Trojan virus infected and stopped internet usage and windows explorer. C

View previous topic View next topic Go down

Trojan virus infected and stopped internet usage and windows explorer. C

Post by blumes on Fri 15 Oct 2010, 12:19 pm

I recently had a "Windows Essential Security Alert" come up to tell me that I had a trojan infection on the computer. The apparent Windows program had a button to deal with these issues but when clicked nothing happens at all. I'm guessing this program is part of the virus itself and is only making the situation worse. Now I cannot use Windows explorer or get on the internet in any way. I then used malware bytes to clean out the trojan but the programs will only run in safe mode. Help.

blumes

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2010-10-15
Operating System : windows vista

View user profile

Back to top Go down

Re: Trojan virus infected and stopped internet usage and windows explorer. C

Post by Belahzur on Sat 16 Oct 2010, 9:49 am

Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojan virus infected and stopped internet usage and windows explorer. C

Post by blumes on Sat 16 Oct 2010, 5:04 pm

OTL logfile created on: 10/16/2010 1:58:54 AM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\blumes\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.46 Gb Total Space | 230.85 Gb Free Space | 82.61% Space Free | Partition Type: NTFS
Drive D: | 410.87 Gb Total Space | 410.69 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive G: | 37.24 Gb Total Space | 1.32 Gb Free Space | 3.55% Space Free | Partition Type: FAT32

Computer Name: BLUMES-PC | User Name: blumes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/16 01:58:19 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\blumes\Desktop\OTL.exe
PRC - [2010/10/05 08:36:16 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/09/23 12:50:43 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
PRC - [2010/07/15 09:52:48 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/13 14:42:16 | 000,319,792 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/02/04 16:38:06 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/02/02 00:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 00:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010/01/27 04:38:22 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/05/21 21:21:18 | 000,890,368 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe
PRC - [2009/05/12 12:36:18 | 000,623,888 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2008/05/16 03:57:38 | 000,615,424 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.64\aaCenter.exe
PRC - [2008/05/09 11:41:42 | 001,211,904 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Direct Link\AsShare.exe
PRC - [2008/02/15 15:07:48 | 000,196,608 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\AsHookDevice.exe
PRC - [2007/11/12 07:47:46 | 000,410,624 | ---- | M] () -- C:\Program Files\ASUS\AI Manager\Page\iGear\GearHelp.exe
PRC - [2007/08/17 07:50:00 | 000,483,144 | ---- | M] (Corel, Inc.) -- C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe
PRC - [2007/06/05 09:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe
PRC - [2007/04/11 13:34:22 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe


========== Modules (SafeList) ==========

MOD - [2010/10/16 01:58:19 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\blumes\Desktop\OTL.exe
MOD - [2010/08/31 11:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/09/23 12:50:43 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/07/15 09:52:48 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/07/15 09:52:46 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/04 16:38:06 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2008/07/27 14:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/02/15 15:07:48 | 000,196,608 | ---- | M] (ASUSTeK) [Auto | Running] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)
SRV - [2007/06/05 09:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ULCDRHlp.sys -- (ULCDRHlp)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/07/15 09:52:53 | 000,317,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/07/15 09:52:47 | 000,027,216 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\AVGIDSva.sys -- (AVGIDSErHrvta)
DRV:64bit: - [2010/07/15 09:52:21 | 000,269,904 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/06/03 09:42:09 | 000,035,536 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/03/14 09:36:23 | 000,056,008 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (AvgRkx64)
DRV:64bit: - [2009/12/31 16:54:50 | 000,029,976 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2009/09/23 08:55:23 | 000,069,152 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/20 19:33:36 | 000,028,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/04/18 06:22:06 | 007,876,736 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/04/10 02:38:04 | 000,128,000 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2008/03/03 14:19:04 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/02/21 06:24:20 | 000,062,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/01/20 22:49:47 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/12/17 07:32:00 | 000,056,832 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\l160x64.sys -- (AtcL001)
DRV:64bit: - [2007/11/21 07:18:58 | 000,392,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28x.sys -- (netr28x)
DRV:64bit: - [2007/06/20 09:49:34 | 000,053,248 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2006/10/31 11:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/07/15 09:52:47 | 000,132,688 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista64\AVGIDSDriver.sys -- (AVGIDSDrivervta)
DRV - [2010/07/15 09:52:47 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista64\AVGIDSFilter.sys -- (AVGIDSFiltervta)
DRV - [2008/01/04 09:34:48 | 000,011,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys -- (ASInsHelp)
DRV - [2004/12/23 00:47:10 | 000,027,392 | R--- | M] (Ulead Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ULCDRHlp.sys -- (ULCDRHlp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "stereomood.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: avg@igeared:4.906.030.003
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:4.5
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.2.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.73
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/27 04:46:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/09/23 13:12:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/10/03 09:23:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/17 21:06:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/17 21:06:12 | 000,000,000 | ---D | M]

[2009/12/02 16:27:35 | 000,000,000 | ---D | M] -- C:\Users\blumes\AppData\Roaming\Mozilla\Extensions
[2010/10/15 21:16:17 | 000,000,000 | ---D | M] -- C:\Users\blumes\AppData\Roaming\Mozilla\Firefox\Profiles\hsmfrmvc.default\extensions
[2010/05/04 23:59:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\blumes\AppData\Roaming\Mozilla\Firefox\Profiles\hsmfrmvc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/22 00:07:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\blumes\AppData\Roaming\Mozilla\Firefox\Profiles\hsmfrmvc.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/03/14 19:53:30 | 000,000,000 | ---D | M] -- C:\Users\blumes\AppData\Roaming\Mozilla\Firefox\Profiles\hsmfrmvc.default\extensions\searchimdb@sogame.cat
[2010/10/14 21:02:14 | 000,001,238 | ---- | M] () -- C:\Users\blumes\AppData\Roaming\Mozilla\Firefox\Profiles\hsmfrmvc.default\searchplugins\facebook.xml
[2010/10/14 21:02:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [Corel Photo Downloader] C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe (Corel, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files (x86)\Corel\Corel MediaOne\Corel PhotoDownloader.exe File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\blumes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\blumes\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\blumes\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/14 10:33:12 | 000,000,000 | RH-D | M] - G:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/16 01:58:16 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\blumes\Desktop\OTL.exe
[2010/10/15 03:08:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshsq.dll
[2010/10/14 21:54:02 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/14 21:54:02 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/14 21:54:00 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/14 21:53:45 | 010,624,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/14 21:53:42 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/14 21:53:15 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/14 21:53:14 | 000,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/14 21:53:14 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010/10/14 21:53:12 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2010/10/14 21:53:11 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/14 21:53:11 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/14 21:53:11 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/10/14 21:53:11 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2010/10/14 21:53:03 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2010/10/14 21:53:03 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/14 21:52:55 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/14 20:00:47 | 000,000,000 | ---D | C] -- C:\Users\blumes\AppData\Roaming\Malwarebytes
[2010/10/14 20:00:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/14 20:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/14 20:00:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/14 16:31:30 | 000,000,000 | ---D | C] -- C:\Windows\pss

========== Files - Modified Within 30 Days ==========

[2010/10/16 01:58:19 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\blumes\Desktop\OTL.exe
[2010/10/16 01:56:08 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/16 01:56:08 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/15 21:09:05 | 000,000,000 | ---- | M] () -- C:\Users\blumes\AppData\Local\prvlcl.dat
[2010/10/15 19:59:59 | 000,624,891 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavifw.avm
[2010/10/15 19:59:58 | 066,440,372 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/10/15 19:56:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/15 03:31:10 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/15 03:31:10 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/15 03:31:10 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/15 03:25:21 | 000,403,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/15 03:25:11 | 4285,718,528 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/15 03:24:28 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/10/14 20:00:38 | 000,000,856 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/06 00:35:15 | 000,002,341 | ---- | M] () -- C:\Users\blumes\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/09/27 12:38:34 | 000,022,395 | ---- | M] () -- C:\Users\blumes\Documents\untitled_0.odt
[2010/09/23 12:45:51 | 000,023,131 | ---- | M] () -- C:\Users\blumes\Desktop\Untitled 1alec.odt
[2010/09/22 11:46:17 | 000,017,408 | ---- | M] () -- C:\Users\blumes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/20 08:14:32 | 000,316,416 | ---- | M] () -- C:\Windows\SysNative\msshsq.dll
[2010/09/20 05:25:01 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msshsq.dll
[2010/09/19 08:23:41 | 000,012,884 | ---- | M] () -- C:\Users\blumes\Desktop\Untitled 1.odt

========== Files Created - No Company Name ==========

[2010/10/15 03:08:01 | 000,316,416 | ---- | C] () -- C:\Windows\SysNative\msshsq.dll
[2010/10/14 21:54:06 | 001,923,584 | ---- | C] () -- C:\Windows\SysNative\ole32.dll
[2010/10/14 21:54:01 | 000,189,952 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2010/10/14 21:53:58 | 000,633,856 | ---- | C] () -- C:\Windows\SysNative\comctl32.dll
[2010/10/14 21:53:54 | 002,751,488 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/10/14 21:53:48 | 013,425,152 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2010/10/14 21:53:42 | 008,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2010/10/14 21:53:18 | 007,015,424 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/10/14 21:53:17 | 005,692,928 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/10/14 21:53:16 | 000,590,848 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/10/14 21:53:14 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2010/10/14 21:53:13 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/10/14 21:53:12 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/10/14 21:53:12 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/10/14 21:53:12 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2010/10/14 21:53:12 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/10/14 21:53:12 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2010/10/14 21:53:12 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/10/14 21:53:11 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/10/14 21:53:11 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/10/14 21:53:11 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2010/10/14 21:53:11 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/10/14 21:53:10 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/10/14 21:53:10 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2010/10/14 21:53:04 | 000,461,824 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/10/14 21:53:04 | 000,179,712 | ---- | C] () -- C:\Windows\SysNative\srvsvc.dll
[2010/10/14 21:53:04 | 000,175,104 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/10/14 21:53:04 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2010/10/14 21:53:03 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\netevent.dll
[2010/10/14 21:53:03 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\sscore.dll
[2010/10/14 21:52:56 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/10/14 21:52:55 | 001,090,048 | ---- | C] () -- C:\Windows\SysNative\wmpmde.dll
[2010/10/14 21:38:49 | 4285,718,528 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/14 20:00:38 | 000,000,856 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/14 20:00:35 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/28 16:01:40 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/09/28 01:05:41 | 000,022,395 | ---- | C] () -- C:\Users\blumes\Documents\untitled_0.odt
[2010/09/23 12:45:49 | 000,023,131 | ---- | C] () -- C:\Users\blumes\Desktop\Untitled 1alec.odt
[2010/09/16 14:15:17 | 000,024,851 | ---- | C] () -- C:\Users\blumes\Documents\TWIG%20%232.odt_0.odt
[2010/05/24 17:58:52 | 000,402,054 | ---- | C] () -- C:\Users\blumes\AppData\Local\dd_vcredistMSI298B.txt
[2010/05/24 17:58:52 | 000,011,422 | ---- | C] () -- C:\Users\blumes\AppData\Local\dd_vcredistUI298B.txt
[2010/05/06 21:47:58 | 000,000,680 | ---- | C] () -- C:\Users\blumes\AppData\Local\d3d9caps.dat
[2010/04/28 20:29:15 | 000,000,000 | ---- | C] () -- C:\Users\blumes\AppData\Local\prvlcl.dat
[2010/02/24 20:57:32 | 000,000,000 | ---- | C] () -- C:\Users\blumes\AppData\Roaming\wklnhst.dat
[2009/12/27 04:38:02 | 000,001,245 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/12/06 13:50:34 | 000,017,408 | ---- | C] () -- C:\Users\blumes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/02 18:11:57 | 000,000,008 | RHS- | C] () -- C:\Windows\SysWow64\398947A8E1.sys
[2009/12/02 18:11:56 | 000,002,828 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2008/10/31 08:30:12 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2008/10/31 08:30:12 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2008/10/31 08:30:02 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2008/10/31 08:30:02 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2008/10/31 08:14:15 | 000,029,214 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2008/10/31 08:14:09 | 000,028,587 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/07/31 23:39:28 | 000,012,536 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

< End of report >

blumes

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2010-10-15
Operating System : windows vista

View user profile

Back to top Go down

Re: Trojan virus infected and stopped internet usage and windows explorer. C

Post by blumes on Sat 16 Oct 2010, 5:05 pm

OTL Extras logfile created on: 10/16/2010 1:58:54 AM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\blumes\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.46 Gb Total Space | 230.85 Gb Free Space | 82.61% Space Free | Partition Type: NTFS
Drive D: | 410.87 Gb Total Space | 410.69 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive G: | 37.24 Gb Total Space | 1.32 Gb Free Space | 3.55% Space Free | Partition Type: FAT32

Computer Name: BLUMES-PC | User Name: blumes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E4F43A9-6928-440D-9F5F-DA2314112277}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15155B62-8873-4FC2-AB30-A09356F524B1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{19D2D02B-708A-460D-B4D5-4FB5546E2F60}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{22A68360-F537-424E-866D-D10B352F0332}" = dir=in | app=c:\program files (x86)\avg\avg9\avgam.exe |
"{463E8A57-B144-4564-AD8A-DEB78AA45AB7}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe |
"{4C7DC1FA-E451-4467-A688-256A64D40E16}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{4C9708A7-0B8F-44D3-84DF-E7135BA613CA}" = dir=in | app=c:\program files (x86)\avg\avg9\avgdiagex.exe |
"{6A3C23D5-25E4-46E1-AC6B-8F4FB141BE00}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{70D7DE18-1F51-459D-B375-92CC25ACB25E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{79AF1195-9886-4D94-A12D-320FF8C7BF54}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7F8A5CC6-B940-44BB-8493-9843F87EFBE3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{8B2B41C9-3463-493B-80CF-18CB66FB4927}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{937B3161-8D81-406A-97CE-2DB96CE975FC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{940A8345-3CB9-4B48-A82D-F609078D73DF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{987E4B5F-DBC2-429F-9EB6-65EFB6D7EF77}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{AA036FDA-31E8-4DFE-835E-C2009AAF3EDB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{AB1AE2C2-C565-4D82-A855-4B8A65856EA3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{AE1DA280-1F76-4E39-B381-3EB171A79C37}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{C1EED6F8-06C4-448C-ABD6-78C782DBA00D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{C31CBB44-13F3-4AFD-BB1C-DB888A7E36F8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{D3AE7953-19F2-4C64-806E-DCF3EEC37BDB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{DB8817EA-3C88-440D-BC36-D270A392078E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{E81FB85B-BD59-4853-979A-6C7EEB4E5BE9}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |
"{F655863F-9C1D-444C-AB67-A4B1ADC2CB83}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{D30DDCDF-9B06-4204-AD03-BE80812633D4}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{E6EC62DD-769F-465A-9A6A-FC4CD54606A1}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{9B9644B9-AE96-478E-9988-06F5EB769447}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{A28AC660-23C5-4A5E-BC70-AE305184E116}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{39107B20-EA1C-4974-881C-607300BB3C99}" = MobileMe Control Panel
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}" = HP Deskjet F4400 Printer Driver Software 13.0 Rel .5
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007
"{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007
"{90120000-002A-0816-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Portugal)) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{B812FCC0-6192-4BFA-A9C6-1E8578F255DA}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"2EFF310ED3BF3BFB24E6CC25AEB5491813E56803" = Windows Driver Package - ITE Tech.Inc. (itecir) HIDClass (06/20/2007 5.0.0004.2)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Atheros Ethernet Utility
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_05_F4400_Software_Min
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}" = AI Manager
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.56.01
"{5A447CFB-B64E-4D3C-9744-2EA44EFB8F97}" = BlackBerry Device Software Updater
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerryŽ Media Sync
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6E19F210-3813-4002-B561-94D66AA182B6}" = Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8EAD600D-1912-4DEF-92B5-0C7525E17ED2}" = F4400
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0015-0415-0000-0000000FF1CE}_PROHYBRIDR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0816-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Portugal)) 2007
"{90120000-0015-0816-0000-0000000FF1CE}_PROHYBRIDR_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_PROHYBRIDR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0816-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
"{90120000-0016-0816-0000-0000000FF1CE}_PROHYBRIDR_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_PROHYBRIDR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0816-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
"{90120000-0018-0816-0000-0000000FF1CE}_PROHYBRIDR_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}_PROHYBRIDR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0816-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
"{90120000-0019-0816-0000-0000000FF1CE}_PROHYBRIDR_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}_PROHYBRIDR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0816-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
"{90120000-001A-0816-0000-0000000FF1CE}_PROHYBRIDR_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_PROHYBRIDR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_PROHYBRIDR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0816-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Portugal)) 2007
"{90120000-001B-0816-0000-0000000FF1CE}_PROHYBRIDR_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_PROHYBRIDR_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_PROHYBRIDR_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_PROHYBRIDR_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2007
"{90120000-001F-0816-0000-0000000FF1CE}_PROHYBRIDR_{C312E1CD-EC19-4270-A072-F36F634DFF79}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0405-1000-0000000FF1CE}_PROHYBRIDR_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0410-1000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0415-1000-0000000FF1CE}_PROHYBRIDR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0816-1000-0000000FF1CE}_PROHYBRIDR_{A8523DA4-5563-4F0E-BD9D-4E4CC3CF7239}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-002C-0816-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Portugal)) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_PROHYBRIDR_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_PROHYBRIDR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0816-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
"{90120000-006E-0816-0000-0000000FF1CE}_PROHYBRIDR_{A8523DA4-5563-4F0E-BD9D-4E4CC3CF7239}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5
"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C312984C-E386-4C2D-B33E-7B54355FB16E}" = AI Direct Link
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EF85141C-7980-4CB4-B19D-7680731135EC}" = BlackBerry Desktop Software 5.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG 9.0
"BlackBerry_{EF85141C-7980-4CB4-B19D-7680731135EC}" = BlackBerry Desktop Software 5.0
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"PROHYBRIDR" = 2007 Microsoft Office system
"VLC media player" = VLC media player 1.0.3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/20/2010 12:51:36 AM | Computer Name = blumes-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3909 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 13e0 Start Time: 01cb585c39ae0320 Termination Time: 21

Error - 9/20/2010 12:51:36 AM | Computer Name = blumes-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3909, time
stamp 0x4c8fdc89, faulting module xul.dll, version 1.9.2.3909, time stamp 0x4c8fdc41,
exception code 0xc0000005, fault offset 0x006f678c, process id 0xfcc, application
start time 0x01cb585cb81e7370.

Error - 9/21/2010 1:06:33 AM | Computer Name = blumes-PC | Source = System Restore | ID = 8193
Description =

Error - 9/21/2010 8:43:21 PM | Computer Name = blumes-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/21/2010 8:44:18 PM | Computer Name = blumes-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/22/2010 12:46:14 AM | Computer Name = blumes-PC | Source = System Restore | ID = 8193
Description =

Error - 9/22/2010 11:45:48 AM | Computer Name = blumes-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/23/2010 12:18:40 AM | Computer Name = blumes-PC | Source = System Restore | ID = 8193
Description =

Error - 9/23/2010 12:50:13 PM | Computer Name = blumes-PC | Source = System Restore | ID = 8193
Description =

Error - 9/23/2010 12:51:15 PM | Computer Name = blumes-PC | Source = System Restore | ID = 8193
Description =

[ System Events ]
Error - 10/14/2010 9:37:29 PM | Computer Name = blumes-PC | Source = DCOM | ID = 10005
Description =

Error - 10/14/2010 9:37:36 PM | Computer Name = blumes-PC | Source = DCOM | ID = 10005
Description =

Error - 10/14/2010 9:37:36 PM | Computer Name = blumes-PC | Source = DCOM | ID = 10005
Description =

Error - 10/14/2010 9:37:44 PM | Computer Name = blumes-PC | Source = DCOM | ID = 10005
Description =

Error - 10/14/2010 9:38:25 PM | Computer Name = blumes-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\ULCDRHlp.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 10/14/2010 9:38:53 PM | Computer Name = blumes-PC | Source = HTTP | ID = 15016
Description =

Error - 10/14/2010 9:41:23 PM | Computer Name = blumes-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 10/15/2010 3:24:57 AM | Computer Name = blumes-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\ULCDRHlp.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 10/15/2010 3:25:57 AM | Computer Name = blumes-PC | Source = HTTP | ID = 15016
Description =

Error - 10/15/2010 3:27:02 AM | Computer Name = blumes-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =


< End of report >

blumes

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2010-10-15
Operating System : windows vista

View user profile

Back to top Go down

Re: Trojan virus infected and stopped internet usage and windows explorer. C

Post by Belahzur on Sun 17 Oct 2010, 10:57 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojan virus infected and stopped internet usage and windows explorer. C

Post by blumes on Tue 19 Oct 2010, 12:22 pm

uMalwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4825

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

10/16/2010 11:21:34 PM
mbam-log-2010-10-16 (23-21-34).txt

Scan type: Quick scan
Objects scanned: 145007
Time elapsed: 4 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

blumes

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2010-10-15
Operating System : windows vista

View user profile

Back to top Go down

Re: Trojan virus infected and stopped internet usage and windows explorer. C

Post by Belahzur on Wed 20 Oct 2010, 10:22 am

Hello.

Download MBRCheck to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojan virus infected and stopped internet usage and windows explorer. C

Post by blumes on Wed 20 Oct 2010, 1:20 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer INC.
System Product Name: P5K3L
Logical Drives Mask: 0x0000005c

Kernel Drivers (total 161):
0x0204E000 \SystemRoot\system32\ntoskrnl.exe
0x02008000 \SystemRoot\system32\hal.dll
0x00605000 \SystemRoot\system32\kdcom.dll
0x0060F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x0063C000 \SystemRoot\system32\PSHED.dll
0x00650000 \SystemRoot\system32\CLFS.SYS
0x006AD000 \SystemRoot\system32\CI.dll
0x0080C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F4000 \SystemRoot\system32\drivers\acpi.sys
0x0094A000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00953000 \SystemRoot\system32\drivers\msisadrv.sys
0x0095D000 \SystemRoot\system32\drivers\pci.sys
0x0098D000 \SystemRoot\System32\drivers\partmgr.sys
0x009A2000 \SystemRoot\system32\drivers\volmgr.sys
0x0075F000 \SystemRoot\System32\drivers\volmgrx.sys
0x009B6000 \SystemRoot\system32\drivers\intelide.sys
0x009BE000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009CE000 \SystemRoot\system32\drivers\pciide.sys
0x009D5000 \SystemRoot\System32\drivers\mountmgr.sys
0x009E8000 \SystemRoot\system32\drivers\atapi.sys
0x007C5000 \SystemRoot\system32\drivers\ataport.SYS
0x00A03000 \SystemRoot\system32\drivers\fltmgr.sys
0x00A49000 \SystemRoot\system32\drivers\fileinfo.sys
0x00A5D000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x00A72000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C08000 \SystemRoot\system32\drivers\ndis.sys
0x00AF9000 \SystemRoot\system32\drivers\msrpc.sys
0x00B49000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E03000 \SystemRoot\System32\drivers\tcpip.sys
0x00F77000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01007000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0118B000 \SystemRoot\system32\drivers\volsnap.sys
0x011CF000 \SystemRoot\System32\Drivers\spldr.sys
0x011D7000 \SystemRoot\System32\Drivers\mup.sys
0x00FA3000 \SystemRoot\System32\drivers\ecache.sys
0x011E9000 \SystemRoot\system32\drivers\disk.sys
0x00FCF000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00DCB000 \SystemRoot\system32\drivers\crcdisk.sys
0x00DD5000 \SystemRoot\System32\Drivers\avgrkx64.sys
0x00DE2000 \SystemRoot\System32\Drivers\AVGIDSva.sys
0x00BAD000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00BBA000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x00BC3000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02009000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x02A01000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02AE0000 \SystemRoot\System32\drivers\watchdog.sys
0x02AEF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02AFB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02B41000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02B52000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02B65000 \SystemRoot\system32\DRIVERS\netr28x.sys
0x02BCD000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02BE9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0278D000 \SystemRoot\system32\DRIVERS\l160x64.sys
0x0279F000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x027B1000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x027C1000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x027E1000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
0x00BD6000 \SystemRoot\system32\DRIVERS\rimspx64.sys
0x02BF6000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x02802000 \SystemRoot\system32\DRIVERS\itecir.sys
0x0285C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02894000 \SystemRoot\system32\DRIVERS\storport.sys
0x028F1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x028FE000 \SystemRoot\System32\Drivers\RootMdm.sys
0x02906000 \SystemRoot\system32\drivers\modem.sys
0x02915000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02938000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02944000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02975000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02985000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x029A3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x029BB000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
0x029C3000 \SystemRoot\system32\DRIVERS\termdd.sys
0x029D5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x029E3000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x029EF000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02C03000 \SystemRoot\system32\DRIVERS\ks.sys
0x02C37000 \SystemRoot\system32\DRIVERS\circlass.sys
0x02C48000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02C53000 \SystemRoot\system32\DRIVERS\umbus.sys
0x02C63000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02CAA000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04007000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0416A000 \SystemRoot\system32\drivers\portcls.sys
0x041A5000 \SystemRoot\system32\drivers\drmk.sys
0x041C8000 \SystemRoot\system32\drivers\ksthunk.sys
0x041CE000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x041F3000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x02CBE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x02CD0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x041FC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x02CD8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x02D09000 \SystemRoot\system32\DRIVERS\hidir.sys
0x02D14000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x02D1F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x02D29000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x02D39000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x02D44000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x02D54000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x02D7C000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
0x02D86000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x02D90000 \SystemRoot\System32\Drivers\Null.SYS
0x02D99000 \SystemRoot\System32\drivers\vga.sys
0x02DA7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02DCC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02DD5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02DDE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02DE9000 \SystemRoot\System32\Drivers\Npfs.SYS
0x029F1000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x00BED000 \SystemRoot\system32\DRIVERS\avgfwd6a.sys
0x04203000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04220000 \SystemRoot\system32\DRIVERS\smb.sys
0x0423B000 \SystemRoot\System32\Drivers\avgtdia.sys
0x0428C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x042D0000 \SystemRoot\system32\drivers\afd.sys
0x0433D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0435B000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0436A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04385000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x043D3000 \SystemRoot\system32\drivers\nsiproxy.sys
0x043DF000 \SystemRoot\System32\Drivers\dfsc.sys
0x027F6000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x04408000 \SystemRoot\System32\Drivers\avgldx64.sys
0x0444F000 \SystemRoot\SysWow64\drivers\AsIO.sys
0x04456000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0448B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04499000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x044A5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x00070000 \SystemRoot\System32\win32k.sys
0x044AD000 \SystemRoot\System32\drivers\Dxapi.sys
0x044B9000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00410000 \SystemRoot\System32\TSDDD.dll
0x00660000 \SystemRoot\System32\cdd.dll
0x044CC000 \SystemRoot\system32\drivers\luafv.sys
0x044EE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04502000 \SystemRoot\system32\drivers\spsys.sys
0x0459C000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x045D0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x045DB000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x045F3000 \??\C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista64\AVGIDSFilter.sys
0x15C04000 \??\C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista64\AVGIDSDriver.sys
0x15C31000 \SystemRoot\system32\drivers\HTTP.sys
0x15CD0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x15CF9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x15D17000 \SystemRoot\System32\drivers\mpsdrv.sys
0x15D31000 \SystemRoot\system32\drivers\mrxdav.sys
0x15D58000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x15D81000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x15DCA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x15E04000 \SystemRoot\System32\DRIVERS\srv2.sys
0x15E36000 \SystemRoot\System32\DRIVERS\srv.sys
0x15ECC000 \??\C:\Windows\SysWow64\drivers\AsInsHelp64.sys
0x15ED1000 \SystemRoot\system32\drivers\peauth.sys
0x15F87000 \SystemRoot\System32\Drivers\secdrv.SYS
0x15F92000 \SystemRoot\System32\drivers\tcpipreg.sys
0x15FA1000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x008A0000 \SystemRoot\System32\ATMFD.DLL
0x15FE6000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x77CB0000 \Windows\System32\ntdll.dll

Processes (total 84):
0 System Idle Process
4 System
432 C:\Windows\System32\smss.exe
496 csrss.exe
528 C:\Windows\System32\wininit.exe
548 csrss.exe
556 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
564 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
624 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
664 C:\Windows\System32\winlogon.exe
840 C:\Windows\System32\services.exe
852 C:\Windows\System32\lsass.exe
860 C:\Windows\System32\lsm.exe
484 C:\Windows\System32\svchost.exe
892 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1184 C:\Windows\System32\audiodg.exe
1216 C:\Windows\System32\SLsvc.exe
1312 C:\Windows\System32\svchost.exe
1536 C:\Windows\System32\svchost.exe
1740 C:\Windows\System32\taskeng.exe
1792 C:\Windows\System32\spoolsv.exe
2040 C:\Windows\System32\svchost.exe
1580 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1472 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
1932 C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
2000 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1292 C:\Windows\System32\svchost.exe
1952 C:\Windows\SysWOW64\AsHookDevice.exe
2100 C:\Windows\SysWOW64\svchost.exe
2316 C:\Windows\System32\svchost.exe
2328 C:\Windows\SysWOW64\PSIService.exe
2484 C:\Windows\System32\svchost.exe
2536 C:\Windows\System32\svchost.exe
2564 C:\Windows\System32\SearchIndexer.exe
2584 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
3124 WmiPrvSE.exe
3092 WmiPrvSE.exe
2916 C:\Windows\System32\dwm.exe
1836 C:\Windows\System32\taskeng.exe
3408 C:\Windows\explorer.exe
3384 C:\Windows\System32\igfxtray.exe
2012 C:\Windows\System32\hkcmd.exe
3760 C:\Windows\System32\igfxpers.exe
452 C:\Windows\RAVCpl64.exe
2980 C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe
3332 C:\Program Files (x86)\uTorrent\uTorrent.exe
1980 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
3944 C:\Program Files\Windows Sidebar\sidebar.exe
2304 C:\Program Files\Windows Media Player\wmpnscfg.exe
3472 C:\Windows\System32\igfxsrvc.exe
4100 C:\Program Files\Windows Media Player\wmpnetwk.exe
4128 C:\Program Files (x86)\ASUS\AI Direct Link\AsShare.exe
4136 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
4336 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
4364 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
4372 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
4480 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4500 C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
4520 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
5068 C:\Program Files\iPod\bin\iPodService.exe
2904 C:\Windows\System32\wbem\unsecapp.exe
3336 C:\Windows\System32\wuauclt.exe
3256 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
4900 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
1520 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
3496 C:\Program Files\ASUS\AI Manager\Page\iGear\GearHelp.exe
4040 C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe
2988 C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe
1708 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
6116 C:\Windows\SysWOW64\notepad.exe
6112 C:\Windows\System32\svchost.exe
5936 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
5432 unsecapp.exe
6408 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
5300 C:\Program Files (x86)\iTunes\iTunes.exe
3752 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
6816 C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
5764 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
5360 C:\Windows\System32\SearchProtocolHost.exe
4168 C:\Windows\System32\SearchFilterHost.exe
5596 C:\Users\blumes\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`13727800 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`f0ccfa00 (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: ST3750528AS, Rev: CC35
PhysicalDrive1 Model Number: WDC WD400UE-00HCT0, Rev:

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: B8E2175818464D3FFEB1C1B647995AD0F49BFDB5
37 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 2B41E18B8F279756763A2F82EF5848EACA2DC882


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

blumes

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2010-10-15
Operating System : windows vista

View user profile

Back to top Go down

Re: Trojan virus infected and stopped internet usage and windows explorer. C

Post by Belahzur on Thu 21 Oct 2010, 10:26 am

Fix using MBRCheck.exe

Run MBRCheck.exe again by double-clicking on it.

  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Enter 'Y' and then press Enter.
  • When asked: 'Enter your choice:', select option 2 (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.
  • Now the program will ask: 'Enter the physical disk number to fix (0-99, -1 to cancel)'
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes followed by a list of operating systems as shown below:
    Available MBR codes:
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel
    Please select the MBR code to write to this drive:



  • Please select your version of Windows from the list and enter the corresponding number and then press Enter.
  • When prompted for confirmation: "Do you want to fix the MBR code?". Type the full word Yes (not Y or the fix will not work) and press Enter.
  • Left-click on the title bar (where program name and path is written).
  • From the menu chose Edit -> Select All.
  • Press the Enter key to copy selected text.
  • Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
  • If your computer does not restart on its own, please restart it manually.

Important Note: The Master Boot Record contains the Partition Table for the hard disk and a a little executable code for the boot start. While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the MBR, which may cause the computer to not boot up or it may corrupt a partition.

The following are signs of a damaged MBR:

  • Invalid Partition Table
  • Missing Operating System
  • Error loading operating system


If it is the worst case scenario, and your computer cannot boot, please take note of the following:

Please have your Windows CD available, which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the XP Recovery Console before proceeding with the above fix. Then, if any problems occur, the links below explain how to use and repair the MBR:

  • How to use the Recovery Console
  • How to fix MBR in Windows XP and Vista



@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojan virus infected and stopped internet usage and windows explorer. C

Post by Sponsored content Today at 12:49 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum