Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

Windows Explorer restarts over and over

This is a discussion on Windows Explorer restarts over and over within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category.


Reply
 
Thread Tools Search this Thread
Old 03-01-2012, 01:45 PM   #1
Registered Member
 
Join Date: Feb 2012
Posts: 15
OS: Vista SP2 x64



Hello!
This problem seems pretty known, but all the solutions I found on the web never worked for me. First of all, I did some work on my own before finding this forum. So let me describe my story first before showing logs according to your rules.
I got a virus two days ago. It's the one described here hxxp://www.deletevirus.net/votre-ordinateur-a-ete-bloque-pour-violation-de-la-loi-belgique-virus/
I followed all the instructions on this post and got rid of the virus. After that, my Windows Explorer turned bad. It restarts almost every time I do something with my directory windows. So I have to resort to Far manager or some other software to use my files.
I have a feeling it has something to do with new explorer.exe that I got from that site to replace the old one.
I tried the following.
1) Typed from command line "sfc /scannow". The output was "Windows Resource Protection could not start the repair service."
2) I ran all kinds of freeware scans and cleaned whatever I could. No result.
3) Checked my registry. But since I know nothing about it, I couldn't do much.
4) Checked my Windows Explorer while in Safe Mode. It seemed to work fine, but my computer shut off quickly ( it's Toshiba, and it overheats terribly when it is not in OS normal mode ) so I cannot know for sure.
5) Using recovery disk would not help me at all, since it is SP1, but I already have SP2. But in case you need it, I have it in my possession.
6) I tried ShellExView and disabled all non-Microsoft shells. No result.

This is the log of the problem generated by Windows:
Code:
Product
Windows Explorer

Problem
Stopped working

Date
2/29/2012 6:32 PM

Status
Solution Available

Problem signature
Problem Event Name:    APPCRASH
Application Name:    Explorer.EXE
Application Version:    6.0.6002.18005
Application Timestamp:    49e01da5
Fault Module Name:    StackHash_fd00
Fault Module Version:    0.0.0.0
Fault Module Timestamp:    00000000
Exception Code:    c0000005
Exception Offset:    00000000
OS Version:    6.0.6002.2.2.0.768.3
Locale ID:    1033
Additional Information 1:    fd00
Additional Information 2:    ea6f5fe8924aaa756324d57f87834160
Additional Information 3:    fd00
Additional Information 4:    ea6f5fe8924aaa756324d57f87834160

Extra information about the problem
Bucket ID:    1228955714
Before posting logs, I want to mention that I couldn't get rid of all the anti-virus software using Control Panel. One reason is that my Control Panel is really damaged ( I don't know why): it only shows 6 icons (BDE Administrator, DNA, Java, Mail, QuickTime, Text To Speech) of which none are useful in my case. The second reason I don't remember all of the software previously installed. Nevertheless, I tried my best to manually remove all anti-virus I know leaving only one.
My system is 64 bit, Vista SP2, so I do NOT provide ark.txt.

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by USER at 22:03:51 on 2012-03-01
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.1974 [GMT 1:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\CollabNet\Subversion Server\httpd\bin\httpd.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\CollabNet\Subversion Server\httpd\bin\httpd.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\CollabNet\Subversion Server\svnserve.exe
C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\WebMoney Agent\wmagent.exe
C:\Program Files (x86)\Yandex\Online\online.exe
C:\windows\ehome\ehtray.exe
C:\Program Files (x86)\Olympus\ib\olycamdetect.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Yandex\Online\yachat\yachat.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Explorer.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://webalta.ru/poisk
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.Google.com
uSearch Bar = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.google.com/
mDefault_Search_URL = hxxp://www.Google.com
mSearch Page = hxxp://webalta.ru/poisk
mSearch Bar = hxxp://www.google.com/
uSearchAssistant = hxxp://www.Google.com/
mSearchAssistant = hxxp://www.Google.com/
uURLSearchHooks: H - No File
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
TB: ??????.???: {91397d20-1446-11d4-8af4-0040ca1127b6} - C:\Program Files (x86)\Yandex\YandexBarIE\yndbar.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [IBP]
uRun: [YandexOnline] "C:\Program Files (x86)\Yandex\Online\online.exe" -AutoStart
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Olympus ib] "C:\Program Files (x86)\Olympus\ib\olycamdetect.exe" /Startup
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [salm] e:\temp\salm.exe
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [MDS_Menu] "C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0"
mRun: [wmagent.exe] "C:\Program Files (x86)\WebMoney Agent\wmagent.exe"
StartupFolder: C:\users\USER\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\users\USER\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GoView.lnk - C:\Users\USER\AppData\Roaming\Microsoft\Installer\{80FAACB3-635B-4BB0-B74E-E12F620FED98}\_C3AE839B4158555DDA870E.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save video on Savevid.com - C:\Program Files (x86)\Savevid\redirect.htm
IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C}
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: localhost
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0F1BEFB0-F01C-4517-BF68-41A7A22705F4} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: AC-Pro: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll
BHO-X64: SuggestMeYesBHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: ICQToolBar: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
TB-X64: ??????.???: {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files (x86)\Yandex\YandexBarIE\yndbar.dll
TB-X64: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun-x64: [salm] e:\temp\salm.exe
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [MDS_Menu] "C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0"
mRun-x64: [wmagent.exe] "C:\Program Files (x86)\WebMoney Agent\wmagent.exe"
IE-X64: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\razyuykm.default\
FF - prefs.js: browser.search.selectedEngine - chrome://browser-region/locale/region.properties
FF - prefs.js: browser.startup.homepage - hxxp://www.yandex.ru/?clid=21979
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npActiveX.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npWebClient.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\system32\DRIVERS\tos_sps64.sys --> C:\Windows\system32\DRIVERS\tos_sps64.sys [?]
R1 Ext2fs;Ext2fs;C:\Windows\system32\DRIVERS\ext2fs.sys --> C:\Windows\system32\DRIVERS\ext2fs.sys [?]
R1 IfsMount;IfsMount;C:\Windows\system32\DRIVERS\ifsmount.sys --> C:\Windows\system32\DRIVERS\ifsmount.sys [?]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\system32\DRIVERS\jswpslwfx.sys --> C:\Windows\system32\DRIVERS\jswpslwfx.sys [?]
R2 CollabNetSubversionApache;CollabNet Subversion Apache;C:\Program Files (x86)\CollabNet\Subversion Server\httpd\bin\httpd.exe [2010-5-20 24635]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2008-4-4 36864]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2008-4-17 40960]
R2 CSVNsvnserve;CollabNet Subversion svnserve;C:\Program Files (x86)\CollabNet\Subversion Server\svnserve.exe [2010-5-20 114780]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 ICQ Service;ICQ Service;C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2008-9-6 222456]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-19 993848]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-4 175104]
R3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2mdx64.sys --> C:\Windows\system32\DRIVERS\o2mdx64.sys [?]
R3 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sdx64.sys --> C:\Windows\system32\DRIVERS\o2sdx64.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\Windows\system32\DRIVERS\QIOMem.sys --> C:\Windows\system32\DRIVERS\QIOMem.sys [?]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;C:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-4-25 84992]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S1 Ext2Fsd;Linux ext2 file system driver;C:\Windows\system32\drivers\Ext2Fsd.sys --> C:\Windows\system32\drivers\Ext2Fsd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\Jumpstart\jswpsapi.exe [2008-7-16 954368]
S3 PerfHost;Performance Counter DLL Host;C:\windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-1-30 89920]
S4 KR10I64;KR10I64;C:\Windows\system32\drivers\kr10i64.sys --> C:\Windows\system32\drivers\kr10i64.sys [?]
S4 KR10N64;KR10N64;C:\Windows\system32\drivers\kr10n64.sys --> C:\Windows\system32\drivers\kr10n64.sys [?]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-02-28 20:50:19 2926592 ----a-w- C:\Windows\explorer.exe
2012-02-17 08:08:44 54585368 ----a-w- C:\Windows\System32\mrt.exe
2012-01-29 04:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-12 20:16:28 2765824 ----a-w- C:\Windows\System32\win32k.sys
2012-01-03 14:25:21 404992 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-12-14 16:38:07 621056 ----a-w- C:\Windows\System32\msvcrt.dll
2011-12-14 16:17:47 680448 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2011-12-14 07:43:42 17790464 ----a-w- C:\Windows\System32\mshtml.dll
2011-12-14 07:16:39 10887168 ----a-w- C:\Windows\System32\ieframe.dll
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:56 1345536 ----a-w- C:\Windows\System32\urlmon.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 07:03:07 237056 ----a-w- C:\Windows\System32\url.dll
2011-12-14 07:01:53 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2011-12-14 07:00:34 818688 ----a-w- C:\Windows\System32\jscript.dll
2011-12-14 06:59:27 2144256 ----a-w- C:\Windows\System32\iertutil.dll
2011-12-14 06:57:55 96256 ----a-w- C:\Windows\System32\mshtmled.dll
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 06:53:53 248320 ----a-w- C:\Windows\System32\ieui.dll
2011-12-14 03:30:38 12282368 ----a-w- C:\Windows\SysWow64\mshtml.dll
2011-12-14 03:10:13 9705472 ----a-w- C:\Windows\SysWow64\ieframe.dll
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:49 1103360 ----a-w- C:\Windows\SysWow64\urlmon.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:55:41 231936 ----a-w- C:\Windows\SysWow64\url.dll
2011-12-14 02:54:32 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2011-12-14 02:53:38 716800 ----a-w- C:\Windows\SysWow64\jscript.dll
2011-12-14 02:52:07 1792000 ----a-w- C:\Windows\SysWow64\iertutil.dll
2011-12-14 02:50:42 72704 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-12-14 02:47:09 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2011-01-17 02:02:10 3514656 ----a-w- C:\Program Files (x86)\TeamViewer_Setup.exe
2010-11-18 13:01:52 4024811520 --sha-w- \hiberfil.sys
2010-11-18 13:01:52 4024811520 --sha-w- \hiberfil.sys
2010-04-21 15:56:06 109056 ----a-w- C:\Program Files (x86)\SnapaShot.exe
2009-04-23 20:34:24 11225744 ---ha-w- \setup.exe
2009-04-23 20:34:24 11225744 ---ha-w- \setup.exe
2007-11-07 06:53:12 242176 ---ha-w- \VC_RED.MSI
2007-11-07 06:53:12 242176 ---ha-w- \VC_RED.MSI
2006-12-02 03:37:14 904704 ---ha-w- \msdia80.dll
2006-12-02 03:37:14 904704 ---ha-w- \msdia80.dll
2006-09-18 21:43:37 10 ----a-w- \config.sys
2006-09-18 21:43:37 10 ----a-w- \config.sys
2006-09-18 21:43:36 24 ---ha-w- \autoexec.bat
2006-09-18 21:43:36 24 ---ha-w- \autoexec.bat
1601-01-01 00:00:00 0 --sha-w- \pagefile.sys
1601-01-01 00:00:00 0 --sha-w- \pagefile.sys
.
============= FINISH: 22:12:37.43 ===============

If the problem persists, I may be forced to install Ubuntu instead. Don't really want to do it, this Vista has been with me since 2008, when I obtained this laptop.

Thanks for your help and effort!
Attached Files
File Type: zip Attach.zip (8.1 KB, 15 views)

__________________
majinsaha is offline   Reply With Quote
Old 03-06-2012, 01:30 AM   #2
Registered Member
 
Join Date: Feb 2012
Posts: 15
OS: Vista SP2 x64



BUMP, please

__________________
majinsaha is offline   Reply With Quote
Old 03-07-2012, 09:15 PM   #3
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,338
OS: WinXP Home, Vista, Windows 7 64bit



Hello majinasha and welcome to TSF,

Thank you for providing such detailed info as to what you've done thus far. I do still see infection here, so we'll start by clearing that out and work on any remaining issues as best we can.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================




====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 03-08-2012, 01:43 PM   #4
Registered Member
 
Join Date: Feb 2012
Posts: 15
OS: Vista SP2 x64



Hi! Thanks for keeping in touch.
This is the log you asked for:

ComboFix 12-03-08.03 - USER 03/08/2012 21:01:45.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.2124 [GMT 1:00]
Running from: c:\users\USER\Downloads\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\AutocompletePro
c:\program files (x86)\AutocompletePro\64\AutocompletePro64.dll
c:\program files (x86)\AutocompletePro\AutocompletePro.dll
c:\program files (x86)\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files (x86)\AutocompletePro\FireFoxExtension.exe
c:\program files (x86)\AutocompletePro\InstTracker.exe
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files (x86)\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files (x86)\AutocompletePro\support@predictad.com\install.rdf
c:\program files (x86)\AutocompletePro\unins000.dat
c:\program files (x86)\AutocompletePro\unins000.exe
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\programdata\Microsoft\corecon\1.0\1033\NonSDKAddonLangVer.dll
c:\programdata\Microsoft\corecon\1.0\1033\SDKAddonLangVer.dll
c:\programdata\Microsoft\corecon\1.0\addons\NonSDKAddonVer.dll
c:\programdata\Microsoft\corecon\1.0\addons\SDKAddonVer.dll
c:\programdata\Microsoft\corecon\1.0\SDKFilesVer.dll
c:\programfiles\desktop.ini
C:\setup.exe
c:\users\USER\AppData\Local\assembly\tmp
c:\users\USER\AppData\Local\Del8406.exe
c:\users\USER\AppData\Roaming\defaults.cfg
c:\users\USER\AppData\Roaming\KYL
c:\users\USER\AppData\Roaming\KYL\fi.dat
c:\users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Restore
c:\users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Restore\Data Restore.lnk
c:\users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Restore\Uninstall Data Restore.lnk
c:\users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pchd
c:\users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pchd\Óäàëèòü pchd.lnk
c:\users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pchd\PCHDPlayer.lnk
c:\users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
c:\users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery\Uninstall Windows Vista Recovery.lnk
c:\users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery\Windows Vista Recovery.lnk
c:\users\USER\AppData\Roaming\MicroST
c:\users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\razyuykm.default\searchplugins\webalta-search.xml
c:\windows\PFRO.log
c:\windows\system32\Thumbs.db
c:\windows\SysWow64\Gdiplus.dll
c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\crlogo.gif
c:\windows\SysWow64\images\toolbar\export.gif
c:\windows\SysWow64\images\toolbar\export_over.gif
c:\windows\SysWow64\images\toolbar\exportd.gif
c:\windows\SysWow64\images\toolbar\First.gif
c:\windows\SysWow64\images\toolbar\first_over.gif
c:\windows\SysWow64\images\toolbar\Firstd.gif
c:\windows\SysWow64\images\toolbar\gotopage.gif
c:\windows\SysWow64\images\toolbar\gotopage_over.gif
c:\windows\SysWow64\images\toolbar\gotopaged.gif
c:\windows\SysWow64\images\toolbar\grouptree.gif
c:\windows\SysWow64\images\toolbar\grouptree_over.gif
c:\windows\SysWow64\images\toolbar\grouptreed.gif
c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
c:\windows\SysWow64\images\toolbar\Last.gif
c:\windows\SysWow64\images\toolbar\last_over.gif
c:\windows\SysWow64\images\toolbar\Lastd.gif
c:\windows\SysWow64\images\toolbar\Next.gif
c:\windows\SysWow64\images\toolbar\next_over.gif
c:\windows\SysWow64\images\toolbar\Nextd.gif
c:\windows\SysWow64\images\toolbar\Prev.gif
c:\windows\SysWow64\images\toolbar\prev_over.gif
c:\windows\SysWow64\images\toolbar\Prevd.gif
c:\windows\SysWow64\images\toolbar\print.gif
c:\windows\SysWow64\images\toolbar\print_over.gif
c:\windows\SysWow64\images\toolbar\printd.gif
c:\windows\SysWow64\images\toolbar\Refresh.gif
c:\windows\SysWow64\images\toolbar\refresh_over.gif
c:\windows\SysWow64\images\toolbar\refreshd.gif
c:\windows\SysWow64\images\toolbar\Search.gif
c:\windows\SysWow64\images\toolbar\search_over.gif
c:\windows\SysWow64\images\toolbar\searchd.gif
c:\windows\SysWow64\images\toolbar\up.gif
c:\windows\SysWow64\images\toolbar\up_over.gif
c:\windows\SysWow64\images\toolbar\upd.gif
c:\windows\SysWow64\images\tree\begindots.gif
c:\windows\SysWow64\images\tree\beginminus.gif
c:\windows\SysWow64\images\tree\beginplus.gif
c:\windows\SysWow64\images\tree\blank.gif
c:\windows\SysWow64\images\tree\blankdots.gif
c:\windows\SysWow64\images\tree\dots.gif
c:\windows\SysWow64\images\tree\lastdots.gif
c:\windows\SysWow64\images\tree\lastminus.gif
c:\windows\SysWow64\images\tree\lastplus.gif
c:\windows\SysWow64\images\tree\Magnify.gif
c:\windows\SysWow64\images\tree\minus.gif
c:\windows\SysWow64\images\tree\minusbox.gif
c:\windows\SysWow64\images\tree\plus.gif
c:\windows\SysWow64\images\tree\plusbox.gif
c:\windows\SysWow64\images\tree\singleminus.gif
c:\windows\SysWow64\images\tree\singleplus.gif
c:\windows\winhelp.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-02-08 to 2012-03-08 )))))))))))))))))))))))))))))))
.
.
2012-03-08 21:07 . 2012-03-08 21:07 -------- d-----w- c:\users\USER\AppData\Local\temp
2012-03-08 21:07 . 2012-03-08 21:07 -------- d-----w- c:\users\Tanya\AppData\Local\temp
2012-03-08 21:07 . 2012-03-08 21:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-08 13:40 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D2CB2F6E-1AD5-47D3-8ED8-CCF54E7F92A9}\mpengine.dll
2012-03-07 08:00 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF63689A-7C1F-4D73-AE61-6389EFD6E394}\mpengine.dll
2012-03-07 07:49 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BA7B400E-675C-448D-9ACD-0B54413B3DF5}\mpengine.dll
2012-03-06 17:20 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AEA2CDF0-6F21-4934-B75C-DE2DDED6E5AF}\mpengine.dll
2012-03-06 08:22 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A7455089-F2E4-4FD9-990C-71721BFEBE71}\mpengine.dll
2012-03-06 08:06 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F22D70A-5A3A-40A8-B658-171D666AABAD}\mpengine.dll
2012-03-05 08:29 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3CC0CBD2-73F2-4FD5-8092-E8373FB7A471}\mpengine.dll
2012-03-05 08:15 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4592CB4D-0460-4960-8BE7-E5EA242A8ECB}\mpengine.dll
2012-03-04 19:28 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C88D2A67-BD7F-4C69-AF32-A8E631C4D1C8}\mpengine.dll
2012-03-04 09:02 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FA475A2-C9EF-47CB-B4F6-0ADBA8D80A00}\mpengine.dll
2012-03-03 09:36 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4973ECD-4919-4B45-BB17-8BDE8C5D4062}\mpengine.dll
2012-03-03 09:24 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C3A2F44-02F6-468B-9C9A-7CD921FC0692}\mpengine.dll
2012-03-02 14:47 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B3247C6B-6381-42C3-95C9-F644D0536587}\mpengine.dll
2012-03-02 08:29 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B3E38653-079C-45E5-8AF2-8C2B427ABE03}\mpengine.dll
2012-03-02 08:16 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2728A91C-B193-4456-919B-69753F252DCA}\mpengine.dll
2012-03-01 19:57 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8B40331-D27B-4223-92E2-559F4EA21447}\mpengine.dll
2012-03-01 08:12 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{37F6F236-B0E9-40E2-A6FD-4E304A0D8DDC}\mpengine.dll
2012-03-01 08:03 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1AB76F41-DA54-42DE-97A0-D70D3C691BF4}\mpengine.dll
2012-02-29 19:49 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEB9976F-5C5A-4AA3-A676-778D00350DBF}\mpengine.dll
2012-02-29 19:45 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18FD06E4-71B0-4D3A-A93A-F94D4F940F03}\mpengine.dll
2012-02-29 18:17 . 2012-03-01 20:02 -------- dc-h--w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-29 17:30 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F14D8C4E-8E12-4FA8-B147-5DC062CC71AD}\mpengine.dll
2012-02-29 08:11 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D59B9C63-1A10-4DEB-B351-0ADCFBD9A96F}\mpengine.dll
2012-02-29 07:57 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0C8A9CFE-7877-4339-92D0-5E4CF96F8C08}\mpengine.dll
2012-02-28 23:56 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D7CD9D61-FA85-4C49-93CC-A76D8712F7F6}\mpengine.dll
2012-02-28 21:59 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5090BFD1-7ED8-4E1B-9098-1382A67925DD}\mpengine.dll
2012-02-28 21:38 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{549C054D-A206-4B66-BE1D-ABC58D6873A8}\mpengine.dll
2012-02-28 20:52 . 2012-02-28 20:50 2926592 ----a-w- c:\windows\explorer.exe
2012-02-28 20:43 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{35A8671F-EBBE-43BB-A663-E099D4F49900}\mpengine.dll
2012-02-28 20:38 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF003B98-7079-4DFE-862B-9033C33346A7}\mpengine.dll
2012-02-28 20:06 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{96E5D4AF-50FB-4C6B-BCC0-6569BB925DD4}\mpengine.dll
2012-02-28 08:29 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{450ED12E-9EFB-49EA-826F-D6424E90302D}\mpengine.dll
2012-02-28 08:06 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9408F4C1-F124-4624-856D-AC1711BF1E41}\mpengine.dll
2012-02-27 12:35 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{272EBFBA-92DE-4CA0-B58A-F559BAA32451}\mpengine.dll
2012-02-27 08:06 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6B206E5-AA2F-4689-AF1A-9109FC1904E7}\mpengine.dll
2012-02-26 18:17 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FD5AA80-E688-41FB-A0D0-7ABA34317667}\mpengine.dll
2012-02-26 09:48 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C9DC7A08-6FEE-4F01-942B-5CE2485DAF1F}\mpengine.dll
2012-02-25 10:25 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BEEBC1F2-2A34-4824-81BE-002D2B049A01}\mpengine.dll
2012-02-25 10:08 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1CEA4D3A-3B9C-47EE-A26B-15E0EF860038}\mpengine.dll
2012-02-24 08:29 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C274FE30-6B35-46AC-B661-291B249600A1}\mpengine.dll
2012-02-24 08:05 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{46544C68-C5BD-412C-ABBF-415A4490BC00}\mpengine.dll
2012-02-23 08:27 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{528E1AC4-7911-45F9-9CE3-605796062819}\mpengine.dll
2012-02-23 08:17 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9D557B2-6FDF-4B3A-8930-EEAFFA80A32E}\mpengine.dll
2012-02-22 16:49 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{237127AE-8170-4AB7-8AEF-7F61C73E00F4}\mpengine.dll
2012-02-22 08:09 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{159CE668-93B1-4354-84F5-9EB9BB8137FC}\mpengine.dll
2012-02-22 07:51 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E683AD40-CA27-4EA7-954F-492D941AB205}\mpengine.dll
2012-02-21 20:03 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0DCF6D92-4CE0-41CA-A06A-3EF954EEE8B5}\mpengine.dll
2012-02-21 08:31 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4E71A40-281A-41D9-BC68-47B49C57C667}\mpengine.dll
2012-02-21 07:50 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{33A8F774-84CA-4488-96F8-8C0F6144EDF3}\mpengine.dll
2012-02-20 08:44 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20E21215-05B5-419C-940E-6628DC77B4A6}\mpengine.dll
2012-02-20 08:21 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6C69D46-71E1-485E-9D9B-0FA9C3EAECEB}\mpengine.dll
2012-02-20 08:10 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7113E8C4-2683-4D76-AEFD-659D89625C89}\mpengine.dll
2012-02-19 10:07 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{85586509-34FC-414A-971C-436D5129C843}\mpengine.dll
2012-02-19 09:58 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{139E9C8B-A995-43B1-BCC8-E735CB4BCA03}\mpengine.dll
2012-02-18 10:50 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D152C53-FD14-4CFB-A432-14438B2187B1}\mpengine.dll
2012-02-18 10:40 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7BB84A32-40B5-49D4-B54D-A50580C6A88B}\mpengine.dll
2012-02-17 17:22 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D860D58F-B1BA-4113-B6A4-A60DA3200735}\mpengine.dll
2012-02-17 08:53 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C7C4224-2EB9-41AE-A0B2-48FE3A5B2818}\mpengine.dll
2012-02-17 07:57 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4914DD6C-C582-42AA-99AE-A55EE108CA3A}\mpengine.dll
2012-02-16 15:48 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52D17325-8664-40AF-8410-3747CD5DF4DB}\mpengine.dll
2012-02-16 09:00 . 2012-02-16 10:00 -------- d--h--w- c:\users\USER\AppData\Roaming\40F20E61
2012-02-16 08:33 . 2011-12-20 10:56 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-02-16 08:33 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-16 08:33 . 2011-12-14 16:38 621056 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 08:33 . 2011-12-14 16:17 680448 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-16 08:33 . 2012-01-12 20:16 2765824 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 08:33 . 2012-01-03 14:25 404992 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 08:23 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2CCF4134-7B63-48BB-8925-19F18C52207A}\mpengine.dll
2012-02-16 08:12 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CDDA02D6-E2B3-44D0-B56F-317F0D44FC31}\mpengine.dll
2012-02-16 08:04 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{04C49318-CAE1-406E-8FE3-4607EC988D80}\mpengine.dll
2012-02-15 07:58 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84D68DC6-7C62-46D7-A25C-6FB9B6485234}\mpengine.dll
2012-02-14 08:49 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7BFFBFD-4BB6-4ED5-8DE2-A6B66FF09278}\mpengine.dll
2012-02-14 08:29 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4F89E71-DEDC-4438-A3B3-921C959FA645}\mpengine.dll
2012-02-13 22:57 . 2012-02-13 22:57 -------- d-----w- c:\program files (x86)\ExamDiff
2012-02-13 09:03 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{047AD267-67CC-4213-947A-0AE1FABF5882}\mpengine.dll
2012-02-13 08:43 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52C31DD2-6138-40CF-BA1E-7F1EE0F2BF22}\mpengine.dll
2012-02-13 08:06 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BA7ED60F-AD44-4597-9F76-8E704E15065A}\mpengine.dll
2012-02-12 22:14 . 2012-02-19 11:24 19416 ----a-w- c:\program files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2012-02-12 22:14 . 2012-02-19 11:24 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-02-12 22:14 . 2012-02-19 11:24 125912 ----a-w- c:\program files (x86)\Mozilla Firefox\crashreporter.exe
2012-02-12 22:14 . 2012-02-12 22:14 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-02-12 22:06 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{99E83F23-4155-41ED-99B8-BE1EBDD88AD5}\mpengine.dll
2012-02-12 10:57 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{29132A83-4393-4AAF-A5C2-2764373F9D76}\mpengine.dll
2012-02-12 09:40 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDD6EC18-3B76-4D4D-9BF7-18B599AF2626}\mpengine.dll
2012-02-11 09:33 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{361263EB-BB85-4A6F-BE7D-B6561237AA85}\mpengine.dll
2012-02-11 09:16 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C43FA902-A75D-403B-8998-19A24ADC2EA6}\mpengine.dll
2012-02-10 18:09 . 2012-02-11 14:37 -------- d-----w- c:\users\USER\AppData\Roaming\WebMoney
2012-02-10 17:29 . 2012-02-10 17:29 -------- d-----w- c:\program files (x86)\WebMoney Agent
2012-02-10 17:28 . 2012-02-10 17:29 -------- d-----w- c:\program files (x86)\WebMoney
2012-02-10 08:03 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{16271D40-9667-4840-8283-3A4C3EE251DF}\mpengine.dll
2012-02-10 07:51 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B41CF10-D8C7-4D9A-891B-31BC0AD64423}\mpengine.dll
2012-02-09 08:15 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1531DCF6-DFB0-42E2-A394-706378789FB2}\mpengine.dll
2012-02-09 08:07 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5B9881AA-1625-4B84-82DE-A40C6ECC700D}\mpengine.dll
2012-02-08 08:03 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98A83159-0FA4-4AB1-B972-3F456C586C93}\mpengine.dll
2012-02-08 07:51 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0858DF9A-171A-4255-B05F-28BF9C373830}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2009-11-15 16:23 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-21 14:23 . 2010-11-14 08:38 162680 ---ha-w- c:\users\USER\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2011-01-17 02:02 . 2011-01-25 00:14 3514656 ----a-w- c:\program files (x86)\TeamViewer_Setup.exe
2010-04-21 15:56 . 2010-08-21 01:05 109056 ----a-w- c:\program files (x86)\SnapaShot.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files (x86)\Yandex\YandexBarIE\yndbar.dll" [2009-07-24 5586208]
.
[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
@="{80E008A4-EAE7-4867-AEB0-1A245F070F25}"
[HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
2009-08-24 22:14 827392 ----a-w- c:\program files\Perforce\p4exp.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
@="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}"
[HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
2009-08-24 22:14 827392 ----a-w- c:\program files\Perforce\p4exp.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
@="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}"
[HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
2009-08-24 22:14 827392 ----a-w- c:\program files\Perforce\p4exp.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YandexOnline"="c:\program files (x86)\Yandex\Online\online.exe" [2011-10-12 3866952]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Olympus ib"="c:\program files (x86)\Olympus\ib\olycamdetect.exe" [2010-02-04 93376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2008-08-03 36352]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-10-14 149280]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-03-10 202256]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"MDS_Menu"="c:\program files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"wmagent.exe"="c:\program files (x86)\WebMoney Agent\wmagent.exe" [2009-10-19 210400]
.
c:\users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
GoView.lnk - c:\users\USER\AppData\Roaming\Microsoft\Installer\{80FAACB3-635B-4BB0-B74E-E12F620FED98}\_C3AE839B4158555DDA870E.exe [2011-3-27 16958]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
@="{80E008A4-EAE7-4867-AEB0-1A245F070F25}"
[HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
2009-08-24 22:14 986112 ----a-w- c:\program files\Perforce\p4exp64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
@="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}"
[HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
2009-08-24 22:14 986112 ----a-w- c:\program files\Perforce\p4exp64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
@="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}"
[HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
2009-08-24 22:14 986112 ----a-w- c:\program files\Perforce\p4exp64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-30 1216808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.Google.com
mStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Bar = hxxp://www.google.com/
uSearchAssistant = hxxp://www.Google.com/
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save video on Savevid.com - c:\program files (x86)\Savevid\redirect.htm
Trusted Zone: localhost
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\razyuykm.default\
FF - prefs.js: browser.search.selectedEngine - chrome://browser-region/locale/region.properties
FF - prefs.js: browser.startup.homepage - hxxp://www.yandex.ru/?clid=21979
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-IBP - (no file)
WebBrowser-{91397D20-1446-11D4-8AF4-0040CA1127B6} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
AddRemove-AutocompletePro3_is1 - c:\program files (x86)\AutocompletePro\unins000.exe
AddRemove-InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E} - c:\program files (x86)\InstallShield Installation Information\{066CFFF8-12BF-4390-A673-75F95EFF188E}\setup.exe
AddRemove-InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761} - c:\program files (x86)\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe
AddRemove-InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF} - c:\program files (x86)\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe
AddRemove-InstallShield_{7395D650-AE5D-4D68-B8FE-D3FA6B51467F} - c:\program files (x86)\InstallShield Installation Information\{7395D650-AE5D-4D68-B8FE-D3FA6B51467F}\setup.exe
AddRemove-InstallShield_{C515A5CE-7B56-4C80-881C-86B7768E2FD0} - c:\program files (x86)\InstallShield Installation Information\{C515A5CE-7B56-4C80-881C-86B7768E2FD0}\setup.exe
AddRemove-InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F} - c:\program files (x86)\InstallShield Installation Information\{F67FA545-D8E5-4209-86B1-AEE045D1003F}\setup.exe
AddRemove-{1B87C40B-A60B-4EF3-9A68-706CF4B69978} - c:\program files (x86)\InstallShield Installation Information\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}\setup.exe
AddRemove-{37C866E4-AA67-4725-9E95-A39968DD7960} - c:\program files (x86)\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe
AddRemove-{3F92ABBB-6BBF-11D5-B229-002078017FBF} - c:\program files (x86)\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe
AddRemove-{4C3F3228-13BE-41D0-A782-3DDE7CB2479A} - c:\program files (x86)\InstallShield Installation Information\{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}\setup.exe
AddRemove-{6C5F3BDC-0A1B-4436-A696-5939629D5C31} - c:\program files (x86)\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe
AddRemove-{A644254B-92F6-4970-8635-AB0775371E72} - c:\program files (x86)\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe
AddRemove-{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13} - c:\program files (x86)\InstallShield Installation Information\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}\setup.exe
AddRemove-{C3A32068-8AB1-4327-BB16-BED9C6219DC7} - c:\program files (x86)\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe
AddRemove-pchd - c:\program files (x86)\pchd\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-188522578-2200541752-3931843229-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E6DB8945-7FC9-C98B-E500-EEB8BD8F607F}*]
"iadhboaefngmdadcga"=hex:6a,61,6f,67,69,68,69,6c,6b,67,69,6c,6c,63,6c,66,70,61,
69,6b,00,00
"hanhhepjepoghnpo"=hex:6a,61,6f,67,69,68,69,6c,6b,67,69,6c,6c,63,6c,66,70,61,
69,6b,00,00
"abpibohlgaaalbmhjgdiahnnfacbcmmbhp"=hex:61,61,00,00
"maoiicmcfebdchmoglhfbfbmaj"=hex:61,61,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4060)
c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Perforce\p4exp.dll
c:\windows\SysWOW64\GLI\MTWebClient\CopyHook.dll
.
Completion time: 2012-03-08 22:36:03
ComboFix-quarantined-files.txt 2012-03-08 21:35
.
Pre-Run: 1,940,180,992 bytes free
Post-Run: 3,841,806,336 bytes free
.
- - End Of File - - FBB5B648FB93180628635C3BCC158BEC
__________________
majinsaha is offline   Reply With Quote
Old 03-08-2012, 07:10 PM   #5
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,338
OS: WinXP Home, Vista, Windows 7 64bit



You're welcome. :)

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.


***************************************************

Open notepad and copy/paste the text in the code box below into it:

Quote:
Folder::
c:\users\USER\AppData\Roaming\40F20E61
Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

***************************************************





Refering to the picture above, drag CFScript into ComboFix.exe


When finished, it shall produce a log for you. Post the C:\ComboFix.txt in your next reply.

What issues remain?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 03-10-2012, 05:46 AM   #6
Registered Member
 
Join Date: Feb 2012
Posts: 15
OS: Vista SP2 x64



Hi, this is the new log:

ComboFix 12-03-08.03 - USER 03/10/2012 13:26:55.3.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.2488 [GMT 1:00]
Running from: c:\users\USER\Downloads\Desktop\ComboFix.exe
Command switches used :: c:\users\USER\Downloads\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\USER\AppData\Roaming\40F20E61
c:\users\USER\AppData\Roaming\40F20E61\40F20E61.DAT.DAT
.
.
((((((((((((((((((((((((( Files Created from 2012-02-10 to 2012-03-10 )))))))))))))))))))))))))))))))
.
.
2012-03-10 13:15 . 2012-03-10 13:15 -------- d-----w- c:\users\USER\AppData\Local\temp
2012-03-10 13:15 . 2012-03-10 13:15 -------- d-----w- c:\users\Tanya\AppData\Local\temp
2012-03-10 13:15 . 2012-03-10 13:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-09 18:10 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32C17660-AE91-4324-BF8E-5CD342035B71}\mpengine.dll
2012-03-08 13:40 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D2CB2F6E-1AD5-47D3-8ED8-CCF54E7F92A9}\mpengine.dll
2012-03-08 08:31 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3AF4FC6-1CAF-48BA-B8DF-01A270B4928B}\mpengine.dll
2012-03-07 08:00 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF63689A-7C1F-4D73-AE61-6389EFD6E394}\mpengine.dll
2012-03-07 07:49 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BA7B400E-675C-448D-9ACD-0B54413B3DF5}\mpengine.dll
2012-03-06 17:20 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AEA2CDF0-6F21-4934-B75C-DE2DDED6E5AF}\mpengine.dll
2012-03-06 08:22 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A7455089-F2E4-4FD9-990C-71721BFEBE71}\mpengine.dll
2012-03-06 08:06 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F22D70A-5A3A-40A8-B658-171D666AABAD}\mpengine.dll
2012-03-05 08:29 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3CC0CBD2-73F2-4FD5-8092-E8373FB7A471}\mpengine.dll
2012-03-05 08:15 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4592CB4D-0460-4960-8BE7-E5EA242A8ECB}\mpengine.dll
2012-03-04 19:28 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C88D2A67-BD7F-4C69-AF32-A8E631C4D1C8}\mpengine.dll
2012-03-04 09:02 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FA475A2-C9EF-47CB-B4F6-0ADBA8D80A00}\mpengine.dll
2012-03-03 09:36 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4973ECD-4919-4B45-BB17-8BDE8C5D4062}\mpengine.dll
2012-03-03 09:24 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C3A2F44-02F6-468B-9C9A-7CD921FC0692}\mpengine.dll
2012-03-02 14:47 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B3247C6B-6381-42C3-95C9-F644D0536587}\mpengine.dll
2012-03-02 08:29 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B3E38653-079C-45E5-8AF2-8C2B427ABE03}\mpengine.dll
2012-03-02 08:16 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2728A91C-B193-4456-919B-69753F252DCA}\mpengine.dll
2012-03-01 19:57 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8B40331-D27B-4223-92E2-559F4EA21447}\mpengine.dll
2012-03-01 08:12 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{37F6F236-B0E9-40E2-A6FD-4E304A0D8DDC}\mpengine.dll
2012-03-01 08:03 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1AB76F41-DA54-42DE-97A0-D70D3C691BF4}\mpengine.dll
2012-02-29 19:49 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEB9976F-5C5A-4AA3-A676-778D00350DBF}\mpengine.dll
2012-02-29 19:45 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18FD06E4-71B0-4D3A-A93A-F94D4F940F03}\mpengine.dll
2012-02-29 18:17 . 2012-03-01 20:02 -------- dc-h--w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-29 17:30 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F14D8C4E-8E12-4FA8-B147-5DC062CC71AD}\mpengine.dll
2012-02-29 08:11 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D59B9C63-1A10-4DEB-B351-0ADCFBD9A96F}\mpengine.dll
2012-02-29 07:57 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0C8A9CFE-7877-4339-92D0-5E4CF96F8C08}\mpengine.dll
2012-02-28 23:56 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D7CD9D61-FA85-4C49-93CC-A76D8712F7F6}\mpengine.dll
2012-02-28 21:59 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5090BFD1-7ED8-4E1B-9098-1382A67925DD}\mpengine.dll
2012-02-28 21:38 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{549C054D-A206-4B66-BE1D-ABC58D6873A8}\mpengine.dll
2012-02-28 20:52 . 2012-02-28 20:50 2926592 ----a-w- c:\windows\explorer.exe
2012-02-28 20:43 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{35A8671F-EBBE-43BB-A663-E099D4F49900}\mpengine.dll
2012-02-28 20:38 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF003B98-7079-4DFE-862B-9033C33346A7}\mpengine.dll
2012-02-28 20:06 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{96E5D4AF-50FB-4C6B-BCC0-6569BB925DD4}\mpengine.dll
2012-02-28 08:29 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{450ED12E-9EFB-49EA-826F-D6424E90302D}\mpengine.dll
2012-02-28 08:06 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9408F4C1-F124-4624-856D-AC1711BF1E41}\mpengine.dll
2012-02-27 12:35 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{272EBFBA-92DE-4CA0-B58A-F559BAA32451}\mpengine.dll
2012-02-27 08:06 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6B206E5-AA2F-4689-AF1A-9109FC1904E7}\mpengine.dll
2012-02-26 18:17 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FD5AA80-E688-41FB-A0D0-7ABA34317667}\mpengine.dll
2012-02-26 09:48 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C9DC7A08-6FEE-4F01-942B-5CE2485DAF1F}\mpengine.dll
2012-02-25 10:25 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BEEBC1F2-2A34-4824-81BE-002D2B049A01}\mpengine.dll
2012-02-25 10:08 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1CEA4D3A-3B9C-47EE-A26B-15E0EF860038}\mpengine.dll
2012-02-24 08:29 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C274FE30-6B35-46AC-B661-291B249600A1}\mpengine.dll
2012-02-24 08:05 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{46544C68-C5BD-412C-ABBF-415A4490BC00}\mpengine.dll
2012-02-23 08:27 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{528E1AC4-7911-45F9-9CE3-605796062819}\mpengine.dll
2012-02-23 08:17 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9D557B2-6FDF-4B3A-8930-EEAFFA80A32E}\mpengine.dll
2012-02-22 16:49 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{237127AE-8170-4AB7-8AEF-7F61C73E00F4}\mpengine.dll
2012-02-22 08:09 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{159CE668-93B1-4354-84F5-9EB9BB8137FC}\mpengine.dll
2012-02-22 07:51 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E683AD40-CA27-4EA7-954F-492D941AB205}\mpengine.dll
2012-02-21 20:03 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0DCF6D92-4CE0-41CA-A06A-3EF954EEE8B5}\mpengine.dll
2012-02-21 08:31 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4E71A40-281A-41D9-BC68-47B49C57C667}\mpengine.dll
2012-02-21 07:50 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{33A8F774-84CA-4488-96F8-8C0F6144EDF3}\mpengine.dll
2012-02-20 08:44 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20E21215-05B5-419C-940E-6628DC77B4A6}\mpengine.dll
2012-02-20 08:21 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6C69D46-71E1-485E-9D9B-0FA9C3EAECEB}\mpengine.dll
2012-02-20 08:10 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7113E8C4-2683-4D76-AEFD-659D89625C89}\mpengine.dll
2012-02-19 10:07 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{85586509-34FC-414A-971C-436D5129C843}\mpengine.dll
2012-02-19 09:58 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{139E9C8B-A995-43B1-BCC8-E735CB4BCA03}\mpengine.dll
2012-02-18 10:50 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D152C53-FD14-4CFB-A432-14438B2187B1}\mpengine.dll
2012-02-18 10:40 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7BB84A32-40B5-49D4-B54D-A50580C6A88B}\mpengine.dll
2012-02-17 17:22 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D860D58F-B1BA-4113-B6A4-A60DA3200735}\mpengine.dll
2012-02-17 08:53 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C7C4224-2EB9-41AE-A0B2-48FE3A5B2818}\mpengine.dll
2012-02-17 07:57 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4914DD6C-C582-42AA-99AE-A55EE108CA3A}\mpengine.dll
2012-02-16 15:48 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52D17325-8664-40AF-8410-3747CD5DF4DB}\mpengine.dll
2012-02-16 08:33 . 2011-12-20 10:56 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-02-16 08:33 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-16 08:33 . 2011-12-14 16:38 621056 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 08:33 . 2011-12-14 16:17 680448 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-16 08:33 . 2012-01-12 20:16 2765824 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 08:33 . 2012-01-03 14:25 404992 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 08:23 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2CCF4134-7B63-48BB-8925-19F18C52207A}\mpengine.dll
2012-02-16 08:12 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CDDA02D6-E2B3-44D0-B56F-317F0D44FC31}\mpengine.dll
2012-02-16 08:04 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{04C49318-CAE1-406E-8FE3-4607EC988D80}\mpengine.dll
2012-02-15 07:58 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84D68DC6-7C62-46D7-A25C-6FB9B6485234}\mpengine.dll
2012-02-14 08:49 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7BFFBFD-4BB6-4ED5-8DE2-A6B66FF09278}\mpengine.dll
2012-02-14 08:29 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4F89E71-DEDC-4438-A3B3-921C959FA645}\mpengine.dll
2012-02-13 22:57 . 2012-02-13 22:57 -------- d-----w- c:\program files (x86)\ExamDiff
2012-02-13 09:03 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{047AD267-67CC-4213-947A-0AE1FABF5882}\mpengine.dll
2012-02-13 08:43 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52C31DD2-6138-40CF-BA1E-7F1EE0F2BF22}\mpengine.dll
2012-02-13 08:06 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BA7ED60F-AD44-4597-9F76-8E704E15065A}\mpengine.dll
2012-02-12 22:14 . 2012-02-19 11:24 19416 ----a-w- c:\program files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2012-02-12 22:14 . 2012-02-19 11:24 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-02-12 22:14 . 2012-02-19 11:24 125912 ----a-w- c:\program files (x86)\Mozilla Firefox\crashreporter.exe
2012-02-12 22:14 . 2012-02-12 22:14 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-02-12 22:06 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{99E83F23-4155-41ED-99B8-BE1EBDD88AD5}\mpengine.dll
2012-02-12 10:57 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{29132A83-4393-4AAF-A5C2-2764373F9D76}\mpengine.dll
2012-02-12 09:40 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDD6EC18-3B76-4D4D-9BF7-18B599AF2626}\mpengine.dll
2012-02-11 09:33 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{361263EB-BB85-4A6F-BE7D-B6561237AA85}\mpengine.dll
2012-02-11 09:16 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C43FA902-A75D-403B-8998-19A24ADC2EA6}\mpengine.dll
2012-02-10 18:09 . 2012-02-11 14:37 -------- d-----w- c:\users\USER\AppData\Roaming\WebMoney
2012-02-10 17:29 . 2012-02-10 17:29 -------- d-----w- c:\program files (x86)\WebMoney Agent
2012-02-10 17:28 . 2012-02-10 17:29 -------- d-----w- c:\program files (x86)\WebMoney
2012-02-10 08:03 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{16271D40-9667-4840-8283-3A4C3EE251DF}\mpengine.dll
2012-02-10 07:51 . 2006-11-02 12:34 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B41CF10-D8C7-4D9A-891B-31BC0AD64423}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2009-11-15 16:23 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-21 14:23 . 2010-11-14 08:38 162680 ---ha-w- c:\users\USER\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2011-01-17 02:02 . 2011-01-25 00:14 3514656 ----a-w- c:\program files (x86)\TeamViewer_Setup.exe
2010-04-21 15:56 . 2010-08-21 01:05 109056 ----a-w- c:\program files (x86)\SnapaShot.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-08_21.10.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-15 00:55 . 2012-03-08 20:25 32768 c:\windows\SysWOW64\config\systemprofile\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-15 00:55 . 2012-03-10 12:21 32768 c:\windows\SysWOW64\config\systemprofile\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-15 00:55 . 2012-03-10 12:21 16384 c:\windows\SysWOW64\config\systemprofile\Local Settings\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-15 00:55 . 2012-03-08 20:25 16384 c:\windows\SysWOW64\config\systemprofile\Local Settings\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-15 00:55 . 2012-03-10 12:21 16384 c:\windows\SysWOW64\config\systemprofile\Application Data\Microsoft\Windows\Cookies\index.dat
- 2008-08-15 00:55 . 2012-03-08 20:25 16384 c:\windows\SysWOW64\config\systemprofile\Application Data\Microsoft\Windows\Cookies\index.dat
+ 2008-08-15 00:55 . 2012-03-10 12:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-15 00:55 . 2012-03-08 20:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-15 00:55 . 2012-03-08 20:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\History\History.IE5\index.dat
+ 2008-08-15 00:55 . 2012-03-10 12:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\History\History.IE5\index.dat
+ 2008-08-15 00:55 . 2012-03-10 12:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-15 00:55 . 2012-03-08 20:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-15 00:55 . 2012-03-08 20:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-15 00:55 . 2012-03-10 12:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-15 00:55 . 2012-03-08 20:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-15 00:55 . 2012-03-10 12:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-15 00:55 . 2012-03-08 20:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-15 00:55 . 2012-03-10 12:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-15 00:55 . 2012-03-08 20:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-15 00:55 . 2012-03-10 12:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-08 08:31 . 2012-03-08 08:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-10 12:01 . 2012-03-10 12:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-08 08:31 . 2012-03-08 08:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-10 12:01 . 2012-03-10 12:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-08 20:25 . 2012-03-10 12:21 262144 c:\windows\SysWOW64\config\systemprofile\Application Data\Microsoft\Windows\IETldCache\index.dat
- 2012-03-08 20:25 . 2012-03-08 20:25 262144 c:\windows\SysWOW64\config\systemprofile\Application Data\Microsoft\Windows\IETldCache\index.dat
- 2012-03-08 20:25 . 2012-03-08 20:25 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-03-08 20:25 . 2012-03-10 12:21 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-04-15 22:10 . 2012-03-10 11:04 994736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-04-15 22:10 . 2012-03-07 23:32 994736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-02-12 14:27 . 2012-03-07 23:32 450096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-12 14:27 . 2012-03-10 11:04 450096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-10 10:23 . 2012-03-10 10:23 830976 c:\windows\Installer\88b3a.msi
+ 2011-10-21 23:51 . 2012-03-10 11:04 3378063 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-188522578-2200541752-3931843229-1000-12288.dat
- 2011-10-21 23:51 . 2012-03-07 23:32 3378063 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-188522578-2200541752-3931843229-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files (x86)\Yandex\YandexBarIE\yndbar.dll" [2009-07-24 5586208]
.
[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
@="{80E008A4-EAE7-4867-AEB0-1A245F070F25}"
[HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
2009-08-24 22:14 827392 ----a-w- c:\program files\Perforce\p4exp.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
@="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}"
[HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
2009-08-24 22:14 827392 ----a-w- c:\program files\Perforce\p4exp.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
@="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}"
[HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
2009-08-24 22:14 827392 ----a-w- c:\program files\Perforce\p4exp.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YandexOnline"="c:\program files (x86)\Yandex\Online\online.exe" [2011-10-12 3866952]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Olympus ib"="c:\program files (x86)\Olympus\ib\olycamdetect.exe" [2010-02-04 93376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2008-08-03 36352]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-10-14 149280]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-03-10 202256]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"MDS_Menu"="c:\program files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"wmagent.exe"="c:\program files (x86)\WebMoney Agent\wmagent.exe" [2009-10-19 210400]
.
c:\users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
GoView.lnk - c:\users\USER\AppData\Roaming\Microsoft\Installer\{80FAACB3-635B-4BB0-B74E-E12F620FED98}\_C3AE839B4158555DDA870E.exe [2011-3-27 16958]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
@="{80E008A4-EAE7-4867-AEB0-1A245F070F25}"
[HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
2009-08-24 22:14 986112 ----a-w- c:\program files\Perforce\p4exp64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
@="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}"
[HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
2009-08-24 22:14 986112 ----a-w- c:\program files\Perforce\p4exp64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
@="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}"
[HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
2009-08-24 22:14 986112 ----a-w- c:\program files\Perforce\p4exp64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-30 1216808]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.Google.com
mStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Bar = hxxp://www.google.com/
uSearchAssistant = hxxp://www.Google.com/
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save video on Savevid.com - c:\program files (x86)\Savevid\redirect.htm
Trusted Zone: localhost
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\razyuykm.default\
FF - prefs.js: browser.search.selectedEngine - chrome://browser-region/locale/region.properties
FF - prefs.js: browser.startup.homepage - hxxp://www.yandex.ru/?clid=21979
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{91397D20-1446-11D4-8AF4-0040CA1127B6} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-188522578-2200541752-3931843229-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E6DB8945-7FC9-C98B-E500-EEB8BD8F607F}*]
"iadhboaefngmdadcga"=hex:6a,61,6f,67,69,68,69,6c,6b,67,69,6c,6c,63,6c,66,70,61,
69,6b,00,00
"hanhhepjepoghnpo"=hex:6a,61,6f,67,69,68,69,6c,6b,67,69,6c,6c,63,6c,66,70,61,
69,6b,00,00
"abpibohlgaaalbmhjgdiahnnfacbcmmbhp"=hex:61,61,00,00
"maoiicmcfebdchmoglhfbfbmaj"=hex:61,61,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4812)
c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Perforce\p4exp.dll
.
Completion time: 2012-03-10 14:41:46
ComboFix-quarantined-files.txt 2012-03-10 13:41
ComboFix2.txt 2012-03-08 21:36
.
Pre-Run: 907,251,712 bytes free
Post-Run: 976,662,528 bytes free
.
- - End Of File - - 8E290EE9AFABFBEA97B57F6B7E5711AA

As for the issues, everything remains the same, nothing seems to be fixed. Most often, the Windows Explorer stops working when I delete some files from Recycle Bin. This is definite 100%. Other occasions are random.
__________________
majinsaha is offline   Reply With Quote
Old 03-10-2012, 06:48 AM   #7
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,338
OS: WinXP Home, Vista, Windows 7 64bit



Alright, let's see if we can get to the bottom of this. Please go to here to run the online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked

  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 03-10-2012, 03:31 PM   #8
Registered Member
 
Join Date: Feb 2012
Posts: 15
OS: Vista SP2 x64



This is the output. I hope it doesn't matter that my internet connection was breaking 2-3 times during the scan. Each time it resumed by itself, so I guess it was fine not to restart the process.

C:\Program Files (x86)\Acclaim\Mortal Kombat 4\mk4_trainer_p10.exe probably a variant of Win32/Agent.JSXWSKQ trojan
C:\Program Files (x86)\ICQ7.2\upgrade\2dcd1d63cb45e6613582211c3d5f4b23 Win32/OpenCandy application
C:\users\USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\37db3fe2-495d4f45 Java/TrojanDownloader.Agent.ME trojan
C:\users\USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1afc2624-1657bfde probably a variant of Java/Exploit.CVE-2011-3544.AZ trojan
C:\users\USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1afc2624-1a17a827 probably a variant of Java/Exploit.CVE-2011-3544.AZ trojan
C:\users\USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1afc2624-1e32f99d probably a variant of Java/Exploit.CVE-2011-3544.AZ trojan
C:\users\USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1afc2624-2661d446 probably a variant of Java/Exploit.CVE-2011-3544.AZ trojan
C:\users\USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1afc2624-49f503da probably a variant of Java/Exploit.CVE-2011-3544.AZ trojan
C:\users\USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1afc2624-5c13e473 probably a variant of Java/Exploit.CVE-2011-3544.AZ trojan
C:\users\USER\Downloads\cnet_wgens099a_zip.exe a variant of Win32/InstallCore.D application
C:\users\USER\Downloads\registrybooster.exe Win32/RegistryBooster application
C:\users\USER\Downloads\SoftonicDownloader_for_total-commander.exe a variant of Win32/SoftonicDownloader.C application
__________________
majinsaha is offline   Reply With Quote
Old 03-10-2012, 07:36 PM   #9
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,338
OS: WinXP Home, Vista, Windows 7 64bit



The scan turned out fine, no need to re-do this.

None of those detections are serious nor would they be causing the issue with explorer. We'll take care of those detections in a bit. Right now, I'd like for you to download SystemLook x64 from one of the links below and save it to your desktop.

Download Mirror #1
Download Mirror #2


Double click SystemLook.exe and ok the prompt when Windows asks if you authorize this program.
  • Copy the content of the following codebox into the main textfield:

    Code:
    :filefind
    explorer.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 03-11-2012, 09:29 AM   #10
Registered Member
 
Join Date: Feb 2012
Posts: 15
OS: Vista SP2 x64



This is the log.

SystemLook 30.07.11 by jpshortstuff
Log created at 17:20 on 11/03/2012 by USER
Administrator - Elevation successful
========== filefind ==========
Searching for "explorer.exe"
C:\windows\explorer.exe --a---- 2926592 bytes [20:52 28/02/2012] [20:50 28/02/2012] D07D4C3038F3578FFCE1C0237F2A1253
C:\windows\ERDNT\cache86\explorer.exe --a---- 2926592 bytes [21:17 08/03/2012] [20:50 28/02/2012] D07D4C3038F3578FFCE1C0237F2A1253
C:\windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe --a---- 3079168 bytes [12:55 18/09/2009] [07:10 11/04/2009] 6B08E54A451B3F95E4109DBA7E594270
C:\windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe --a---- 2926592 bytes [12:54 18/09/2009] [06:27 11/04/2009] D07D4C3038F3578FFCE1C0237F2A1253
C:\windows\SysWOW64\explorer.exe --a---- 2926592 bytes [13:11 30/01/2011] [22:27 10/04/2009] D07D4C3038F3578FFCE1C0237F2A1253
C:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe --a---- 3087360 bytes [23:32 28/01/2011] [06:15 29/10/2008] 50514057C28A74BAC2BD04B7B990D615
C:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe --a---- 3086848 bytes [23:32 28/01/2011] [02:30 28/10/2008] 72B9990E45C25AA3C75C4FB50A9D6CE0
C:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe --a---- 3080704 bytes [02:48 21/01/2008] [02:48 21/01/2008] F6D765FB6B457542D954682F50C26E4F
C:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe --a---- 3080704 bytes [23:32 28/01/2011] [06:49 29/10/2008] BBD8E74F23D7605CB0CDB57A1B25D826
C:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe --a---- 3081216 bytes [23:32 28/01/2011] [05:30 30/10/2008] E404A65EF890140410E9F3D405841C95
C:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe --a---- 3079168 bytes [13:11 30/01/2011] [23:10 10/04/2009] 6B08E54A451B3F95E4109DBA7E594270
C:\windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe --a---- 2923520 bytes [14:11 09/01/2009] [06:20 29/10/2008] 37440D09DEAE0B672A04DCCF7ABF06BE
C:\windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe --a---- 2923520 bytes [14:11 09/01/2009] [02:15 28/10/2008] E7156B0B74762D9DE0E66BDCDE06E5FB
C:\windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe --a---- 2927104 bytes [02:49 21/01/2008] [02:49 21/01/2008] FFA764631CB70A30065C12EF8E174F9F
C:\windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe --a---- 2927104 bytes [14:11 09/01/2009] [06:29 29/10/2008] 4F554999D7D5F05DAAEBBA7B5BA1089D
C:\windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe --a---- 2927616 bytes [14:11 09/01/2009] [03:59 30/10/2008] 50BA5850147410CDE89C523AD3BC606E
C:\windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe --a---- 2926592 bytes [13:11 30/01/2011] [22:27 10/04/2009] D07D4C3038F3578FFCE1C0237F2A1253
C:\Windows.Vista2\explorer.exe --a---- 2923520 bytes [08:47 02/11/2006] [09:45 02/11/2006] FD8C53FB002217F6F888BCF6F5D7084D
C:\Windows.Vista2\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe --a---- 2923520 bytes [08:47 02/11/2006] [09:45 02/11/2006] FD8C53FB002217F6F888BCF6F5D7084D
-= EOF =-
__________________
majinsaha is offline   Reply With Quote
Old 03-12-2012, 08:27 PM   #11
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,338
OS: WinXP Home, Vista, Windows 7 64bit



This is the proper explorer.exe. I've spent a lot of time researching your issue and the general consensus for the explorer. exe error code is that it's driver related.

You mentioned that explorer works fine in safe mode, which would then indicate a 3rd party driver that does not load in Safe Mode, but does in Normal Mode.

What's going on with Microsoft 6to4 Adapter? I see hundreds of entries for this device being disabled.
Quote:
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0155
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #144
PNP Device ID: ROOT\*6TO4MP\0155
Service: tunnel
I also do not see an Anti Virus program installed. Did you have an AV when you got infected? If so, which Anti Virus program was it?

In the meantime, let's get one installed immediately. I would recommend Microsoft Security Essentials. It includes Windows Defender, which would resolve the issues you're having downloading updated definitions for it.

Download via the link I gave you above. Install, update definitions, and run a full system scan. Let me know if it found anything.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 03-14-2012, 01:49 PM   #12
Registered Member
 
Join Date: Feb 2012
Posts: 15
OS: Vista SP2 x64



I do not know anything about Microsoft 6to4 Adapter. I have no clue what actually it's responsible for so I cannot answer your question.

I do not remember if I have any AV or not. Probably not.

I will install the one you mentioned and will tell you how it went right away.
__________________
majinsaha is offline   Reply With Quote
Old 03-18-2012, 08:22 AM   #13
Registered Member
 
Join Date: Feb 2012
Posts: 15
OS: Vista SP2 x64



I tried to scan my computer using Microsoft Security Essentials, as you said. It only did partial job and stopped. It says "The program's service has stopped". I tried several times with the same outcome.
Does this have anything to do with those definitions you were talking about? I don't remember doing something resembling updating definitions, in my opinion. Don't know how to do it.
__________________
majinsaha is offline   Reply With Quote
Old 03-19-2012, 05:53 PM   #14
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,338
OS: WinXP Home, Vista, Windows 7 64bit



I don't know why it's doing that. Uninstall MSE and see if you have better luck with Avast Anti Virus program. Download the free version from here http://www.avast.com/eng/download-avast-home.html

Let me know how that works out for you and if it detected anything.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 03-21-2012, 03:34 PM   #15
Registered Member
 
Join Date: Feb 2012
Posts: 15
OS: Vista SP2 x64



How should I uninstall MSE if my Control Panel is almost empty? The folder of MSE has no uninstall files either.
__________________
majinsaha is offline   Reply With Quote
Old 03-22-2012, 06:36 PM   #16
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,338
OS: WinXP Home, Vista, Windows 7 64bit



Sorry, I did forget about that. Download SystemLook 64-bit from one of the links below and save it to your desktop.

Download Mirror #1
Download Mirror #2


Right click SystemLook.exe and run as administrator.
  • Copy the content of the following codebox into the main textfield:

    Code:
    :reg
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\don't load /s
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 03-30-2012, 09:29 AM   #17
Registered Member
 
Join Date: Feb 2012
Posts: 15
OS: Vista SP2 x64



Here is the output:

SystemLook 30.07.11 by jpshortstuff
Log created at 18:28 on 30/03/2012 by USER
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\don't load]
"hdwwiz.cpl"=""
"appwiz.cpl"=""
"ncpa.cpl"=""
"sysdm.cpl"=""
"desk.cpl"=""
"Firewall.cpl"=""
"powercfg.cpl"=""
"infocardcpl.cpl"=""
"bthprops.cpl"=""


-= EOF =-

__________________
majinsaha is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Crashing and Black Screen? Why?
Hi, my laptop has started to crash frequently over the past few weeks and I am running out of ideas to what it could be. It freezes and the screen seems to turn off the laptop still has power and the fan is still running as normal. I turn it off and on again. The problem sometimes happens...
InhumanSigma Laptop Support 9 08-31-2012 06:11 PM
[SOLVED] Ultimate control over home network
Hi, I wish to start a bit of a discussion here and I will have tons of questions! I am looking forward to setting up an ADVANCED* network at home (computer controlled rather then router controlled). Currently I have a Virgin Media (UK) modem cabled to an MSI wireless router. My PC is...
jerry486 Networking Support 10 06-07-2012 06:56 AM
Help get me back to Windows 7!!!
I've been trying since yesterday to find a safe way to go back to Windows 7 after installing this consumer preview. After losing interest in Windows 8, I thought I could just jump back to Windows 7 but that isn't the case. I never backed up my harddrive, however my files are still intact. I have...
The good Doctor Windows 8 Support 13 03-13-2012 09:39 AM
Long to time boot programs and blue screen of death
Hello all. Can someone please help. I have a dell Optiplex 360 running XP professional with SP3. It is taking any where from 5 to 10 minutes to boot and when I try to run a program it takes just as long to get it running. I have gotten the blue screen of death 3 or 4 times in the last few...
juanvelasco Windows XP Support 12 03-10-2012 05:06 PM
Copy, cut and paste not working (Office 2003)
I've tried disabling smart cut and paste, restarting and disabling clipbook, even reinstalled office 2003 standard. The issue still persists. Has anyone run into this before? It stopped being an issue when I initially reinstalled office 2003. However, since then the problem has re-emerged for...
Thrillhouse Microsoft Office support 2 03-01-2012 12:54 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 06:34 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts