A3-1302-4DE7-8CEF-06FFC6F2056E}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{CDDBD0C5-D7E1-4788-AFC2-284A1995AD82}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{CF964093-850E-46F6-BBE3-5D3B2705ADA9}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{D1331393-D075-417F-8D8B-944211DDFE41}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{D138F2EA-E68D-46E2-B070-DD5715E4E1A7}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{D2C4BE59-3379-47D6-9E13-4B9EAEEC4419}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{D2F4EC82-6C2B-4512-AC09-C4DE090ACDBE}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{D31DFABC-1163-4C61-A6FA-941F4B78F714}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{D353AE09-E870-4817-9237-76FCBAF21514}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{D3561868-AEE6-4DA9-9A11-EF5E0089E2AF}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{D45106F3-C5AD-4FC7-857D-11744A8B1EF6}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{D49C52D5-4800-4594-8D79-06E6CB4724FE}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{D4F108AC-EB73-4B3A-BA70-5CDC408D1507}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{D4F615DE-649E-424B-8278-2EC729A82611}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{D511A498-81D2-4724-9654-AA025DFF4555}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{D55ACEC0-96E9-4FA5-831B-9811DCDF7E15}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{D60EA846-1A26-49D6-AA0F-81B4F1C4B51B}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{D6724E42-8FE8-4F94-AABB-B72982E932D2}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{D675E4FF-3919-4DA2-8DC3-9F536B1B63B1}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{D7C963FA-DE28-4654-A03C-8A6802B55BBF}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{D8746192-B017-413B-8045-E98AE638BFCE}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{D99FB9F3-F395-4B64-81B0-51EB95706AE7}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{DAAD93A9-E77D-4177-A086-B41BDABC6979}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{DBD13F38-222C-4815-9C90-8F7812F062D3}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{DCAA6CB0-3350-4F02-BD69-92D1B56BB36B}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{DD538111-11D0-4306-8073-77A38B5B6038}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{DD817F81-AB11-40EA-BB3E-705CDDF66E85}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{DDED1EBC-6B4B-48A9-AD8D-47D5F8E98596}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{DF1BD467-D5A9-4069-8B05-08459502B198}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{DF5AF9B3-4DCE-4316-B61D-41919A078A66}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{E0127B17-967B-4F15-AAAB-FCE390A1916C}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{E0DBCCBC-DDA0-4161-A795-0D863D7075E7}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{E148B2FB-52F8-4337-8DB6-759670B473A2}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{E2044721-411C-4A87-B27C-0AC4747F0358}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{E278755D-E199-4F38-BD48-12118F08DB82}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{E2FB4B8F-894B-4D16-A57F-62545AB6978C}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{E401CA75-8530-48A2-9473-DECD413E8556}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{E4719104-8628-4D18-ABDE-B8D8C3FB1682}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{E5072707-EB55-42D9-B469-ED2FC984F7C8}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{E530B757-2FA1-419B-A7C4-553D4D59A54B}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{E540ED54-6149-44A8-BD3C-85D49E9586BD}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{E66166DB-8083-42F3-B7C8-4A5782D75FAB}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{E67714F8-1091-4B87-94A4-BFE03F5AD21B}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{E7062C58-F5FA-4CDB-9F6D-D3AD04E496C7}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{EA01A497-CB5C-478D-9813-8B320377D0DA}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{EA306682-4BE5-4CE0-B5D7-F0AED369ADE0}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{EEBACEDB-682E-4C61-9B4E-C875F9F1CFEA}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{EFB6CA56-6FD1-4968-9008-8EEA919A2B42}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{F0157B82-2C15-44B7-A05B-86FD60FEDFC0}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{F0B62E17-4F1B-4725-9443-28AA06DEE1CC}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{F0C875F8-3073-4E64-A72B-3A806EA57536}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{F1038B0B-D5DB-4604-BE4C-75216D42D6B2}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{F22D57C7-C983-475E-BEEF-D3DCC72171D0}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{F2493C83-D31D-4DFC-A63D-D3A1FBF2E98F}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{F294FE85-4BAF-46CB-B03E-38EFA6BA6905}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{F2E5FAA1-37D9-411D-AC48-54AE58C948B3}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{F370A35C-B623-49DC-B810-2274693A6921}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{F79815A9-2F43-4C92-96C5-FA10F768D7BA}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{F91B25F4-7D83-4A29-A4DD-D43BFE77CC3E}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{F9B5E817-895D-478A-80AA-6C1A8B95E620}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{FA3C6EF5-9B75-47B5-A7F8-0996417E059F}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{FAA42DFE-FFB8-4622-B468-7E9992F829F6}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{FB326653-193F-43ED-94D5-1649A874C4EF}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{FB3ECF40-0877-4673-A87B-914313BD61B5}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{FB4A344F-232A-4A40-930D-EB5A2FCACA98}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{FBCA27AC-2E02-48CC-B102-E54558558570}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{FD667CA4-13DD-4523-955D-2AFB55679FC6}\UDN Mappings]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\software\Microsoft\UPnP Device Host\Description\{FFA7E1CE-B427-4A19-98B1-017966AB1BDF}\UDN Mappings]@DACL=(02 0000).Completion time: 2012-12-10 22:14:44ComboFix-quarantined-files.txt 2012-12-10 22:14ComboFix2.txt 2012-12-09 15:33.Pre-Run: 93,995,282,432 bytes freePost-Run: 94,008,094,720 bytes free.- - End Of File - - D83BFD1CD56C4FFF77A093157E21023E Quote "Lets see which one of you nuts has got any guts?"------------------"But I tried. God ******, I sure ashell did that much. Didn't I?"
Yockie Posted December 11, 2012 Author Posted December 11, 2012 etavares,I have no idea why all came out so squashed in my previous message, apologies for that. Quote "Lets see which one of you nuts has got any guts?"------------------"But I tried. God ******, I sure ashell did that much. Didn't I?"
etavares Posted December 11, 2012 Posted December 11, 2012 The board is acting weird. It's loading extremely slow for me and giving a few errors here or there. Please try attaching the log, that might make it more readable. Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Yockie Posted December 11, 2012 Author Posted December 11, 2012 Lets try this way, I devided the log into 2 parts A and B. Quote "Lets see which one of you nuts has got any guts?"------------------"But I tried. God ******, I sure ashell did that much. Didn't I?"
etavares Posted December 12, 2012 Posted December 12, 2012 That's better. At this point, please launch OTL like before and press Quick Scan and post the resulting log. -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Yockie Posted December 12, 2012 Author Posted December 12, 2012 (edited) all squashed again, Edited December 12, 2012 by Yockie Quote "Lets see which one of you nuts has got any guts?"------------------"But I tried. God ******, I sure ashell did that much. Didn't I?"
Yockie Posted December 12, 2012 Author Posted December 12, 2012 all squashed again, lets try with attachments agaian Quote "Lets see which one of you nuts has got any guts?"------------------"But I tried. God ******, I sure ashell did that much. Didn't I?"
etavares Posted December 13, 2012 Posted December 13, 2012 Hello, Yockie. ALmost done, I think. Step 1 Next, we need to update Java. Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update: Download the latest version of Java Runtime Environment (JRE) 7 Update 9 32-bit version. Note that if you have 64-bit windows, the default is to use a 32-bit browser. If you modified your IE to use the 64-bit version, make sure to also download the 64-bit version. Save it to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java version(s) shown below: Java 6 Update 31 Java 7 Update 7 Reboot your computer once all Java components are removed. Then from your desktop double-click on the java file you downloaded to install the newest version. If you downloaded the 64-bit version, make sure to install that as well. Step 2 We need to create an OTL report, Please download OTL from this link. (If that link doesn't work, try this alternate link Save it to your desktop. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png icon on your desktop. Click the "Scan All Users" checkbox. Select "Use Safelist" under "Extra Registry" Under the Custom Scan box paste this in: netsvcs msconfig %SYSTEMDRIVE%\*.* %systemroot%\system32\Spool\prtprocs\w32x86\*.dll %systemroot%\*. /mp /s %systemroot%\system32\*.sys /90 %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\*.exe /lockedfiles %systemroot%\System32\config\*.sav %PROGRAMFILES%\* %USERPROFILE%\..|smtmp;true;true;true /FP HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT Click the Quick Scan button. The scan should take a few minutes. Please copy and paste both logs in your reply. If they are too big to paste in one reply, please split them into separate posts. Step 3 Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2 MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes. Make sure you are connected to the Internet. Double-click on mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware [*]Then click Finish. MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install. On the Scanner tab: Make sure the "Perform Quick Scan" option is selected. Then click on the Scan button. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process. Back at the main Scanner screen: Click on the Show Results button to see a list of any malware that was found. Make sure that everything is checked, and click Remove Selected. When removal is completed, a log report will open in Notepad. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system. Exit MBAM when done. Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. Step 4 I'd like us to scan your machine with ESET OnlineScan Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button. [*]Accept any security warnings from your browser. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png [*]Push the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png [*]Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button. [*]Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Yockie Posted December 14, 2012 Author Posted December 14, 2012 Hi etavares,Thank you very much for overestimating my PC abilities. LOL. :-) :-) :-) I tried to follow all four steps, but turns out it was with variable precision. I am not sure do I have 32 or 64 bits IE, but looked up on the net and decided that mine is 32.On the OTL it came as one log, as I didnt press Quick scan, but Run scan. The second one seemed good, but the third one did not came up at all as you said, but with some different icons and options. As you have the strict pattern to pay me attention ones a day only, I didnt want to waste today for just asking you the silly question - "do I do it right" ( I suspected I do not anyway) and decided to just do it 50-50 your and my way. I made a print screen pictures, because I thought this will make you deal with that easily. I made it PDF, as word file was too big, but if you want - I can send the word file to you as well.Please, let me know how acceptable was my work today to you.Thanks.P.S. I've attached the logs, as oppose to write them out in the post, as everything I write seems to come out squashed, so I thought I bet on the safe side this time and just do attachments. Quote "Lets see which one of you nuts has got any guts?"------------------"But I tried. God ******, I sure ashell did that much. Didn't I?"
etavares Posted December 14, 2012 Posted December 14, 2012 Hi Yockie, No worries, it looks like I need to run ESET and update my speeches, they must have updated it. You did it right so far. Did ESET find anything or is it still running? -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Yockie Posted December 14, 2012 Author Posted December 14, 2012 Hi etavares You can see all the process of ESET on the pdf file I attached in the previous post. As I didnt know how to preserve it for you (it didnt indicate that will produce a log) - I did Prt Scr in several stages of the ESET scan, + in the end you can see the result in the last 2-3 Prt Scr. It did find 10 some-things-I-didnt-understand-what, and I clicked to delete them (oops ?? or...?)Please, have a look at my pdf file, or I can send word file as well, but its too big for attachment. Quote "Lets see which one of you nuts has got any guts?"------------------"But I tried. God ******, I sure ashell did that much. Didn't I?"
etavares Posted December 15, 2012 Posted December 15, 2012 Hi Yockie, Sorry, I only saw the first page! It looks like you had a bunch of poisoned java files. That's why it's important to keep Java updated. THey're fine now that they are deleted. How is your computer running at this point? If good, we'll clean up our tools next. Also, did you have AVG installed at one point? I see some signs in the log. We may need to run the uninstaller. Let me know. -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Yockie Posted December 15, 2012 Author Posted December 15, 2012 Hi etavares 1. I will number my post, as I cant manage to separate the lines here , 2. I never update Java, I thought it updates itself, is it not?? 3. I had AVG, my son is firm fan, but I removed it ( I thought I did) and now I have Microsoft Essentials. Pls, have a look at the attachment, I made print screen of my programs, and there is no AVG there. If it hides somewhere else - pls, tell me :):):) 4. tell me how to remove the tools, as I dont know which tools and how to remove them, when the time comes. 5 Thank you for the help, if I missed to say that so far :) Quote "Lets see which one of you nuts has got any guts?"------------------"But I tried. God ******, I sure ashell did that much. Didn't I?"
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.