System Progressive Protection malware

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

klnaj

Thread Starter
Joined
Dec 19, 2004
Messages
295
I think my laptop is infected by the System progressive protection malware. Whenever I turn on the laptop, window will hange at the booting stage without reaching to the desktop page.

To reach to the desktop page successfully, I need to boot window in safe mode and select start window normally option. Once window is at the desktop page, program name "system progressive protection" will do the scanning automatically and listed out several infected files on my laptop. All the programs that I try to execute are prohibited by this malware.

I am very grateful for your help to solve this problem. I have done the HijackThis, DDS, and GMER scanning. Please see below log files. Thank you.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:06:49 PM, on 12/28/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.exe
C:\Windows\system32\ctfmon.exe
C:\Users\Windows 7\Desktop\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Windows 7 Starter Helper - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{80FF17E2-C853-4D55-BF44-2D2602592757}: NameServer = 202.188.1.5,202.188.0.133
O18 - Protocol: mbox - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
O18 - Protocol: mboxflash - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

--
End of file - 5398 bytes


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01).
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume1
Install Date: 9/5/2011 2:24:52 PM
System Uptime: 12/28/2012 9:04:53 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 148A
Processor: Intel(R) Atom(TM) CPU N475 @ 1.83GHz | CPU | 1828/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 98 GiB total, 55.666 GiB free.
D: is FIXED (NTFS) - 200 GiB total, 200.268 GiB free.
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 9
Angry Birds
Angry Birds Rio
Angry Birds Seasons
CyberLink PowerDVD 9
D3DX10
DivX Pro ÊÓƵ±à½âÂëÆ÷
Google Chrome
HP Quick Launch Buttons
Intel(R) Graphics Media Accelerator Driver
Junk Mail filter update
Mesh Runtime
Messenger Companion
Microsoft Application Error Reporting
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 5.0 (x86 en-US)
MSVCRT
Oceanis Change Background Windows 7
QLBCASL
QQÓ°Òô2.9
Realtek Ethernet Controller Driver For Windows 7
Realtek PCIE Card Reader
Skype Toolbars
Skype? 4.2
Spybot - Search & Destroy
Starter Background Changer 1.4
Storm Codec
Synaptics Pointing Device Driver
UltraISO Premium V9.36
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
Ëѹ·Æ´ÒôÊäÈë·¨ 6.2Õýʽ°æ
¿áÎÒÒôÀֺР2010
.
==== Event Viewer Messages From Past Week ========
.
12/28/2012 9:05:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/28/2012 9:05:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/28/2012 9:05:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/28/2012 9:05:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/28/2012 9:05:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom discache spldr Wanarpv6
12/28/2012 9:05:21 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
12/28/2012 8:21:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
12/28/2012 8:20:39 PM, Error: Service Control Manager [7000] - The ESET Service service failed to start due to the following error: The system cannot find the file specified.
12/28/2012 8:17:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
12/28/2012 8:17:39 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/28/2012 8:16:14 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The pipe has been ended.
12/28/2012 8:16:04 PM, Error: Service Control Manager [7034] - The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s).
12/28/2012 8:16:02 PM, Error: Service Control Manager [7034] - The hpqwmiex service terminated unexpectedly. It has done this 1 time(s).
12/28/2012 8:16:02 PM, Error: Service Control Manager [7034] - The Com4QLBEx service terminated unexpectedly. It has done this 1 time(s).
12/28/2012 8:16:02 PM, Error: Service Control Manager [7034] - The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s).
12/28/2012 8:16:02 PM, Error: Service Control Manager [7034] - The Application Virtualization Service Agent service terminated unexpectedly. It has done this 1 time(s).
12/28/2012 8:16:02 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/27/2012 12:43:34 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
12/27/2012 12:43:34 AM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/27/2012 12:40:20 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12/27/2012 12:21:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/27/2012 12:21:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/27/2012 12:21:24 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdrom DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
12/27/2012 12:21:23 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/27/2012 12:21:23 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/27/2012 12:21:23 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/27/2012 12:21:23 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/27/2012 12:21:23 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/27/2012 12:21:23 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
12/27/2012 12:21:23 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/27/2012 12:21:23 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/27/2012 12:21:23 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/27/2012 12:21:23 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/26/2012 9:31:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
12/26/2012 11:51:45 PM, Error: Service Control Manager [7034] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 4 time(s).
12/26/2012 11:51:42 PM, Error: Service Control Manager [7034] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 3 time(s).
12/26/2012 11:51:31 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
.
==== End Of File ===========================



DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.7600.16385
Run by Windows 7 at 21:38:05 on 2012-12-28
Microsoft Windows 7 Starter 6.1.7600.0.936.86.1033.18.1012.552 [GMT 8:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Explorer.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
.
============== Pseudo HJT Report ===============
.
uWinlogon: Shell = c:\program files\oceanis\systemsetting\WallPaperAgent.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Windows 7 Starter Helper: {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - c:\program files\oceanis\systemsetting\StarterHelper.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [StormCodec_Helper] "c:\program files\ringz studio\storm codec\StormSet.exe" /S /opti
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: Interfaces\{80FF17E2-C853-4D55-BF44-2D2602592757} : NameServer = 202.188.1.5,202.188.0.133
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\windows 7\appdata\roaming\mozilla\firefox\profiles\b4c0h0nh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2697549&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - 85Play_Games Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\filmfanaticei\installr\1.bin\NPpaEISb.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2009-6-11 530944]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-4-16 267880]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/09/05 17:14:17];c:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536]
S2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
S2 ekrn;ESET Service;"c:\program files\eset\eset nod32 antivirus\ekrn.exe" --> c:\program files\eset\eset nod32 antivirus\ekrn.exe [?]
S2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-12-2 483688]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btmhsf;btmhsf;c:\windows\system32\drivers\btmhsf.sys [2011-7-19 225280]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-9-5 227896]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-9-5 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\drivers\iBtFltCoex.sys [2011-7-20 47104]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-11 657408]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2011-9-5 228896]
S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2009-12-2 550760]
S3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2009-12-2 195944]
S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2009-12-2 21864]
S3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2009-12-2 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-12-2 209768]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-12-26 15:44:03 -------- d-----w- c:\programdata\702DDA846C177A390000702D6A5E81B9
.
==================== Find3M ====================
.
.
============= FINISH: 21:38:20.66 ===============




GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-12-28 21:37:20
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST320LT022-1AE142 rev.0001EXM1
Running: iqe3rbkr.exe; Driver: C:\Users\WINDOW~1\AppData\Local\Temp\fglyikob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 81A88579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81AACF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Users\WINDOW~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dae1ddc
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x01 0x72 0xD9 0x81 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dae1ddc (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x01 0x72 0xD9 0x81 ...

---- EOF - GMER 1.0.15 ----
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Download Farbar Recovery Scan Tool on a clean PC (if possible) and save to a flash drive (memory stick). Use which ever of the folllowing is applicable to your system. (32 or 64 bit)

Download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ <--- 64 bit version Save to USB flash drive

Download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ <--- 32 bit version Save to USB Flash drive

Plug the flashdrive into the infected PC.

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Kevin....
 

klnaj

Thread Starter
Joined
Dec 19, 2004
Messages
295
Hi Kevin, thanks for your help. Here is the log file

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-12-2012
Ran by SYSTEM at 29-12-2012 00:33:57
Running from F:\
Windows 7 Starter (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2010-02-24] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti [97357 2006-11-26] ()
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1721640 2010-04-15] (Synaptics Incorporated)
HKLM\...\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2009-02-15] (CyberLink Corp.)
HKLM\...\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe" [50472 2008-10-13] (CyberLink Corp.)
HKLM\...\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe [75048 2009-02-28] (cyberlink)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-11] (Adobe Systems Incorporated)
HKU\Windows 7\...\Winlogon: [Shell] C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe [115888 2009-12-09] (Oceanis)
Tcpip\..\Interfaces\{80FF17E2-C853-4D55-BF44-2D2602592757}: [NameServer]202.188.1.5,202.188.0.133

==================== Services (Whitelisted) ===================

3 EhttpSrv; "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [x]
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [x]

==================== Drivers (Whitelisted) ====================

3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [225280 2011-07-19] (Intel Corporation)
3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [47104 2011-07-19] (Intel Corporation)
1 ISODrive; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2010-01-28] (EZB Systems, Inc.)
3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.)
3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [228896 2010-04-20] (Realtek Semiconductor Corp.)
2 {B154377D-700F-42cc-9474-23858FBDF4BD}; \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl [87536 2009-02-28] (CyberLink Corp.)
3 STHDA; C:\Windows\System32\DRIVERS\stwrt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-12-28 08:27 - 2012-12-28 08:27 - 00000017 ____A C:\Windows\System32\shortcut_ex.dat
2012-12-28 05:37 - 2012-12-28 05:37 - 00002771 ____A C:\Users\Windows 7\Desktop\Gmer.log
2012-12-28 05:19 - 2012-12-28 05:38 - 00010856 ____A C:\Users\Windows 7\Desktop\attach.txt
2012-12-28 05:19 - 2012-12-28 05:38 - 00007331 ____A C:\Users\Windows 7\Desktop\dds.txt
2012-12-28 05:18 - 2012-12-28 05:16 - 00302592 ____A C:\Users\Windows 7\Desktop\iqe3rbkr.exe
2012-12-28 05:18 - 2012-12-28 05:15 - 00688992 ____R (Swearware) C:\Users\Windows 7\Desktop\dds.scr
2012-12-28 05:13 - 2012-12-26 08:08 - 82167616 ____A (Sophos Limited) C:\Users\Windows 7\Desktop\Sophos Virus Removal Tool.exe
2012-12-28 05:13 - 2009-03-03 20:15 - 00402176 ____A (Panda Security) C:\Users\Windows 7\Desktop\USBVaccine.exe
2012-12-28 05:06 - 2012-12-28 05:06 - 00005399 ____A C:\Users\Windows 7\Desktop\hijackthis.log
2012-12-28 04:16 - 2012-12-26 07:53 - 00388608 ____A (Trend Micro Inc.) C:\Users\Windows 7\Desktop\HijackThis.exe
2012-12-26 07:46 - 2012-12-26 07:46 - 00002073 ____A C:\Users\Windows 7\Desktop\System Progressive Protection.lnk
2012-12-26 07:44 - 2012-12-26 07:45 - 00000000 ____D C:\Users\All Users\702DDA846C177A390000702D6A5E81B9


==================== One Month Modified Files and Folders ========

2012-12-29 00:33 - 2012-12-29 00:33 - 00000000 ____D C:\FRST
2012-12-28 08:27 - 2012-12-28 08:27 - 00000017 ____A C:\Windows\System32\shortcut_ex.dat
2012-12-28 08:26 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-28 08:26 - 2009-07-13 20:39 - 00127524 ____A C:\Windows\setupact.log
2012-12-28 05:38 - 2012-12-28 05:19 - 00010856 ____A C:\Users\Windows 7\Desktop\attach.txt
2012-12-28 05:38 - 2012-12-28 05:19 - 00007331 ____A C:\Users\Windows 7\Desktop\dds.txt
2012-12-28 05:37 - 2012-12-28 05:37 - 00002771 ____A C:\Users\Windows 7\Desktop\Gmer.log
2012-12-28 05:16 - 2012-12-28 05:18 - 00302592 ____A C:\Users\Windows 7\Desktop\iqe3rbkr.exe
2012-12-28 05:15 - 2012-12-28 05:18 - 00688992 ____R (Swearware) C:\Users\Windows 7\Desktop\dds.scr
2012-12-28 05:14 - 2011-09-04 22:30 - 00714754 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-28 05:06 - 2012-12-28 05:06 - 00005399 ____A C:\Users\Windows 7\Desktop\hijackthis.log
2012-12-28 05:05 - 2012-01-27 18:33 - 00003582 ____A C:\Windows\PFRO.log
2012-12-28 04:28 - 2009-07-13 20:34 - 00011056 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-28 04:28 - 2009-07-13 20:34 - 00011056 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-26 08:08 - 2012-12-28 05:13 - 82167616 ____A (Sophos Limited) C:\Users\Windows 7\Desktop\Sophos Virus Removal Tool.exe
2012-12-26 07:53 - 2012-12-28 04:16 - 00388608 ____A (Trend Micro Inc.) C:\Users\Windows 7\Desktop\HijackThis.exe
2012-12-26 07:46 - 2012-12-26 07:46 - 00002073 ____A C:\Users\Windows 7\Desktop\System Progressive Protection.lnk
2012-12-26 07:45 - 2012-12-26 07:44 - 00000000 ____D C:\Users\All Users\702DDA846C177A390000702D6A5E81B9
2012-12-26 07:42 - 2011-09-05 13:19 - 01540676 ____A C:\Windows\WindowsUpdate.log
2012-12-26 06:09 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2012-12-22 10:56 - 2012-01-29 06:19 - 00000030 ____A C:\Windows\QQPlayer.INI
2012-12-22 09:39 - 2012-01-29 06:19 - 00000000 ____D C:\Program Files\QQPlayer

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 1011.9 MB
Available physical RAM: 654.1 MB
Total Pagefile: 1011.9 MB
Available Pagefile: 649.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.3 MB

==================== Partitions =============================

1 Drive c: (Windows 7) (Fixed) (Total:97.56 GB) (Free:55.63 GB) NTFS
2 Drive e: (My Data) (Fixed) (Total:200.43 GB) (Free:200.27 GB) NTFS
3 Drive f: () (Removable) (Total:1.92 GB) (Free:1.84 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1967 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 97 GB 101 MB
Partition 3 Primary 200 GB 97 GB

=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Windows 7 NTFS Partition 97 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E My Data NTFS Partition 200 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1967 MB 31 KB

=========================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 1967 MB Healthy

=========================================================

Last Boot: 2012-12-28 04:50

==================== End Of Log ============================
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

Code:
start
2012-12-26 07:46 - 2012-12-26 07:46 - 00002073 ____A C:\Users\Windows 7\Desktop\System Progressive Protection.lnk
end
Now please enter System Recovery Options as you did to get the log.

Run FRST64 or FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next,

Run the following:

Download OTL from any of the following links and save to your desktop.

http://itxassociates.com/OT-Tools/OTL.com
http://oldtimer.geekstogo.com/OTL.exe
http://www.itxassociates.com/OT-Tools/OTL.scr

Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

  • When the window appears, underneath Output at the top, make sure Standard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Click Run Scan and let the program run uninterrupted.
  • When the scan is complete, two text files will be created on your Desktop.
  • OTL.Txt <- this one will be opened
  • Extras.txt <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

Kevin
 

klnaj

Thread Starter
Joined
Dec 19, 2004
Messages
295
Kevin, here is my second scanning log files. Thank you

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-12-2012
Ran by SYSTEM at 2012-12-29 08:04:18 Run:1
Running from F:\

==============================================

C:\Users\Windows 7\Desktop\System Progressive Protection.lnk moved successfully.

==== End of Fixlog ====


OTL logfile created on: 12/29/2012 8:11:18 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Windows 7\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1011.90 Mb Total Physical Memory | 534.61 Mb Available Physical Memory | 52.83% Memory free
1.99 Gb Paging File | 1.49 Gb Available in Paging File | 75.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.56 Gb Total Space | 55.63 Gb Free Space | 57.02% Space Free | Partition Type: NTFS
Drive D: | 200.43 Gb Total Space | 200.27 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
Drive E: | 1.92 Gb Total Space | 1.84 Gb Free Space | 95.84% Space Free | Partition Type: FAT

Computer Name: WINDOWS7-PC | User Name: Windows 7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/29 07:58:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Windows 7\Desktop\OTL.com
PRC - [2012/05/16 19:26:10 | 002,916,248 | ---- | M] (Sogou.com Inc.) -- C:\Program Files\SogouInput\6.2.0.7270\SGTool.exe
PRC - [2012/05/16 19:25:40 | 001,660,824 | ---- | M] (Sogou.com Inc.) -- C:\Program Files\SogouInput\6.2.0.7270\ImeUtil.exe
PRC - [2009/12/02 22:23:52 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/12/02 22:23:46 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/07/14 09:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/01 02:40:38 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2009/02/16 09:55:38 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe


========== Modules (No Company Name) ==========

MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/12/02 22:23:52 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 22:23:46 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\stwrt.sys -- (STHDA)
DRV - [2011/07/20 01:54:06 | 000,047,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV - [2011/07/19 22:12:22 | 000,225,280 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmhsf.sys -- (btmhsf)
DRV - [2010/04/21 02:04:24 | 000,228,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV - [2010/02/25 14:18:58 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2010/01/29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009/12/02 22:23:52 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2009/12/02 22:23:50 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2009/12/02 22:23:48 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2009/12/02 22:23:46 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 06:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/02/28 19:40:18 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/09/05 17:14:17] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC






IE - HKU\S-1-5-21-2304356864-341380151-145200225-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn.com/?rd=1&ucc=MY&dcc=MY&opt=0&ocid=iehp&tc=12
IE - HKU\S-1-5-21-2304356864-341380151-145200225-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2304356864-341380151-145200225-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5B 4B 47 FD BF DA CD 01 [binary data]
IE - HKU\S-1-5-21-2304356864-341380151-145200225-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2304356864-341380151-145200225-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2304356864-341380151-145200225-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "85Play_Games Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2697549&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "85Play_Games Customized Web Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.FilmFanatic.com/Plugin: C:\Program Files\FilmFanaticEI\Installr\1.bin\NPpaEISB.dll (FilmFanatic)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Ringz Studio\Storm Codec\Plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Ringz Studio\Storm Codec\Plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/05 17:15:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2011/09/05 17:15:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows 7\AppData\Roaming\Mozilla\Extensions
[2012/04/16 23:04:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows 7\AppData\Roaming\Mozilla\Firefox\Profiles\b4c0h0nh.default\extensions
[2012/03/25 09:55:17 | 001,184,804 | ---- | M] () (No name found) -- C:\Users\Windows 7\AppData\Roaming\Mozilla\Firefox\Profiles\b4c0h0nh.default\extensions\[email protected]
[2012/02/09 12:16:36 | 000,000,927 | ---- | M] () -- C:\Users\Windows 7\AppData\Roaming\Mozilla\Firefox\Profiles\b4c0h0nh.default\searchplugins\conduit.xml
[2011/09/05 18:55:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/05 18:55:49 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/09/05 17:15:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/06/09 11:05:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Windows 7\AppData\Local\Google\Chrome\Application\8.0.552.5\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Windows 7\AppData\Local\Google\Chrome\Application\8.0.552.5\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Windows 7\AppData\Local\Google\Chrome\Application\8.0.552.5\gcswf32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/04/16 20:59:32 | 000,442,669 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15208 more lines...
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll (Oceanis)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2304356864-341380151-145200225-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80FF17E2-C853-4D55-BF44-2D2602592757}: NameServer = 202.188.1.5,202.188.0.133
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2304356864-341380151-145200225-1000 Winlogon: Shell - (C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe) - C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe (Oceanis)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/12/26 23:58:18 | 000,000,016 | ---- | M] () - E:\AUTORUN.INF -- [ FAT ]
O33 - MountPoints2\{11db7be7-d7af-11e0-9089-74f06dae1ddc}\Shell\AutoRun\command - "" = E:\RNDISInst.exe
O33 - MountPoints2\{11db7be7-d7af-11e0-9089-74f06dae1ddc}\Shell\RNDIS\command - "" = E:\RNDISInst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/29 16:33:50 | 000,000,000 | ---D | C] -- C:\FRST
[2012/12/29 08:09:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Windows 7\Desktop\OTL.com
[2012/12/29 08:08:50 | 000,000,000 | R--D | C] -- C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9
[2012/12/28 21:18:05 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Windows 7\Desktop\dds.scr
[2012/12/28 21:13:53 | 082,167,616 | ---- | C] (Sophos Limited) -- C:\Users\Windows 7\Desktop\Sophos Virus Removal Tool.exe
[2012/12/28 21:13:53 | 000,402,176 | ---- | C] (Panda Security) -- C:\Users\Windows 7\Desktop\USBVaccine.exe
[2012/12/28 20:16:32 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Windows 7\Desktop\HijackThis.exe
[2012/12/26 23:46:56 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection
[2012/12/26 23:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\702DDA846C177A390000702D6A5E81B9
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/29 08:13:13 | 000,607,634 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/29 08:13:13 | 000,103,754 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/29 08:08:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/29 08:08:21 | 795,787,264 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/29 07:58:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Windows 7\Desktop\OTL.com
[2012/12/29 00:49:04 | 000,011,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/29 00:49:04 | 000,011,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/29 00:27:37 | 000,000,017 | ---- | M] () -- C:\Windows\System32\shortcut_ex.dat
[2012/12/28 21:16:36 | 000,302,592 | ---- | M] () -- C:\Users\Windows 7\Desktop\iqe3rbkr.exe
[2012/12/28 21:15:54 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Windows 7\Desktop\dds.scr
[2012/12/27 00:08:40 | 082,167,616 | ---- | M] (Sophos Limited) -- C:\Users\Windows 7\Desktop\Sophos Virus Removal Tool.exe
[2012/12/26 23:53:38 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Windows 7\Desktop\HijackThis.exe
[2012/12/26 23:39:52 | 000,169,917 | ---- | M] () -- C:\Users\Windows 7\Desktop\wireless.jpg
[2012/12/23 02:56:50 | 000,000,030 | ---- | M] () -- C:\Windows\QQPlayer.INI
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/29 00:27:37 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2012/12/28 21:18:10 | 000,302,592 | ---- | C] () -- C:\Users\Windows 7\Desktop\iqe3rbkr.exe
[2012/12/26 23:39:52 | 000,169,917 | ---- | C] () -- C:\Users\Windows 7\Desktop\wireless.jpg
[2012/04/16 22:42:49 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012/01/29 22:19:53 | 000,000,030 | ---- | C] () -- C:\Windows\QQPlayer.INI
[2011/09/08 22:33:13 | 000,000,025 | ---- | C] () -- C:\Windows\System32\mylk.dat
[2011/09/05 19:09:37 | 000,065,536 | ---- | C] () -- C:\Windows\wall.exe
[2011/09/05 17:15:51 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

========== ZeroAccess Check ==========

[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 09:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/09/05 17:27:17 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Lingoes
[2011/11/21 21:11:43 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Rovio
[2012/04/15 07:43:02 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\SoftGrid Client
[2012/06/24 13:32:47 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\SogouExplorer
[2012/01/29 22:20:38 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Tencent
[2011/09/05 17:20:46 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\TP
[2011/11/21 19:00:17 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 12/29/2012 8:11:18 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Windows 7\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1011.90 Mb Total Physical Memory | 534.61 Mb Available Physical Memory | 52.83% Memory free
1.99 Gb Paging File | 1.49 Gb Available in Paging File | 75.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.56 Gb Total Space | 55.63 Gb Free Space | 57.02% Space Free | Partition Type: NTFS
Drive D: | 200.43 Gb Total Space | 200.27 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
Drive E: | 1.92 Gb Total Space | 1.84 Gb Free Space | 95.84% Space Free | Partition Type: FAT

Computer Name: WINDOWS7-PC | User Name: Windows 7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2304356864-341380151-145200225-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Meitu\KanKan\KanKan\KanKan.exe" = C:\Program Files\Meitu\KanKan\KanKan\KanKan.exe:*:Enabled:KanKan


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F0EE5C-C238-459A-B0B0-EB9368B95E22}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1B8C421C-20E1-4C66-8E18-ACB7890EEA35}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{229CCC47-A243-492A-A0FE-DEBC88B8A16B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2A2DE164-BD62-4DD4-A467-BC9F76CA2D14}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3E5D4757-54C7-4D3C-B484-AD8711255CDB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3EBBDD40-F681-45C9-B8FB-6CD9AF49309A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4736CCAB-BC24-4060-B418-2CEE71FA6C8B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{47796FF3-D6D6-4E0C-B440-B6E20ACF7116}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5F480092-103F-46F1-9CE5-74C4DD888D1C}" = rport=138 | protocol=17 | dir=out | app=system |
"{7F53C746-B3D0-45B2-A0C5-3962C0F83E76}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{82085E21-7074-46F2-999F-C21410990BCD}" = lport=138 | protocol=17 | dir=in | app=system |
"{83BA133A-F89B-4A76-A004-3C109EDEC109}" = rport=445 | protocol=6 | dir=out | app=system |
"{9023D4D6-2EB6-461A-AA70-1BB3E6FD4FF2}" = lport=137 | protocol=17 | dir=in | app=system |
"{A3764DB2-24F9-4601-8792-AF110387D43E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B2A82682-DB7D-438F-AB2A-AF0422A19B0B}" = rport=139 | protocol=6 | dir=out | app=system |
"{B389C485-DFD0-4204-B97E-A66D1FAFC0B4}" = lport=445 | protocol=6 | dir=in | app=system |
"{BC1280E2-1FCF-4AA5-92B7-2D12289F48A3}" = lport=139 | protocol=6 | dir=in | app=system |
"{BFEDB261-A586-46D6-8AF9-FF310501A7ED}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C0D77B19-B80E-4703-87FD-AD1F2757669A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{C5E4726D-F65B-4325-B7AC-132159C7CA71}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E6AD2759-FA41-4CD3-B6DC-07031C24ED43}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EBFDF6D7-C59A-4EF5-9686-EDD04180EEA3}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09853D0D-3BF3-4CA7-931E-5C70D771521B}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{14005486-F396-473B-B251-EA117A420393}" = protocol=17 | dir=in | app=c:\program files\sogouinput\6.2.0.7270\pinyinup.exe |
"{1FE8026A-FB91-494F-B6B3-DE297F5045DA}" = protocol=6 | dir=in | app=c:\users\windows 7\appdata\local\temp\sogoupinyin.exe |
"{2020FDE0-6C4C-46A5-B831-F872682D9DB5}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{219683E6-4AA3-4C52-BB57-0DC5974605A0}" = protocol=58 | dir=out | [email protected],-28546 |
"{26F2121A-ED21-4EA3-A4B0-C9AC32BD0747}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{317F301E-A9CE-49BD-8B2B-F8937E161FE8}" = protocol=17 | dir=in | app=c:\program files\kwmusic\kwmusic.exe |
"{3EA8BA7C-4BD9-49BF-ADE4-4B4DB6AAE988}" = protocol=17 | dir=in | app=c:\program files\qqplayer\qpup.exe |
"{4ABEDDE6-560F-4DD5-81BE-3183D08EF650}" = protocol=6 | dir=in | app=c:\program files\sogouinput\6.1.0.6700\pinyinup.exe |
"{4C02EA6D-EAE0-4A74-A92C-B4EBB5E00678}" = protocol=17 | dir=in | app=c:\program files\qqplayer\qqdeskupdate.exe |
"{50A0F7DF-C050-40E6-8068-037F21774CAE}" = protocol=1 | dir=out | [email protected],-28544 |
"{59E403BD-BECE-4338-99E9-6F74719AF3A3}" = protocol=17 | dir=in | app=c:\program files\kwmusic\kwmv.exe |
"{5E3D9328-0EB2-408D-9938-AC5B88847CE7}" = protocol=1 | dir=in | [email protected],-28543 |
"{62B90B5B-3C0D-42FD-B533-5FD34B157860}" = protocol=58 | dir=in | [email protected],-28545 |
"{643DA860-DACD-4CFC-A958-6626907CD1B8}" = protocol=6 | dir=in | app=c:\program files\sogouinput\6.1.0.6700\pinyinup.exe |
"{6C08572B-31E0-437E-BB60-C2ED09F621D3}" = protocol=17 | dir=in | app=c:\program files\sogouinput\6.1.0.6700\pinyinup.exe |
"{80215814-B0A6-4291-9304-52628EAEBF4B}" = protocol=6 | dir=in | app=c:\program files\qqplayer\qpup.exe |
"{846F622E-EF48-468F-87D9-5CC082E03AA6}" = protocol=6 | dir=in | app=c:\program files\qqplayer\qqdeskupdate.exe |
"{84BFC822-1F99-4949-A013-01ECDB142C88}" = protocol=17 | dir=in | app=c:\program files\qqplayer\qqplayer.exe |
"{87B69586-BA4B-4F8F-B891-D62EA5516678}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{8A120E08-ED9A-4012-9662-F01A9CA0FCBD}" = protocol=17 | dir=in | app=c:\program files\common files\tencent\qqdownload\104\tencentdl.exe |
"{8BAF20B7-58A0-4F04-B088-EAF3EC8A119D}" = protocol=6 | dir=in | app=c:\program files\qqplayer\qqplayer.exe |
"{95F56041-A782-4322-B2B7-85196D0FBD53}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{97CF32F6-A833-4EA0-A929-D3075F2A0D23}" = protocol=17 | dir=in | app=c:\program files\sogouinput\6.1.0.6700\pinyinup.exe |
"{A7529023-C1BE-4318-BC60-24C8F1928D7E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B50900E1-30D2-40C9-A550-DF16B0362D36}" = protocol=17 | dir=in | app=c:\users\windows 7\appdata\local\temp\sogoupinyin.exe |
"{B8CA72DB-F98B-40A4-B619-06EB5E49D512}" = protocol=17 | dir=in | app=c:\program files\sogouinput\6.1.0.6700\sefastinstall.exe |
"{BEBB28A4-3558-479D-B3CD-D7F29690481C}" = protocol=6 | dir=in | app=c:\program files\sogouinput\6.1.0.6700\sefastinstall.exe |
"{BFE55088-9CC8-424E-BB6A-062AEE2E44C2}" = protocol=6 | dir=in | app=c:\program files\sogouinput\6.2.0.7270\pinyinup.exe |
"{C3CB72B3-5264-4077-AEBD-6B69F24C77BA}" = protocol=6 | dir=in | app=c:\program files\common files\tencent\qqdownload\104\tencentdl.exe |
"{DC961EC0-1134-434D-95E3-75CCA6F058D6}" = protocol=6 | dir=in | app=c:\program files\kwmusic\kwmv.exe |
"{ED987588-85CE-48A1-957F-726B917F60F2}" = protocol=6 | dir=in | app=c:\program files\kwmusic\kwmusic.exe |
"{FE8031EF-7A7F-4E13-B713-55E0253D431F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{15B7AE90-B062-43D7-A99E-EF6F66E971DA}C:\program files\common files\tencent\qqdownload\104\tencentdl.exe" = protocol=6 | dir=in | app=c:\program files\common files\tencent\qqdownload\104\tencentdl.exe |
"UDP Query User{B10E2CF5-E465-45D5-AAFF-E72C39DFB44F}C:\program files\common files\tencent\qqdownload\104\tencentdl.exe" = protocol=17 | dir=in | app=c:\program files\common files\tencent\qqdownload\104\tencentdl.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{137EA7E1-D30B-4373-B8B6-CB7E85107F6D}" = Angry Birds Rio
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E11EE30-C0D4-46BC-9142-27EB4C37BE35}" = Angry Birds
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{952CE8E1-7452-45DB-BCA0-439AAE2A94EF}_is1" = Starter Background Changer 1.4
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCD3F3D0-C85A-4BB7-ADDA-CA68019631D5}" = Angry Birds Seasons
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX6cn" = DivX Pro &#35270;&#39057;&#32534;&#35299;&#30721;&#22120;
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"KwMusic" = &#37239;&#25105;&#38899;&#20048;&#30418; 2010
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"Oceanis Change Background Windows 7_is1" = Oceanis Change Background Windows 7
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Sogou Input" = &#25628;&#29399;&#25340;&#38899;&#36755;&#20837;&#27861; 6.2&#27491;&#24335;&#29256;
"Storm Codec 5" = Storm Codec
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UltraISO_is1" = UltraISO Premium V9.36
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2304356864-341380151-145200225-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"QQPlayer" = QQ&#24433;&#38899;2.9

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/22/2012 1:44:22 PM | Computer Name = Windows7-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


Error - 12/24/2012 11:11:50 PM | Computer Name = Windows7-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


Error - 12/26/2012 10:01:37 AM | Computer Name = Windows7-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


Error - 12/26/2012 11:51:36 AM | Computer Name = Windows7-PC | Source = SignInAssistant | ID = 0
Description =

Error - 12/26/2012 11:51:50 AM | Computer Name = Windows7-PC | Source = SignInAssistant | ID = 0
Description =

Error - 12/28/2012 8:31:03 AM | Computer Name = Windows7-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


Error - 12/28/2012 8:50:28 AM | Computer Name = Windows7-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 12/28/2012 8:51:16 AM | Computer Name = Windows7-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 12/28/2012 9:26:06 AM | Computer Name = Windows7-PC | Source = PerfNet | ID = 2004
Description =

Error - 12/28/2012 12:52:02 PM | Computer Name = Windows7-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


[ System Events ]
Error - 12/28/2012 9:05:21 AM | Computer Name = Windows7-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom discache spldr Wanarpv6

Error - 12/28/2012 9:05:29 AM | Computer Name = Windows7-PC | Source = DCOM | ID = 10005
Description =

Error - 12/28/2012 9:05:32 AM | Computer Name = Windows7-PC | Source = DCOM | ID = 10005
Description =

Error - 12/28/2012 9:05:32 AM | Computer Name = Windows7-PC | Source = DCOM | ID = 10005
Description =

Error - 12/28/2012 12:26:45 PM | Computer Name = Windows7-PC | Source = Service Control Manager | ID = 7000
Description = The ESET Service service failed to start due to the following error:
%%2

Error - 12/28/2012 12:41:29 PM | Computer Name = Windows7-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:26:39 AM on ?12/?29/?2012 was unexpected.

Error - 12/28/2012 12:41:34 PM | Computer Name = Windows7-PC | Source = Service Control Manager | ID = 7000
Description = The ESET Service service failed to start due to the following error:
%%2

Error - 12/28/2012 12:42:01 PM | Computer Name = Windows7-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 12/28/2012 8:08:35 PM | Computer Name = Windows7-PC | Source = Service Control Manager | ID = 7000
Description = The ESET Service service failed to start due to the following error:
%%2

Error - 12/28/2012 8:08:59 PM | Computer Name = Windows7-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom


< End of report >
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Run the following:

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found
If threats were found

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
close program
copy and paste the report here

Post that log, also give an update on remaining issues or concerns..

Kevin...
 

klnaj

Thread Starter
Joined
Dec 19, 2004
Messages
295
Thanks Kevin for your helps. After doing the scanning and cleanning, now my laptop is running ok. But I still see the malware - "system progressive protection" under the program menu. So, can I just delete this malware from the program menu? I guess this malware has been totally removed right?

The second issue is the wireless internet connection. My laptop has not internet connection when I select the wireless connect but is ok when I have the cable plug in. Not sure does this issue relate to the malware, anyway I will write a new thread at the internet & netwroking section and hope someone can assist me to solve this problem.

Lastly, any anti malware program you can recommed or any necessary steps I should take to avoid this kind of attack?

Thank you.

Here is the log file.

C:\Program Files\FilmFanaticEI\Installr\1.bin\NPpaEISb.dll Win32/Toolbar.MyWebSearch application
C:\Program Files\FilmFanaticEI\Installr\1.bin\paEIPlug.dll Win32/Toolbar.MyWebSearch application
C:\Program Files\FilmFanaticEI\Installr\1.bin\paEZSETP.dll Win32/Toolbar.MyWebSearch.Q application
C:\ProgramData\702DDA846C177A390000702D6A5E81B9\702DDA846C177A390000702D6A5E81B9.exe Win32/Adware.SystemSecurity.AL application
C:\Users\All Users\702DDA846C177A390000702D6A5E81B9\702DDA846C177A390000702D6A5E81B9.exe Win32/Adware.SystemSecurity.AL application
C:\Users\Windows 7\AppData\Local\Temp\wpbt0.dll a variant of Win32/Injector.AAOH trojan
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
OK we can take this further to remove unwanted files, also wireless connection. Continue as follows:

Download OTM from either of the following links and save to your Desktop:

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion....

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    :Files
    ipconfig /flushdns /c
    C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection
    C:\Program Files\FilmFanaticEI\Installr\1.bin\NPpaEISb.dll
    C:\Program Files\FilmFanaticEI\Installr\1.bin\paEIPlug.dll
    C:\Program Files\FilmFanaticEI\Installr\1.bin\paEZSETP.dll
    C:\ProgramData\702DDA846C177A390000702D6A5E81B9\702DDA846C177A390000702D6A5 E81B9.exe
    C:\Users\All Users\702DDA846C177A390000702D6A5E81B9\702DDA846C177A390000702D6A5E81B9.exe
    C:\Users\Windows 7\AppData\Local\Temp\wpbt0.dll
    :Commands
    [EmptyTemp]
    [CreateRestorPoint]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red
    button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Next,

download Farbar Service Scanner and run it on the computer with the issue.
Make sure the following options are checked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Kevin...
 

klnaj

Thread Starter
Joined
Dec 19, 2004
Messages
295
Alright, here are the log files.

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Windows 7\Desktop\cmd.bat deleted successfully.
C:\Users\Windows 7\Desktop\cmd.txt deleted successfully.
C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection folder moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\FilmFanaticEI\Installr\1.bin\NPpaEISb.dll
C:\Program Files\FilmFanaticEI\Installr\1.bin\NPpaEISb.dll moved successfully.
C:\Program Files\FilmFanaticEI\Installr\1.bin\paEIPlug.dll moved successfully.
C:\Program Files\FilmFanaticEI\Installr\1.bin\paEZSETP.dll moved successfully.
File/Folder C:\ProgramData\702DDA846C177A390000702D6A5E81B9\702DDA846C177A390000702D6A5 E81B9.exe not found.
C:\Users\All Users\702DDA846C177A390000702D6A5E81B9\702DDA846C177A390000702D6A5E81B9.exe moved successfully.
DllUnregisterServer procedure not found in C:\Users\Windows 7\AppData\Local\Temp\wpbt0.dll
C:\Users\Windows 7\AppData\Local\Temp\wpbt0.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Windows 7
->Temp folder emptied: 63014244 bytes
->Temporary Internet Files folder emptied: 35281391 bytes
->FireFox cache emptied: 66528538 bytes
->Google Chrome cache emptied: 353469906 bytes
->Flash cache emptied: 10242 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1550344 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 9775 bytes

Total Files Cleaned = 496.00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 12312012_181114

Files moved on Reboot...

Registry entries deleted on Reboot...


Farbar Service Scanner Version: 23-12-2012
Ran by Windows 7 (administrator) on 31-12-2012 at 18:20:14
Running from "C:\Users\Windows 7\Desktop"
Windows 7 Starter (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll
[2009-07-14 07:53] - [2009-07-14 09:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-14 07:54] - [2009-07-14 09:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-14 07:23] - [2009-07-14 09:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-14 07:24] - [2009-07-14 09:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll
[2009-07-14 08:15] - [2009-07-14 09:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1

C:\Windows\system32\qmgr.dll
[2009-07-14 07:30] - [2009-07-14 09:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
select start > inthe search box type services.msc tap enter, that will open Services. Scroll select each of the following set the "Startup Type" to automatic:

Security Center
Windows update
WLAN Auto Config


Re-boot, those services should now run OK, reset your router, does your wireless connection connect?

Next,

Download Security Check by screen317 from either of the following:
http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Kevin
 

klnaj

Thread Starter
Joined
Dec 19, 2004
Messages
295
First of all, I would like to wishing you have a Happy, Healthy and a Prosperous New Year in 2013. And of course being so helpful in assisting me.

Ok, I had done what you have told to change the services into automatic mode. But I'm still not able to connect to the wireless after the reboot. I presume window 7 starter should has this function which it will auto detect the wireless signal and allow us to select which network to connect. However, my laptop can't do so, even I tried it at my work place or restaurant which has the wifi connection.

Under the Manage Wireless Network window, nothing is listed there. I have tried to manually add the network profile to my laptop and it still doesn't help. Do you think I should uninstall the wireless adapter driver and reinstall it?

For the scanning result, please see below log file. Thanks.

Results of screen317's Security Check version 0.99.56
Windows 7 x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Adobe Flash Player 9 Flash Player out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.181.34 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 5.0 Firefox out of Date!
Google Chrome 8.0.552.5
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

klnaj

Thread Starter
Joined
Dec 19, 2004
Messages
295
I went to the link that you gave, may I know which file should I download since there are quite a few for me to choose. Thanks.
 

klnaj

Thread Starter
Joined
Dec 19, 2004
Messages
295
Finally I have the SP installed and ran the troubleshooting on problem. The problem is the wireless capability is turned off. But my laptop has no button or switch for wireless. It will auto on every time when I start my laptop. Here is the troubleshooting report. Thanks.

Windows Network Diagnostics Publisher details

Issues found
Wireless capability is turned offWireless capability is turned off Not fixed
Turn on wireless capability Completed

A network cable is not properly plugged in or may be brokenA network cable is not properly plugged in or may be broken Detected
Plug an Ethernet cable into this computer Not run


Issues found Detection details

A Wireless capability is turned off Not fixed

Turn on wireless capability Completed

Use the switch on the front or side of the computer, or function keys if available, to enable wireless capability on this computer.
Network Diagnostics Log
File Name: ADE1EA82-2ECB-4F65-AFF2-679DBCF00FFE.Repair.Admin.1.etl



A network cable is not properly plugged in or may be broken Detected


Plug an Ethernet cable into this computer Not run

An Ethernet cable looks like a telephone cable but with larger connectors on the ends. Plug this cable into the opening on the back or side of the computer. Make sure the other end of the cable is plugged into the router. If that does not help, try using a different cable.


Detection details

Diagnostics Information (Network Adapter)
Details about network adapter diagnosis:

Network adapter Wireless Network Connection 3 driver information:

Description . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Manufacturer . . . . . . . . . : Microsoft
Provider . . . . . . . . . . . : Microsoft
Version . . . . . . . . . . . : 6.1.7600.16385
Inf File Name . . . . . . . . . : c:\windows\inf\netvwifimp.inf
Inf File Date . . . . . . . . . : Monday, July 13, 2009 8:53:32 PM
Section Name . . . . . . . . . : vwifimp.ndi
Hardware ID . . . . . . . . . . : {5d624f94-8850-40c3-a3fa-a4fd2080baf3}\vwifimp
Instance Status Flags . . . . . : 0x180200a
Device Manager Status Code . . : 0
IfType . . . . . . . . . . . . : 71
Physical Media Type . . . . . . : 9



Diagnostics Information (Network Adapter)
Details about network adapter diagnosis:

Network adapter Local Area Connection driver information:

Description . . . . . . . . . . : Realtek PCIe FE Family Controller
Manufacturer . . . . . . . . . : Realtek
Provider . . . . . . . . . . . : Realtek
Version . . . . . . . . . . . : 7.21.531.2010
Inf File Name . . . . . . . . . : C:\Windows\INF\oem1.inf
Inf File Date . . . . . . . . . : Monday, May 31, 2010 3:43:00 AM
Section Name . . . . . . . . . : RTL8102.ndi
Hardware ID . . . . . . . . . . : pci\ven_10ec&dev_8136&rev_04
Instance Status Flags . . . . . : 0x180200a
Device Manager Status Code . . : 0
IfType . . . . . . . . . . . . : 6
Physical Media Type . . . . . . : 14



Diagnostics Information (Network Adapter)
Details about network adapter diagnosis:

Network adapter Wireless Network Connection driver information:

Description . . . . . . . . . . : 802.11n Wireless LAN Card
Manufacturer . . . . . . . . . : Ralink Technology, Corp.
Provider . . . . . . . . . . . : Microsoft
Version . . . . . . . . . . . : 3.0.0.41
Inf File Name . . . . . . . . . : C:\Windows\INF\netr28.inf
Inf File Date . . . . . . . . . : Monday, July 13, 2009 8:46:36 PM
Section Name . . . . . . . . . : OS61_RT3900E.ndi
Hardware ID . . . . . . . . . . : pci\ven_1814&dev_3090
Instance Status Flags . . . . . : 0x180200a
Device Manager Status Code . . : 0
IfType . . . . . . . . . . . . : 71
Physical Media Type . . . . . . : 9



Diagnostics Information (Wireless Connectivity)
Details about wireless connectivity diagnosis:

For complete information about this session see the wireless connectivity information event.

Helper Class: Auto Configuration
Initialize status: Success

Information for connection being diagnosed

Result of diagnosis: No problem found






Diagnostics Information (Wireless Connectivity)
Details about wireless connectivity diagnosis:

Information for connection being diagnosed
Interface GUID: 643bf050-7912-46cb-bd1f-68284f5a2efd
Interface name: 802.11n Wireless LAN Card
Interface type: Native WiFi

Connection incident diagnosed


List of visible access point(s): 0 item(s) total, 0 item(s) displayed

Connection History

Information for Auto Configuration ID 1

List of visible networks: 0 item(s) total, 0 item(s) displayed

List of preferred networks: 0 item(s)




Diagnostics Information (Wireless Connectivity)
Details about wireless connectivity diagnosis:

For complete information about this session see the wireless connectivity information event.

Helper Class: Auto Configuration
Initialize status: Success

Information for connection being diagnosed
Interface GUID: 643bf050-7912-46cb-bd1f-68284f5a2efd
Interface name: 802.11n Wireless LAN Card
Interface type: Native WiFi

Result of diagnosis: Problem found

Root cause:
Wireless capability is turned off

Detailed root cause:
Radio is off (HW switch)

Repair option:
Turn on wireless capability
Use the switch on the front or side of the computer, or function keys if available, to enable wireless capability on this computer.




Network Diagnostics Log
File Name: ADE1EA82-2ECB-4F65-AFF2-679DBCF00FFE.Diagnose.Admin.0.etl

Other Networking Configuration and Logs
File Name: NetworkConfiguration.cab

Collection information
Computer Name: WINDOWS7-PC
Windows Version: 6.1
Architecture: x86
Time: Wednesday, January 02, 2013 7:35:46 AM

Publisher details

Windows Network Diagnostics
Detects problems with network connectivity.
Package Version: 1.0
Publisher: Microsoft Windows
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top