1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

System Progressive Protection malware

Discussion in 'Virus & Other Malware Removal' started by klnaj, Dec 28, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. klnaj

    klnaj Thread Starter

    Joined:
    Dec 19, 2004
    Messages:
    295
    I think my laptop is infected by the System progressive protection malware. Whenever I turn on the laptop, window will hange at the booting stage without reaching to the desktop page.

    To reach to the desktop page successfully, I need to boot window in safe mode and select start window normally option. Once window is at the desktop page, program name "system progressive protection" will do the scanning automatically and listed out several infected files on my laptop. All the programs that I try to execute are prohibited by this malware.

    I am very grateful for your help to solve this problem. I have done the HijackThis, DDS, and GMER scanning. Please see below log files. Thank you.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:06:49 PM, on 12/28/2012
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\Explorer.exe
    C:\Windows\system32\ctfmon.exe
    C:\Users\Windows 7\Desktop\HijackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Windows 7 Starter Helper - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
    O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
    O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{80FF17E2-C853-4D55-BF44-2D2602592757}: NameServer = 202.188.1.5,202.188.0.133
    O18 - Protocol: mbox - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
    O18 - Protocol: mboxflash - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
    O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

    --
    End of file - 5398 bytes


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01).
    Microsoft Windows 7 Starter
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/5/2011 2:24:52 PM
    System Uptime: 12/28/2012 9:04:53 PM (0 hours ago)
    .
    Motherboard: Hewlett-Packard | | 148A
    Processor: Intel(R) Atom(TM) CPU N475 @ 1.83GHz | CPU | 1828/667mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 98 GiB total, 55.666 GiB free.
    D: is FIXED (NTFS) - 200 GiB total, 200.268 GiB free.
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Security Processor Loader Driver
    Device ID: ROOT\LEGACY_SPLDR\0000
    Manufacturer:
    Name: Security Processor Loader Driver
    PNP Device ID: ROOT\LEGACY_SPLDR\0000
    Service: spldr
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 9 ActiveX
    Adobe Reader 9
    Angry Birds
    Angry Birds Rio
    Angry Birds Seasons
    CyberLink PowerDVD 9
    D3DX10
    DivX Pro ÊÓƵ±à½âÂëÆ÷
    Google Chrome
    HP Quick Launch Buttons
    Intel(R) Graphics Media Accelerator Driver
    Junk Mail filter update
    Mesh Runtime
    Messenger Companion
    Microsoft Application Error Reporting
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox 5.0 (x86 en-US)
    MSVCRT
    Oceanis Change Background Windows 7
    QLBCASL
    QQÓ°Òô2.9
    Realtek Ethernet Controller Driver For Windows 7
    Realtek PCIE Card Reader
    Skype Toolbars
    Skype? 4.2
    Spybot - Search & Destroy
    Starter Background Changer 1.4
    Storm Codec
    Synaptics Pointing Device Driver
    UltraISO Premium V9.36
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR archiver
    Ëѹ·Æ´ÒôÊäÈë·¨ 6.2Õýʽ°æ
    ¿áÎÒÒôÀֺР2010
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/28/2012 9:05:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    12/28/2012 9:05:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    12/28/2012 9:05:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/28/2012 9:05:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    12/28/2012 9:05:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom discache spldr Wanarpv6
    12/28/2012 9:05:21 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
    12/28/2012 8:21:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
    12/28/2012 8:20:39 PM, Error: Service Control Manager [7000] - The ESET Service service failed to start due to the following error: The system cannot find the file specified.
    12/28/2012 8:17:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
    12/28/2012 8:17:39 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/28/2012 8:16:14 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The pipe has been ended.
    12/28/2012 8:16:04 PM, Error: Service Control Manager [7034] - The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s).
    12/28/2012 8:16:02 PM, Error: Service Control Manager [7034] - The hpqwmiex service terminated unexpectedly. It has done this 1 time(s).
    12/28/2012 8:16:02 PM, Error: Service Control Manager [7034] - The Com4QLBEx service terminated unexpectedly. It has done this 1 time(s).
    12/28/2012 8:16:02 PM, Error: Service Control Manager [7034] - The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s).
    12/28/2012 8:16:02 PM, Error: Service Control Manager [7034] - The Application Virtualization Service Agent service terminated unexpectedly. It has done this 1 time(s).
    12/28/2012 8:16:02 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    12/27/2012 12:43:34 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
    12/27/2012 12:43:34 AM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/27/2012 12:40:20 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    12/27/2012 12:21:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    12/27/2012 12:21:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    12/27/2012 12:21:24 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdrom DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
    12/27/2012 12:21:23 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/27/2012 12:21:23 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    12/27/2012 12:21:23 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    12/27/2012 12:21:23 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    12/27/2012 12:21:23 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    12/27/2012 12:21:23 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    12/27/2012 12:21:23 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/27/2012 12:21:23 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/27/2012 12:21:23 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/27/2012 12:21:23 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    12/26/2012 9:31:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
    12/26/2012 11:51:45 PM, Error: Service Control Manager [7034] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 4 time(s).
    12/26/2012 11:51:42 PM, Error: Service Control Manager [7034] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 3 time(s).
    12/26/2012 11:51:31 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================



    DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
    Internet Explorer: 8.0.7600.16385
    Run by Windows 7 at 21:38:05 on 2012-12-28
    Microsoft Windows 7 Starter 6.1.7600.0.936.86.1033.18.1012.552 [GMT 8:00]
    .
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\Explorer.exe
    C:\Windows\system32\ctfmon.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    .
    ============== Pseudo HJT Report ===============
    .
    uWinlogon: Shell = c:\program files\oceanis\systemsetting\WallPaperAgent.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Windows 7 Starter Helper: {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - c:\program files\oceanis\systemsetting\StarterHelper.dll
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
    mRun: [StormCodec_Helper] "c:\program files\ringz studio\storm codec\StormSet.exe" /S /opti
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
    mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
    mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    uPolicies-Explorer: HideSCAHealth = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: Interfaces\{80FF17E2-C853-4D55-BF44-2D2602592757} : NameServer = 202.188.1.5,202.188.0.133
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\windows 7\appdata\roaming\mozilla\firefox\profiles\b4c0h0nh.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2697549&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - 85Play_Games Customized Web Search
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\filmfanaticei\installr\1.bin\NPpaEISb.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.50401.0\npctrlui.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2009-6-11 530944]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-4-16 267880]
    S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/09/05 17:14:17];c:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536]
    S2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
    S2 ekrn;ESET Service;"c:\program files\eset\eset nod32 antivirus\ekrn.exe" --> c:\program files\eset\eset nod32 antivirus\ekrn.exe [?]
    S2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-12-2 483688]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 btmhsf;btmhsf;c:\windows\system32\drivers\btmhsf.sys [2011-7-19 225280]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-9-5 227896]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-9-5 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
    S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\drivers\iBtFltCoex.sys [2011-7-20 47104]
    S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-11 657408]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2011-9-5 228896]
    S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2009-12-2 550760]
    S3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2009-12-2 195944]
    S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2009-12-2 21864]
    S3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2009-12-2 19304]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-12-2 209768]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2012-12-26 15:44:03 -------- d-----w- c:\programdata\702DDA846C177A390000702D6A5E81B9
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 21:38:20.66 ===============




    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-12-28 21:37:20
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST320LT022-1AE142 rev.0001EXM1
    Running: iqe3rbkr.exe; Driver: C:\Users\WINDOW~1\AppData\Local\Temp\fglyikob.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 81A88579 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81AACF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    ? C:\Users\WINDOW~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dae1ddc
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x01 0x72 0xD9 0x81 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dae1ddc (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x01 0x72 0xD9 0x81 ...

    ---- EOF - GMER 1.0.15 ----
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Download Farbar Recovery Scan Tool on a clean PC (if possible) and save to a flash drive (memory stick). Use which ever of the folllowing is applicable to your system. (32 or 64 bit)

    Download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ <--- 64 bit version Save to USB flash drive

    Download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ <--- 32 bit version Save to USB Flash drive

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options I give two methods, use whichever is convenient for you.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select Your Country as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select Your Country as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Kevin....
     
  3. klnaj

    klnaj Thread Starter

    Joined:
    Dec 19, 2004
    Messages:
    295
    Hi Kevin, thanks for your help. Here is the log file

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-12-2012
    Ran by SYSTEM at 29-12-2012 00:33:57
    Running from F:\
    Windows 7 Starter (X86) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2010-02-24] ( Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti [97357 2006-11-26] ()
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1721640 2010-04-15] (Synaptics Incorporated)
    HKLM\...\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2009-02-15] (CyberLink Corp.)
    HKLM\...\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe" [50472 2008-10-13] (CyberLink Corp.)
    HKLM\...\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe [75048 2009-02-28] (cyberlink)
    HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-11] (Adobe Systems Incorporated)
    HKU\Windows 7\...\Winlogon: [Shell] C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe [115888 2009-12-09] (Oceanis)
    Tcpip\..\Interfaces\{80FF17E2-C853-4D55-BF44-2D2602592757}: [NameServer]202.188.1.5,202.188.0.133

    ==================== Services (Whitelisted) ===================

    3 EhttpSrv; "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [x]
    2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [x]

    ==================== Drivers (Whitelisted) ====================

    3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [225280 2011-07-19] (Intel Corporation)
    3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [47104 2011-07-19] (Intel Corporation)
    1 ISODrive; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2010-01-28] (EZB Systems, Inc.)
    3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.)
    3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [228896 2010-04-20] (Realtek Semiconductor Corp.)
    2 {B154377D-700F-42cc-9474-23858FBDF4BD}; \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl [87536 2009-02-28] (CyberLink Corp.)
    3 STHDA; C:\Windows\System32\DRIVERS\stwrt.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2012-12-28 08:27 - 2012-12-28 08:27 - 00000017 ____A C:\Windows\System32\shortcut_ex.dat
    2012-12-28 05:37 - 2012-12-28 05:37 - 00002771 ____A C:\Users\Windows 7\Desktop\Gmer.log
    2012-12-28 05:19 - 2012-12-28 05:38 - 00010856 ____A C:\Users\Windows 7\Desktop\attach.txt
    2012-12-28 05:19 - 2012-12-28 05:38 - 00007331 ____A C:\Users\Windows 7\Desktop\dds.txt
    2012-12-28 05:18 - 2012-12-28 05:16 - 00302592 ____A C:\Users\Windows 7\Desktop\iqe3rbkr.exe
    2012-12-28 05:18 - 2012-12-28 05:15 - 00688992 ____R (Swearware) C:\Users\Windows 7\Desktop\dds.scr
    2012-12-28 05:13 - 2012-12-26 08:08 - 82167616 ____A (Sophos Limited) C:\Users\Windows 7\Desktop\Sophos Virus Removal Tool.exe
    2012-12-28 05:13 - 2009-03-03 20:15 - 00402176 ____A (Panda Security) C:\Users\Windows 7\Desktop\USBVaccine.exe
    2012-12-28 05:06 - 2012-12-28 05:06 - 00005399 ____A C:\Users\Windows 7\Desktop\hijackthis.log
    2012-12-28 04:16 - 2012-12-26 07:53 - 00388608 ____A (Trend Micro Inc.) C:\Users\Windows 7\Desktop\HijackThis.exe
    2012-12-26 07:46 - 2012-12-26 07:46 - 00002073 ____A C:\Users\Windows 7\Desktop\System Progressive Protection.lnk
    2012-12-26 07:44 - 2012-12-26 07:45 - 00000000 ____D C:\Users\All Users\702DDA846C177A390000702D6A5E81B9


    ==================== One Month Modified Files and Folders ========

    2012-12-29 00:33 - 2012-12-29 00:33 - 00000000 ____D C:\FRST
    2012-12-28 08:27 - 2012-12-28 08:27 - 00000017 ____A C:\Windows\System32\shortcut_ex.dat
    2012-12-28 08:26 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-12-28 08:26 - 2009-07-13 20:39 - 00127524 ____A C:\Windows\setupact.log
    2012-12-28 05:38 - 2012-12-28 05:19 - 00010856 ____A C:\Users\Windows 7\Desktop\attach.txt
    2012-12-28 05:38 - 2012-12-28 05:19 - 00007331 ____A C:\Users\Windows 7\Desktop\dds.txt
    2012-12-28 05:37 - 2012-12-28 05:37 - 00002771 ____A C:\Users\Windows 7\Desktop\Gmer.log
    2012-12-28 05:16 - 2012-12-28 05:18 - 00302592 ____A C:\Users\Windows 7\Desktop\iqe3rbkr.exe
    2012-12-28 05:15 - 2012-12-28 05:18 - 00688992 ____R (Swearware) C:\Users\Windows 7\Desktop\dds.scr
    2012-12-28 05:14 - 2011-09-04 22:30 - 00714754 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-12-28 05:06 - 2012-12-28 05:06 - 00005399 ____A C:\Users\Windows 7\Desktop\hijackthis.log
    2012-12-28 05:05 - 2012-01-27 18:33 - 00003582 ____A C:\Windows\PFRO.log
    2012-12-28 04:28 - 2009-07-13 20:34 - 00011056 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-12-28 04:28 - 2009-07-13 20:34 - 00011056 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-12-26 08:08 - 2012-12-28 05:13 - 82167616 ____A (Sophos Limited) C:\Users\Windows 7\Desktop\Sophos Virus Removal Tool.exe
    2012-12-26 07:53 - 2012-12-28 04:16 - 00388608 ____A (Trend Micro Inc.) C:\Users\Windows 7\Desktop\HijackThis.exe
    2012-12-26 07:46 - 2012-12-26 07:46 - 00002073 ____A C:\Users\Windows 7\Desktop\System Progressive Protection.lnk
    2012-12-26 07:45 - 2012-12-26 07:44 - 00000000 ____D C:\Users\All Users\702DDA846C177A390000702D6A5E81B9
    2012-12-26 07:42 - 2011-09-05 13:19 - 01540676 ____A C:\Windows\WindowsUpdate.log
    2012-12-26 06:09 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
    2012-12-22 10:56 - 2012-01-29 06:19 - 00000030 ____A C:\Windows\QQPlayer.INI
    2012-12-22 09:39 - 2012-01-29 06:19 - 00000000 ____D C:\Program Files\QQPlayer

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================


    ==================== Memory info ===========================

    Percentage of memory in use: 35%
    Total physical RAM: 1011.9 MB
    Available physical RAM: 654.1 MB
    Total Pagefile: 1011.9 MB
    Available Pagefile: 649.32 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1962.3 MB

    ==================== Partitions =============================

    1 Drive c: (Windows 7) (Fixed) (Total:97.56 GB) (Free:55.63 GB) NTFS
    2 Drive e: (My Data) (Fixed) (Total:200.43 GB) (Free:200.27 GB) NTFS
    3 Drive f: () (Removable) (Total:1.92 GB) (Free:1.84 GB) FAT
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 Online 1967 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 97 GB 101 MB
    Partition 3 Primary 200 GB 97 GB

    =========================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 0 Y System Rese NTFS Partition 100 MB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C Windows 7 NTFS Partition 97 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 E My Data NTFS Partition 200 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1967 MB 31 KB

    =========================================================

    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F FAT Removable 1967 MB Healthy

    =========================================================

    Last Boot: 2012-12-28 04:50

    ==================== End Of Log ============================
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

    Code:
    start
    2012-12-26 07:46 - 2012-12-26 07:46 - 00002073 ____A C:\Users\Windows 7\Desktop\System Progressive Protection.lnk
    end
    
    Now please enter System Recovery Options as you did to get the log.

    Run FRST64 or FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next,

    Run the following:

    Download OTL from any of the following links and save to your desktop.

    http://itxassociates.com/OT-Tools/OTL.com
    http://oldtimer.geekstogo.com/OTL.exe
    http://www.itxassociates.com/OT-Tools/OTL.scr

    Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

    • When the window appears, underneath Output at the top, make sure Standard output is selected.
    • Select Scan all users
    • Under the Extra Registry section, check Use SafeList
    • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
    • Click Run Scan and let the program run uninterrupted.
    • When the scan is complete, two text files will be created on your Desktop.
    • OTL.Txt <- this one will be opened
    • Extras.txt <- this one will be minimized

    Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

    Kevin
     
  5. klnaj

    klnaj Thread Starter

    Joined:
    Dec 19, 2004
    Messages:
    295
    Kevin, here is my second scanning log files. Thank you

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-12-2012
    Ran by SYSTEM at 2012-12-29 08:04:18 Run:1
    Running from F:\

    ==============================================

    C:\Users\Windows 7\Desktop\System Progressive Protection.lnk moved successfully.

    ==== End of Fixlog ====


    OTL logfile created on: 12/29/2012 8:11:18 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Windows 7\Desktop
    Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1011.90 Mb Total Physical Memory | 534.61 Mb Available Physical Memory | 52.83% Memory free
    1.99 Gb Paging File | 1.49 Gb Available in Paging File | 75.03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 97.56 Gb Total Space | 55.63 Gb Free Space | 57.02% Space Free | Partition Type: NTFS
    Drive D: | 200.43 Gb Total Space | 200.27 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
    Drive E: | 1.92 Gb Total Space | 1.84 Gb Free Space | 95.84% Space Free | Partition Type: FAT

    Computer Name: WINDOWS7-PC | User Name: Windows 7 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/12/29 07:58:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Windows 7\Desktop\OTL.com
    PRC - [2012/05/16 19:26:10 | 002,916,248 | ---- | M] (Sogou.com Inc.) -- C:\Program Files\SogouInput\6.2.0.7270\SGTool.exe
    PRC - [2012/05/16 19:25:40 | 001,660,824 | ---- | M] (Sogou.com Inc.) -- C:\Program Files\SogouInput\6.2.0.7270\ImeUtil.exe
    PRC - [2009/12/02 22:23:52 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2009/12/02 22:23:46 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2009/07/14 09:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/03/01 02:40:38 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
    PRC - [2009/02/16 09:55:38 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe


    ========== Modules (No Company Name) ==========

    MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
    SRV - [2009/12/02 22:23:52 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2009/12/02 22:23:46 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\stwrt.sys -- (STHDA)
    DRV - [2011/07/20 01:54:06 | 000,047,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iBtFltCoex.sys -- (iBtFltCoex)
    DRV - [2011/07/19 22:12:22 | 000,225,280 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmhsf.sys -- (btmhsf)
    DRV - [2010/04/21 02:04:24 | 000,228,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsPStor.sys -- (RSPCIESTOR)
    DRV - [2010/02/25 14:18:58 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2010/01/29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
    DRV - [2009/12/02 22:23:52 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
    DRV - [2009/12/02 22:23:50 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
    DRV - [2009/12/02 22:23:48 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
    DRV - [2009/12/02 22:23:46 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
    DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009/07/14 06:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
    DRV - [2009/02/28 19:40:18 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/09/05 17:14:17] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC






    IE - HKU\S-1-5-21-2304356864-341380151-145200225-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn.com/?rd=1&ucc=MY&dcc=MY&opt=0&ocid=iehp&tc=12
    IE - HKU\S-1-5-21-2304356864-341380151-145200225-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-2304356864-341380151-145200225-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5B 4B 47 FD BF DA CD 01 [binary data]
    IE - HKU\S-1-5-21-2304356864-341380151-145200225-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2304356864-341380151-145200225-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2304356864-341380151-145200225-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultthis.engineName: "85Play_Games Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2697549&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "85Play_Games Customized Web Search"
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.startup.homepage: "www.google.com"
    FF - prefs.js..extensions.enabledAddons: [email protected]:1.2.1
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@ei.FilmFanatic.com/Plugin: C:\Program Files\FilmFanaticEI\Installr\1.bin\NPpaEISB.dll (FilmFanatic)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Ringz Studio\Storm Codec\Plugins\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Ringz Studio\Storm Codec\Plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/05 17:15:38 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

    [2011/09/05 17:15:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows 7\AppData\Roaming\Mozilla\Extensions
    [2012/04/16 23:04:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows 7\AppData\Roaming\Mozilla\Firefox\Profiles\b4c0h0nh.default\extensions
    [2012/03/25 09:55:17 | 001,184,804 | ---- | M] () (No name found) -- C:\Users\Windows 7\AppData\Roaming\Mozilla\Firefox\Profiles\b4c0h0nh.default\extensions\[email protected]
    [2012/02/09 12:16:36 | 000,000,927 | ---- | M] () -- C:\Users\Windows 7\AppData\Roaming\Mozilla\Firefox\Profiles\b4c0h0nh.default\searchplugins\conduit.xml
    [2011/09/05 18:55:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/09/05 18:55:49 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2011/09/05 17:15:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
    [2011/06/09 11:05:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Windows 7\AppData\Local\Google\Chrome\Application\8.0.552.5\pdf.dll
    CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Windows 7\AppData\Local\Google\Chrome\Application\8.0.552.5\gears.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Windows 7\AppData\Local\Google\Chrome\Application\8.0.552.5\gcswf32.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin

    O1 HOSTS File: ([2012/04/16 20:59:32 | 000,442,669 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 www.123fporn.info
    O1 - Hosts: 15208 more lines...
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll (Oceanis)
    O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
    O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\S-1-5-21-2304356864-341380151-145200225-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80FF17E2-C853-4D55-BF44-2D2602592757}: NameServer = 202.188.1.5,202.188.0.133
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKU\S-1-5-21-2304356864-341380151-145200225-1000 Winlogon: Shell - (C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe) - C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe (Oceanis)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2012/12/26 23:58:18 | 000,000,016 | ---- | M] () - E:\AUTORUN.INF -- [ FAT ]
    O33 - MountPoints2\{11db7be7-d7af-11e0-9089-74f06dae1ddc}\Shell\AutoRun\command - "" = E:\RNDISInst.exe
    O33 - MountPoints2\{11db7be7-d7af-11e0-9089-74f06dae1ddc}\Shell\RNDIS\command - "" = E:\RNDISInst.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/12/29 16:33:50 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/12/29 08:09:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Windows 7\Desktop\OTL.com
    [2012/12/29 08:08:50 | 000,000,000 | R--D | C] -- C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9
    [2012/12/28 21:18:05 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Windows 7\Desktop\dds.scr
    [2012/12/28 21:13:53 | 082,167,616 | ---- | C] (Sophos Limited) -- C:\Users\Windows 7\Desktop\Sophos Virus Removal Tool.exe
    [2012/12/28 21:13:53 | 000,402,176 | ---- | C] (Panda Security) -- C:\Users\Windows 7\Desktop\USBVaccine.exe
    [2012/12/28 20:16:32 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Windows 7\Desktop\HijackThis.exe
    [2012/12/26 23:46:56 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection
    [2012/12/26 23:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\702DDA846C177A390000702D6A5E81B9
    [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/12/29 08:13:13 | 000,607,634 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/12/29 08:13:13 | 000,103,754 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/12/29 08:08:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/12/29 08:08:21 | 795,787,264 | -HS- | M] () -- C:\hiberfil.sys
    [2012/12/29 07:58:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Windows 7\Desktop\OTL.com
    [2012/12/29 00:49:04 | 000,011,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/12/29 00:49:04 | 000,011,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/12/29 00:27:37 | 000,000,017 | ---- | M] () -- C:\Windows\System32\shortcut_ex.dat
    [2012/12/28 21:16:36 | 000,302,592 | ---- | M] () -- C:\Users\Windows 7\Desktop\iqe3rbkr.exe
    [2012/12/28 21:15:54 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Windows 7\Desktop\dds.scr
    [2012/12/27 00:08:40 | 082,167,616 | ---- | M] (Sophos Limited) -- C:\Users\Windows 7\Desktop\Sophos Virus Removal Tool.exe
    [2012/12/26 23:53:38 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Windows 7\Desktop\HijackThis.exe
    [2012/12/26 23:39:52 | 000,169,917 | ---- | M] () -- C:\Users\Windows 7\Desktop\wireless.jpg
    [2012/12/23 02:56:50 | 000,000,030 | ---- | M] () -- C:\Windows\QQPlayer.INI
    [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/12/29 00:27:37 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
    [2012/12/28 21:18:10 | 000,302,592 | ---- | C] () -- C:\Users\Windows 7\Desktop\iqe3rbkr.exe
    [2012/12/26 23:39:52 | 000,169,917 | ---- | C] () -- C:\Users\Windows 7\Desktop\wireless.jpg
    [2012/04/16 22:42:49 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2012/01/29 22:19:53 | 000,000,030 | ---- | C] () -- C:\Windows\QQPlayer.INI
    [2011/09/08 22:33:13 | 000,000,025 | ---- | C] () -- C:\Windows\System32\mylk.dat
    [2011/09/05 19:09:37 | 000,065,536 | ---- | C] () -- C:\Windows\wall.exe
    [2011/09/05 17:15:51 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

    ========== ZeroAccess Check ==========

    [2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 09:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2011/09/05 17:27:17 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Lingoes
    [2011/11/21 21:11:43 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Rovio
    [2012/04/15 07:43:02 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\SoftGrid Client
    [2012/06/24 13:32:47 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\SogouExplorer
    [2012/01/29 22:20:38 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Tencent
    [2011/09/05 17:20:46 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\TP
    [2011/11/21 19:00:17 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Windows Live Writer

    ========== Purity Check ==========



    < End of report >


    OTL Extras logfile created on: 12/29/2012 8:11:18 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Windows 7\Desktop
    Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1011.90 Mb Total Physical Memory | 534.61 Mb Available Physical Memory | 52.83% Memory free
    1.99 Gb Paging File | 1.49 Gb Available in Paging File | 75.03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 97.56 Gb Total Space | 55.63 Gb Free Space | 57.02% Space Free | Partition Type: NTFS
    Drive D: | 200.43 Gb Total Space | 200.27 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
    Drive E: | 1.92 Gb Total Space | 1.84 Gb Free Space | 95.84% Space Free | Partition Type: FAT

    Computer Name: WINDOWS7-PC | User Name: Windows 7 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2304356864-341380151-145200225-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "AntiVirusDisableNotify" = 1
    "AntiVirusOverride" = 1
    "FirewallDisableNotify" = 1
    "FirewallOverride" = 1
    "UpdatesDisableNotify" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Meitu\KanKan\KanKan\KanKan.exe" = C:\Program Files\Meitu\KanKan\KanKan\KanKan.exe:*:Enabled:KanKan


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03F0EE5C-C238-459A-B0B0-EB9368B95E22}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{1B8C421C-20E1-4C66-8E18-ACB7890EEA35}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{229CCC47-A243-492A-A0FE-DEBC88B8A16B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{2A2DE164-BD62-4DD4-A467-BC9F76CA2D14}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{3E5D4757-54C7-4D3C-B484-AD8711255CDB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{3EBBDD40-F681-45C9-B8FB-6CD9AF49309A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{4736CCAB-BC24-4060-B418-2CEE71FA6C8B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{47796FF3-D6D6-4E0C-B440-B6E20ACF7116}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{5F480092-103F-46F1-9CE5-74C4DD888D1C}" = rport=138 | protocol=17 | dir=out | app=system |
    "{7F53C746-B3D0-45B2-A0C5-3962C0F83E76}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{82085E21-7074-46F2-999F-C21410990BCD}" = lport=138 | protocol=17 | dir=in | app=system |
    "{83BA133A-F89B-4A76-A004-3C109EDEC109}" = rport=445 | protocol=6 | dir=out | app=system |
    "{9023D4D6-2EB6-461A-AA70-1BB3E6FD4FF2}" = lport=137 | protocol=17 | dir=in | app=system |
    "{A3764DB2-24F9-4601-8792-AF110387D43E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{B2A82682-DB7D-438F-AB2A-AF0422A19B0B}" = rport=139 | protocol=6 | dir=out | app=system |
    "{B389C485-DFD0-4204-B97E-A66D1FAFC0B4}" = lport=445 | protocol=6 | dir=in | app=system |
    "{BC1280E2-1FCF-4AA5-92B7-2D12289F48A3}" = lport=139 | protocol=6 | dir=in | app=system |
    "{BFEDB261-A586-46D6-8AF9-FF310501A7ED}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{C0D77B19-B80E-4703-87FD-AD1F2757669A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{C5E4726D-F65B-4325-B7AC-132159C7CA71}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E6AD2759-FA41-4CD3-B6DC-07031C24ED43}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{EBFDF6D7-C59A-4EF5-9686-EDD04180EEA3}" = rport=137 | protocol=17 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{09853D0D-3BF3-4CA7-931E-5C70D771521B}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
    "{14005486-F396-473B-B251-EA117A420393}" = protocol=17 | dir=in | app=c:\program files\sogouinput\6.2.0.7270\pinyinup.exe |
    "{1FE8026A-FB91-494F-B6B3-DE297F5045DA}" = protocol=6 | dir=in | app=c:\users\windows 7\appdata\local\temp\sogoupinyin.exe |
    "{2020FDE0-6C4C-46A5-B831-F872682D9DB5}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{219683E6-4AA3-4C52-BB57-0DC5974605A0}" = protocol=58 | dir=out | [email protected],-28546 |
    "{26F2121A-ED21-4EA3-A4B0-C9AC32BD0747}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{317F301E-A9CE-49BD-8B2B-F8937E161FE8}" = protocol=17 | dir=in | app=c:\program files\kwmusic\kwmusic.exe |
    "{3EA8BA7C-4BD9-49BF-ADE4-4B4DB6AAE988}" = protocol=17 | dir=in | app=c:\program files\qqplayer\qpup.exe |
    "{4ABEDDE6-560F-4DD5-81BE-3183D08EF650}" = protocol=6 | dir=in | app=c:\program files\sogouinput\6.1.0.6700\pinyinup.exe |
    "{4C02EA6D-EAE0-4A74-A92C-B4EBB5E00678}" = protocol=17 | dir=in | app=c:\program files\qqplayer\qqdeskupdate.exe |
    "{50A0F7DF-C050-40E6-8068-037F21774CAE}" = protocol=1 | dir=out | [email protected],-28544 |
    "{59E403BD-BECE-4338-99E9-6F74719AF3A3}" = protocol=17 | dir=in | app=c:\program files\kwmusic\kwmv.exe |
    "{5E3D9328-0EB2-408D-9938-AC5B88847CE7}" = protocol=1 | dir=in | [email protected],-28543 |
    "{62B90B5B-3C0D-42FD-B533-5FD34B157860}" = protocol=58 | dir=in | [email protected],-28545 |
    "{643DA860-DACD-4CFC-A958-6626907CD1B8}" = protocol=6 | dir=in | app=c:\program files\sogouinput\6.1.0.6700\pinyinup.exe |
    "{6C08572B-31E0-437E-BB60-C2ED09F621D3}" = protocol=17 | dir=in | app=c:\program files\sogouinput\6.1.0.6700\pinyinup.exe |
    "{80215814-B0A6-4291-9304-52628EAEBF4B}" = protocol=6 | dir=in | app=c:\program files\qqplayer\qpup.exe |
    "{846F622E-EF48-468F-87D9-5CC082E03AA6}" = protocol=6 | dir=in | app=c:\program files\qqplayer\qqdeskupdate.exe |
    "{84BFC822-1F99-4949-A013-01ECDB142C88}" = protocol=17 | dir=in | app=c:\program files\qqplayer\qqplayer.exe |
    "{87B69586-BA4B-4F8F-B891-D62EA5516678}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
    "{8A120E08-ED9A-4012-9662-F01A9CA0FCBD}" = protocol=17 | dir=in | app=c:\program files\common files\tencent\qqdownload\104\tencentdl.exe |
    "{8BAF20B7-58A0-4F04-B088-EAF3EC8A119D}" = protocol=6 | dir=in | app=c:\program files\qqplayer\qqplayer.exe |
    "{95F56041-A782-4322-B2B7-85196D0FBD53}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
    "{97CF32F6-A833-4EA0-A929-D3075F2A0D23}" = protocol=17 | dir=in | app=c:\program files\sogouinput\6.1.0.6700\pinyinup.exe |
    "{A7529023-C1BE-4318-BC60-24C8F1928D7E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{B50900E1-30D2-40C9-A550-DF16B0362D36}" = protocol=17 | dir=in | app=c:\users\windows 7\appdata\local\temp\sogoupinyin.exe |
    "{B8CA72DB-F98B-40A4-B619-06EB5E49D512}" = protocol=17 | dir=in | app=c:\program files\sogouinput\6.1.0.6700\sefastinstall.exe |
    "{BEBB28A4-3558-479D-B3CD-D7F29690481C}" = protocol=6 | dir=in | app=c:\program files\sogouinput\6.1.0.6700\sefastinstall.exe |
    "{BFE55088-9CC8-424E-BB6A-062AEE2E44C2}" = protocol=6 | dir=in | app=c:\program files\sogouinput\6.2.0.7270\pinyinup.exe |
    "{C3CB72B3-5264-4077-AEBD-6B69F24C77BA}" = protocol=6 | dir=in | app=c:\program files\common files\tencent\qqdownload\104\tencentdl.exe |
    "{DC961EC0-1134-434D-95E3-75CCA6F058D6}" = protocol=6 | dir=in | app=c:\program files\kwmusic\kwmv.exe |
    "{ED987588-85CE-48A1-957F-726B917F60F2}" = protocol=6 | dir=in | app=c:\program files\kwmusic\kwmusic.exe |
    "{FE8031EF-7A7F-4E13-B713-55E0253D431F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "TCP Query User{15B7AE90-B062-43D7-A99E-EF6F66E971DA}C:\program files\common files\tencent\qqdownload\104\tencentdl.exe" = protocol=6 | dir=in | app=c:\program files\common files\tencent\qqdownload\104\tencentdl.exe |
    "UDP Query User{B10E2CF5-E465-45D5-AAFF-E72C39DFB44F}C:\program files\common files\tencent\qqdownload\104\tencentdl.exe" = protocol=17 | dir=in | app=c:\program files\common files\tencent\qqdownload\104\tencentdl.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{137EA7E1-D30B-4373-B8B6-CB7E85107F6D}" = Angry Birds Rio
    "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
    "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1E11EE30-C0D4-46BC-9142-27EB4C37BE35}" = Angry Birds
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{952CE8E1-7452-45DB-BCA0-439AAE2A94EF}_is1" = Starter Background Changer 1.4
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CCD3F3D0-C85A-4BB7-ADDA-CA68019631D5}" = Angry Birds Seasons
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
    "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "DivX6cn" = DivX Pro &#35270;&#39057;&#32534;&#35299;&#30721;&#22120;
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "KwMusic" = &#37239;&#25105;&#38899;&#20048;&#30418; 2010
    "Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
    "Oceanis Change Background Windows 7_is1" = Oceanis Change Background Windows 7
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "ShockwaveFlash" = Adobe Flash Player 9 ActiveX
    "Sogou Input" = &#25628;&#29399;&#25340;&#38899;&#36755;&#20837;&#27861; 6.2&#27491;&#24335;&#29256;
    "Storm Codec 5" = Storm Codec
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "UltraISO_is1" = UltraISO Premium V9.36
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2304356864-341380151-145200225-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "QQPlayer" = QQ&#24433;&#38899;2.9

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 12/22/2012 1:44:22 PM | Computer Name = Windows7-PC | Source = CVHSVC | ID = 100
    Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
    DownloadLatest Failed: There are currently no active network connections. Background
    Intelligent Transfer Service (BITS) will try again when an adapter is connected.


    Error - 12/24/2012 11:11:50 PM | Computer Name = Windows7-PC | Source = CVHSVC | ID = 100
    Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
    DownloadLatest Failed: There are currently no active network connections. Background
    Intelligent Transfer Service (BITS) will try again when an adapter is connected.


    Error - 12/26/2012 10:01:37 AM | Computer Name = Windows7-PC | Source = CVHSVC | ID = 100
    Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
    DownloadLatest Failed: There are currently no active network connections. Background
    Intelligent Transfer Service (BITS) will try again when an adapter is connected.


    Error - 12/26/2012 11:51:36 AM | Computer Name = Windows7-PC | Source = SignInAssistant | ID = 0
    Description =

    Error - 12/26/2012 11:51:50 AM | Computer Name = Windows7-PC | Source = SignInAssistant | ID = 0
    Description =

    Error - 12/28/2012 8:31:03 AM | Computer Name = Windows7-PC | Source = CVHSVC | ID = 100
    Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
    DownloadLatest Failed: There are currently no active network connections. Background
    Intelligent Transfer Service (BITS) will try again when an adapter is connected.


    Error - 12/28/2012 8:50:28 AM | Computer Name = Windows7-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
    Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
    of attribute "version" in element "assemblyIdentity" is invalid.

    Error - 12/28/2012 8:51:16 AM | Computer Name = Windows7-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
    - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
    in element "assemblyIdentity" is invalid.

    Error - 12/28/2012 9:26:06 AM | Computer Name = Windows7-PC | Source = PerfNet | ID = 2004
    Description =

    Error - 12/28/2012 12:52:02 PM | Computer Name = Windows7-PC | Source = CVHSVC | ID = 100
    Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
    DownloadLatest Failed: There are currently no active network connections. Background
    Intelligent Transfer Service (BITS) will try again when an adapter is connected.


    [ System Events ]
    Error - 12/28/2012 9:05:21 AM | Computer Name = Windows7-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cdrom discache spldr Wanarpv6

    Error - 12/28/2012 9:05:29 AM | Computer Name = Windows7-PC | Source = DCOM | ID = 10005
    Description =

    Error - 12/28/2012 9:05:32 AM | Computer Name = Windows7-PC | Source = DCOM | ID = 10005
    Description =

    Error - 12/28/2012 9:05:32 AM | Computer Name = Windows7-PC | Source = DCOM | ID = 10005
    Description =

    Error - 12/28/2012 12:26:45 PM | Computer Name = Windows7-PC | Source = Service Control Manager | ID = 7000
    Description = The ESET Service service failed to start due to the following error:
    %%2

    Error - 12/28/2012 12:41:29 PM | Computer Name = Windows7-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 12:26:39 AM on ?12/?29/?2012 was unexpected.

    Error - 12/28/2012 12:41:34 PM | Computer Name = Windows7-PC | Source = Service Control Manager | ID = 7000
    Description = The ESET Service service failed to start due to the following error:
    %%2

    Error - 12/28/2012 12:42:01 PM | Computer Name = Windows7-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error - 12/28/2012 8:08:35 PM | Computer Name = Windows7-PC | Source = Service Control Manager | ID = 7000
    Description = The ESET Service service failed to start due to the following error:
    %%2

    Error - 12/28/2012 8:08:59 PM | Computer Name = Windows7-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cdrom


    < End of report >
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Run the following:

    Run Eset Online Scanner

    **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

    Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • click on the Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
      Click Start
    • When asked, allow the add/on to be installed
      Click Start
    • Make sure that the option Remove found threats is unticked
    • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
      Click Scan
    • wait for the virus definitions to be downloaded
    • Wait for the scan to finish
    When the scan is complete

    • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
    If threats were found

    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    close program
    copy and paste the report here

    Post that log, also give an update on remaining issues or concerns..

    Kevin...
     
  7. klnaj

    klnaj Thread Starter

    Joined:
    Dec 19, 2004
    Messages:
    295
    Thanks Kevin for your helps. After doing the scanning and cleanning, now my laptop is running ok. But I still see the malware - "system progressive protection" under the program menu. So, can I just delete this malware from the program menu? I guess this malware has been totally removed right?

    The second issue is the wireless internet connection. My laptop has not internet connection when I select the wireless connect but is ok when I have the cable plug in. Not sure does this issue relate to the malware, anyway I will write a new thread at the internet & netwroking section and hope someone can assist me to solve this problem.

    Lastly, any anti malware program you can recommed or any necessary steps I should take to avoid this kind of attack?

    Thank you.

    Here is the log file.

    C:\Program Files\FilmFanaticEI\Installr\1.bin\NPpaEISb.dll Win32/Toolbar.MyWebSearch application
    C:\Program Files\FilmFanaticEI\Installr\1.bin\paEIPlug.dll Win32/Toolbar.MyWebSearch application
    C:\Program Files\FilmFanaticEI\Installr\1.bin\paEZSETP.dll Win32/Toolbar.MyWebSearch.Q application
    C:\ProgramData\702DDA846C177A390000702D6A5E81B9\702DDA846C177A390000702D6A5E81B9.exe Win32/Adware.SystemSecurity.AL application
    C:\Users\All Users\702DDA846C177A390000702D6A5E81B9\702DDA846C177A390000702D6A5E81B9.exe Win32/Adware.SystemSecurity.AL application
    C:\Users\Windows 7\AppData\Local\Temp\wpbt0.dll a variant of Win32/Injector.AAOH trojan
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    OK we can take this further to remove unwanted files, also wireless connection. Continue as follows:

    Download OTM from either of the following links and save to your Desktop:

    http://oldtimer.geekstogo.com/OTM.exe.
    http://www.itxassociates.com/OT-Tools/OTM.com
    http://www.itxassociates.com/OT-Tools/OTM.exe

    Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion....

    • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Files
      ipconfig /flushdns /c
      C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection
      C:\Program Files\FilmFanaticEI\Installr\1.bin\NPpaEISb.dll
      C:\Program Files\FilmFanaticEI\Installr\1.bin\paEIPlug.dll
      C:\Program Files\FilmFanaticEI\Installr\1.bin\paEZSETP.dll
      C:\ProgramData\702DDA846C177A390000702D6A5E81B9\702DDA846C177A390000702D6A5 E81B9.exe
      C:\Users\All Users\702DDA846C177A390000702D6A5E81B9\702DDA846C177A390000702D6A5E81B9.exe
      C:\Users\Windows 7\AppData\Local\Temp\wpbt0.dll
      :Commands
      [EmptyTemp]
      [CreateRestorPoint]
      
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red [​IMG] button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    If the machine reboots, the Results log can be found here:

    c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss is the date of the tool run.

    Next,

    download Farbar Service Scanner and run it on the computer with the issue.
    Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender

    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    Kevin...
     
  9. klnaj

    klnaj Thread Starter

    Joined:
    Dec 19, 2004
    Messages:
    295
    Alright, here are the log files.

    All processes killed
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Windows 7\Desktop\cmd.bat deleted successfully.
    C:\Users\Windows 7\Desktop\cmd.txt deleted successfully.
    C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection folder moved successfully.
    DllUnregisterServer procedure not found in C:\Program Files\FilmFanaticEI\Installr\1.bin\NPpaEISb.dll
    C:\Program Files\FilmFanaticEI\Installr\1.bin\NPpaEISb.dll moved successfully.
    C:\Program Files\FilmFanaticEI\Installr\1.bin\paEIPlug.dll moved successfully.
    C:\Program Files\FilmFanaticEI\Installr\1.bin\paEZSETP.dll moved successfully.
    File/Folder C:\ProgramData\702DDA846C177A390000702D6A5E81B9\702DDA846C177A390000702D6A5 E81B9.exe not found.
    C:\Users\All Users\702DDA846C177A390000702D6A5E81B9\702DDA846C177A390000702D6A5E81B9.exe moved successfully.
    DllUnregisterServer procedure not found in C:\Users\Windows 7\AppData\Local\Temp\wpbt0.dll
    C:\Users\Windows 7\AppData\Local\Temp\wpbt0.dll moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    User: Windows 7
    ->Temp folder emptied: 63014244 bytes
    ->Temporary Internet Files folder emptied: 35281391 bytes
    ->FireFox cache emptied: 66528538 bytes
    ->Google Chrome cache emptied: 353469906 bytes
    ->Flash cache emptied: 10242 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1550344 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
    RecycleBin emptied: 9775 bytes

    Total Files Cleaned = 496.00 mb


    OTM by OldTimer - Version 3.1.21.0 log created on 12312012_181114

    Files moved on Reboot...

    Registry entries deleted on Reboot...


    Farbar Service Scanner Version: 23-12-2012
    Ran by Windows 7 (administrator) on 31-12-2012 at 18:20:14
    Running from "C:\Users\Windows 7\Desktop"
    Windows 7 Starter (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is set to Disabled. The default start type is Auto.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is set to Disabled. The default start type is Auto.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Disabled. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll
    [2009-07-14 07:53] - [2009-07-14 09:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

    C:\Windows\system32\bfe.dll
    [2009-07-14 07:54] - [2009-07-14 09:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll
    [2009-07-14 07:23] - [2009-07-14 09:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

    C:\Windows\system32\vssvc.exe
    [2009-07-14 07:24] - [2009-07-14 09:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll
    [2009-07-14 08:15] - [2009-07-14 09:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1

    C:\Windows\system32\qmgr.dll
    [2009-07-14 07:30] - [2009-07-14 09:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    select start > inthe search box type services.msc tap enter, that will open Services. Scroll select each of the following set the "Startup Type" to automatic:

    Security Center
    Windows update
    WLAN Auto Config


    Re-boot, those services should now run OK, reset your router, does your wireless connection connect?

    Next,

    Download Security Check by screen317 from either of the following:
    http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Kevin
     
  11. klnaj

    klnaj Thread Starter

    Joined:
    Dec 19, 2004
    Messages:
    295
    First of all, I would like to wishing you have a Happy, Healthy and a Prosperous New Year in 2013. And of course being so helpful in assisting me.

    Ok, I had done what you have told to change the services into automatic mode. But I'm still not able to connect to the wireless after the reboot. I presume window 7 starter should has this function which it will auto detect the wireless signal and allow us to select which network to connect. However, my laptop can't do so, even I tried it at my work place or restaurant which has the wifi connection.

    Under the Manage Wireless Network window, nothing is listed there. I have tried to manually add the network profile to my laptop and it still doesn't help. Do you think I should uninstall the wireless adapter driver and reinstall it?

    For the scanning result, please see below log file. Thanks.

    Results of screen317's Security Check version 0.99.56
    Windows 7 x86 (UAC is disabled!)
    Out of date service pack!!
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    MVPS Hosts File
    Adobe Flash Player 9 Flash Player out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Flash Player 10.3.181.34 Flash Player out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox 5.0 Firefox out of Date!
    Google Chrome 8.0.552.5
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
  13. klnaj

    klnaj Thread Starter

    Joined:
    Dec 19, 2004
    Messages:
    295
    I went to the link that you gave, may I know which file should I download since there are quite a few for me to choose. Thanks.
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
  15. klnaj

    klnaj Thread Starter

    Joined:
    Dec 19, 2004
    Messages:
    295
    Finally I have the SP installed and ran the troubleshooting on problem. The problem is the wireless capability is turned off. But my laptop has no button or switch for wireless. It will auto on every time when I start my laptop. Here is the troubleshooting report. Thanks.

    Windows Network Diagnostics Publisher details

    Issues found
    Wireless capability is turned offWireless capability is turned off Not fixed
    Turn on wireless capability Completed

    A network cable is not properly plugged in or may be brokenA network cable is not properly plugged in or may be broken Detected
    Plug an Ethernet cable into this computer Not run


    Issues found Detection details

    A Wireless capability is turned off Not fixed

    Turn on wireless capability Completed

    Use the switch on the front or side of the computer, or function keys if available, to enable wireless capability on this computer.
    Network Diagnostics Log
    File Name: ADE1EA82-2ECB-4F65-AFF2-679DBCF00FFE.Repair.Admin.1.etl



    A network cable is not properly plugged in or may be broken Detected


    Plug an Ethernet cable into this computer Not run

    An Ethernet cable looks like a telephone cable but with larger connectors on the ends. Plug this cable into the opening on the back or side of the computer. Make sure the other end of the cable is plugged into the router. If that does not help, try using a different cable.


    Detection details

    Diagnostics Information (Network Adapter)
    Details about network adapter diagnosis:

    Network adapter Wireless Network Connection 3 driver information:

    Description . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
    Manufacturer . . . . . . . . . : Microsoft
    Provider . . . . . . . . . . . : Microsoft
    Version . . . . . . . . . . . : 6.1.7600.16385
    Inf File Name . . . . . . . . . : c:\windows\inf\netvwifimp.inf
    Inf File Date . . . . . . . . . : Monday, July 13, 2009 8:53:32 PM
    Section Name . . . . . . . . . : vwifimp.ndi
    Hardware ID . . . . . . . . . . : {5d624f94-8850-40c3-a3fa-a4fd2080baf3}\vwifimp
    Instance Status Flags . . . . . : 0x180200a
    Device Manager Status Code . . : 0
    IfType . . . . . . . . . . . . : 71
    Physical Media Type . . . . . . : 9



    Diagnostics Information (Network Adapter)
    Details about network adapter diagnosis:

    Network adapter Local Area Connection driver information:

    Description . . . . . . . . . . : Realtek PCIe FE Family Controller
    Manufacturer . . . . . . . . . : Realtek
    Provider . . . . . . . . . . . : Realtek
    Version . . . . . . . . . . . : 7.21.531.2010
    Inf File Name . . . . . . . . . : C:\Windows\INF\oem1.inf
    Inf File Date . . . . . . . . . : Monday, May 31, 2010 3:43:00 AM
    Section Name . . . . . . . . . : RTL8102.ndi
    Hardware ID . . . . . . . . . . : pci\ven_10ec&dev_8136&rev_04
    Instance Status Flags . . . . . : 0x180200a
    Device Manager Status Code . . : 0
    IfType . . . . . . . . . . . . : 6
    Physical Media Type . . . . . . : 14



    Diagnostics Information (Network Adapter)
    Details about network adapter diagnosis:

    Network adapter Wireless Network Connection driver information:

    Description . . . . . . . . . . : 802.11n Wireless LAN Card
    Manufacturer . . . . . . . . . : Ralink Technology, Corp.
    Provider . . . . . . . . . . . : Microsoft
    Version . . . . . . . . . . . : 3.0.0.41
    Inf File Name . . . . . . . . . : C:\Windows\INF\netr28.inf
    Inf File Date . . . . . . . . . : Monday, July 13, 2009 8:46:36 PM
    Section Name . . . . . . . . . : OS61_RT3900E.ndi
    Hardware ID . . . . . . . . . . : pci\ven_1814&dev_3090
    Instance Status Flags . . . . . : 0x180200a
    Device Manager Status Code . . : 0
    IfType . . . . . . . . . . . . : 71
    Physical Media Type . . . . . . : 9



    Diagnostics Information (Wireless Connectivity)
    Details about wireless connectivity diagnosis:

    For complete information about this session see the wireless connectivity information event.

    Helper Class: Auto Configuration
    Initialize status: Success

    Information for connection being diagnosed

    Result of diagnosis: No problem found






    Diagnostics Information (Wireless Connectivity)
    Details about wireless connectivity diagnosis:

    Information for connection being diagnosed
    Interface GUID: 643bf050-7912-46cb-bd1f-68284f5a2efd
    Interface name: 802.11n Wireless LAN Card
    Interface type: Native WiFi

    Connection incident diagnosed


    List of visible access point(s): 0 item(s) total, 0 item(s) displayed

    Connection History

    Information for Auto Configuration ID 1

    List of visible networks: 0 item(s) total, 0 item(s) displayed

    List of preferred networks: 0 item(s)




    Diagnostics Information (Wireless Connectivity)
    Details about wireless connectivity diagnosis:

    For complete information about this session see the wireless connectivity information event.

    Helper Class: Auto Configuration
    Initialize status: Success

    Information for connection being diagnosed
    Interface GUID: 643bf050-7912-46cb-bd1f-68284f5a2efd
    Interface name: 802.11n Wireless LAN Card
    Interface type: Native WiFi

    Result of diagnosis: Problem found

    Root cause:
    Wireless capability is turned off

    Detailed root cause:
    Radio is off (HW switch)

    Repair option:
    Turn on wireless capability
    Use the switch on the front or side of the computer, or function keys if available, to enable wireless capability on this computer.




    Network Diagnostics Log
    File Name: ADE1EA82-2ECB-4F65-AFF2-679DBCF00FFE.Diagnose.Admin.0.etl

    Other Networking Configuration and Logs
    File Name: NetworkConfiguration.cab

    Collection information
    Computer Name: WINDOWS7-PC
    Windows Version: 6.1
    Architecture: x86
    Time: Wednesday, January 02, 2013 7:35:46 AM

    Publisher details

    Windows Network Diagnostics
    Detects problems with network connectivity.
    Package Version: 1.0
    Publisher: Microsoft Windows
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1082706

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice