Osborne
-
Posts
25 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Osborne
-
Everything is up to date adobe global didn't find any new updates
-
Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG Anti-Virus Free Edition 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Java 6 Update 37 Java version out of Date! Adobe Flash Player 11.4.402.287 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Spybot Teatimer.exe is disabled! AVG avgwdsvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
-
C:\ProgramData\Microsoft\Windows\DRM\3D5D.tmp.dat a variant of Win32/Kryptik.AOHY trojan C:\ProgramData\Microsoft\Windows\DRM\4AFA.tmp.dat a variant of Win32/Kryptik.AOHY trojan C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric8.zip Win32/Bagle.gen.zip worm C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\3D9E.tmp.vir a variant of Win32/Kryptik.AOHY trojan C:\TDSSKiller_Quarantine\19.11.2012_20.41.41\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan C:\TDSSKiller_Quarantine\19.11.2012_20.41.41\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan C:\TDSSKiller_Quarantine\19.11.2012_20.41.41\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.PR trojan C:\TDSSKiller_Quarantine\19.11.2012_20.41.41\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan C:\TDSSKiller_Quarantine\19.11.2012_20.41.41\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan C:\TDSSKiller_Quarantine\19.11.2012_20.41.41\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan C:\Users\All Users\Microsoft\Windows\DRM\3D5D.tmp.dat a variant of Win32/Kryptik.AOHY trojan C:\Users\All Users\Microsoft\Windows\DRM\4AFA.tmp.dat a variant of Win32/Kryptik.AOHY trojan C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric8.zip Win32/Bagle.gen.zip worm
-
Computer looks to be working well, eset showed a bunch of things when it was up, 29 files, not sure what those were.
-
this is all that was in the log file ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK
-
All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Tori ->Temp folder emptied: 277470 bytes ->Temporary Internet Files folder emptied: 3891070 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 506 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 48240684 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 50.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11252012_094205 Files\Folders moved on Reboot... C:\Users\Tori\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Users\Tori\AppData\Local\Temp\~DF0833C54F19DF44DF.TMP not found! File\Folder C:\Users\Tori\AppData\Local\Temp\~DF448521B2AB196B74.TMP not found! File\Folder C:\Users\Tori\AppData\Local\Temp\~DF4983D57CD1A4C179.TMP not found! File\Folder C:\Users\Tori\AppData\Local\Temp\~DF751A6C17379F6BCC.TMP not found! File\Folder C:\Users\Tori\AppData\Local\Temp\~DFA3576DE00665146B.TMP not found! File\Folder C:\Users\Tori\AppData\Local\Temp\~DFBCD02F5DBE94A3E1.TMP not found! C:\Users\Tori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UN5JHPZ6\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully. C:\Users\Tori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PC6IVYPF\index[2].htm moved successfully. C:\Users\Tori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B0DM0TK3\fastbutton[1].htm moved successfully. C:\Users\Tori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. C:\Users\Tori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...
-
Niether of these is showing in my remove programs for control panel so I am going ahead with the OTL fix
-
OTL logfile created on: 11/24/2012 7:17:02 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tori\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.75 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 58.27% Memory free 5.49 Gb Paging File | 4.06 Gb Available in Paging File | 73.92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 281.57 Gb Total Space | 230.08 Gb Free Space | 81.72% Space Free | Partition Type: NTFS Drive D: | 16.23 Gb Total Space | 2.34 Gb Free Space | 14.43% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: TORI-HP | User Name: Tori | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/11/24 09:16:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tori\Desktop\OTL.exe PRC - [2012/11/23 21:06:20 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2012/11/08 18:41:39 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2010/11/09 14:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2010/11/09 14:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== MOD - [2012/11/23 21:06:20 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe MOD - [2012/11/08 18:41:39 | 000,566,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll MOD - [2012/11/08 18:41:39 | 000,134,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll MOD - [2010/05/19 11:05:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2010/05/19 11:05:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll MOD - [2010/05/19 11:05:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ========== Services (SafeList) ========== SRV:64bit: - [2010/06/18 17:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV:64bit: - [2010/06/17 10:59:38 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/04/19 19:55:18 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService) SRV:64bit: - [2009/11/17 20:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/11/08 18:41:39 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0) SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/10/22 18:42:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2010/11/09 14:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/11/08 18:41:39 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012/10/05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2012/10/02 02:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012/09/21 02:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012/09/21 02:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2012/09/14 02:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/01/29 15:09:13 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011/04/26 17:10:41 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/06/17 11:07:42 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010/06/17 10:10:34 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/03/22 19:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/12/22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009/10/07 20:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/10/07 20:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/08/23 19:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 14:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {A8B0415E-8C0A-42D5-97C9-FCD94BF2E779} IE:64bit: - HKLM\..\SearchScopes\{27DE9F63-90CD-4BF7-B1F3-05DCC587CA00}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{A8B0415E-8C0A-42D5-97C9-FCD94BF2E779}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{DA70C85E-04DA-4636-8B11-8FCF248E78BA}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{FAA5CC0F-6B12-485F-945A-F4FB9ECD570B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{27DE9F63-90CD-4BF7-B1F3-05DCC587CA00}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{A8B0415E-8C0A-42D5-97C9-FCD94BF2E779}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3247201 IE - HKLM\..\SearchScopes\{DA70C85E-04DA-4636-8B11-8FCF248E78BA}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{FAA5CC0F-6B12-485F-945A-F4FB9ECD570B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\..\URLSearchHook: {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {C3B83978-82ED-403B-82FB-6BEC1FB8D718} IE - HKCU\..\SearchScopes\{27DE9F63-90CD-4BF7-B1F3-05DCC587CA00}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKCU\..\SearchScopes\{A8B0415E-8C0A-42D5-97C9-FCD94BF2E779}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3247201 IE - HKCU\..\SearchScopes\{C3B83978-82ED-403B-82FB-6BEC1FB8D718}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{DA70C85E-04DA-4636-8B11-8FCF248E78BA}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{FAA5CC0F-6B12-485F-945A-F4FB9ECD570B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/23 21:07:03 | 000,000,000 | ---D | M] [2012/06/23 17:50:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/04/28 15:45:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/05/05 20:06:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe () O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (PopCapLoader Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D04A0FC-3742-4DD7-99AD-8C633B5A0934}: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDDF71EF-4778-448D-BC06-80DF65B3A25E}: DhcpNameServer = 75.75.75.75 75.75.76.76 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/11/24 09:18:52 | 000,000,000 | ---D | C] -- C:\_OTL [2012/11/24 09:16:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tori\Desktop\OTL.exe [2012/11/23 21:42:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/11/23 21:38:54 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012/11/23 21:38:54 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012/11/23 21:38:54 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012/11/23 21:16:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012/11/23 21:07:30 | 000,000,000 | ---D | C] -- C:\Users\Tori\AppData\Local\AVG Secure Search [2012/11/22 13:20:28 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/11/20 06:30:17 | 000,000,000 | ---D | C] -- C:\Users\Tori\Desktop\tdsskiller [2012/11/20 06:08:26 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/11/20 06:08:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/11/19 22:15:43 | 000,000,000 | ---D | C] -- C:\Users\Tori\AppData\Roaming\Malwarebytes [2012/11/19 22:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/11/19 22:15:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/11/19 21:53:48 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012/11/19 21:13:26 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\32836484.sys [2012/11/19 20:44:34 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/11/19 19:10:47 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe [2012/11/19 18:53:12 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012/11/19 18:53:12 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012/11/08 20:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012/11/08 20:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012/11/08 20:02:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012/11/08 19:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2012/11/08 19:56:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2012/11/08 19:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InternetHelper1.5 [2012/11/08 18:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012/10/29 12:11:33 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012/10/29 12:00:01 | 000,000,000 | ---D | C] -- C:\Windows\Minidump ========== Files - Modified Within 30 Days ========== [2012/11/24 19:22:07 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/24 19:22:06 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/24 19:14:36 | 000,425,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/11/24 19:14:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/24 19:13:23 | 2210,582,528 | -HS- | M] () -- C:\hiberfil.sys [2012/11/24 19:12:10 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTori.job [2012/11/24 19:11:58 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/11/24 09:44:58 | 000,740,814 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/11/24 09:44:58 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/11/24 09:44:58 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/11/24 09:16:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tori\Desktop\OTL.exe [2012/11/20 06:37:53 | 000,059,147 | ---- | M] () -- C:\Users\Tori\Desktop\tdsskillerlog.zip [2012/11/19 21:13:26 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\32836484.sys [2012/11/19 20:27:56 | 002,195,061 | ---- | M] () -- C:\Users\Tori\Desktop\tdsskiller.zip [2012/11/19 19:13:00 | 245,366,635 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/11/19 19:02:47 | 000,000,133 | ---- | M] () -- C:\Windows\wininit.ini [2012/11/08 20:02:39 | 000,001,242 | ---- | M] () -- C:\Users\Tori\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2012/11/08 20:02:39 | 000,001,218 | ---- | M] () -- C:\Users\Tori\Desktop\Spybot - Search & Destroy.lnk [2012/11/08 19:56:32 | 000,000,009 | ---- | M] () -- C:\END [2012/11/08 18:49:28 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012/11/08 18:41:39 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys ========== Files Created - No Company Name ========== [2012/11/20 06:37:53 | 000,059,147 | ---- | C] () -- C:\Users\Tori\Desktop\tdsskillerlog.zip [2012/11/20 06:29:59 | 002,195,061 | ---- | C] () -- C:\Users\Tori\Desktop\tdsskiller.zip [2012/11/19 18:26:14 | 000,000,133 | ---- | C] () -- C:\Windows\wininit.ini [2012/11/08 20:02:39 | 000,001,242 | ---- | C] () -- C:\Users\Tori\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2012/11/08 20:02:39 | 000,001,218 | ---- | C] () -- C:\Users\Tori\Desktop\Spybot - Search & Destroy.lnk [2012/11/08 19:56:32 | 000,000,009 | ---- | C] () -- C:\END [2012/11/05 18:57:06 | 245,366,635 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011/10/02 17:49:23 | 000,001,854 | ---- | C] () -- C:\Users\Tori\AppData\Roaming\GhostObjGAFix.xml ========== ZeroAccess Check ========== [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report >
-
All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 402 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Tori ->Temp folder emptied: 16027337 bytes ->Temporary Internet Files folder emptied: 159191783 bytes ->Java cache emptied: 121453223 bytes ->Flash cache emptied: 506 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 14873308 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 297.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11242012_091852 Files\Folders moved on Reboot... C:\Users\Tori\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Users\Tori\AppData\Local\Temp\~DF3CB14A816DE59A05.TMP not found! File\Folder C:\Users\Tori\AppData\Local\Temp\~DF609B28502E5FC1E7.TMP not found! File\Folder C:\Users\Tori\AppData\Local\Temp\~DF8B97EB5F5D57F59C.TMP not found! File\Folder C:\Users\Tori\AppData\Local\Temp\~DF9870E9BBBF0E8CDB.TMP not found! File\Folder C:\Users\Tori\AppData\Local\Temp\~DFB10E5A5979265E93.TMP not found! File\Folder C:\Users\Tori\AppData\Local\Temp\~DFDF0CD20025D01F69.TMP not found! C:\Users\Tori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CVQDQYSV\index[2].htm moved successfully. C:\Users\Tori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CVQDQYSV\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully. C:\Users\Tori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\99R4INPC\fastbutton[2].htm moved successfully. C:\Users\Tori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. C:\Users\Tori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Not sure I ran this correctly. Internet is working properly from what I can tell and this thing seems to be in working order in other area's too.
-
restored to before combofix was run, internet is back up
-
Internet is non existant at the moment, I am recieving the error Windows could not automatically detect this network's proxy settings
-
OTL Extras logfile created on: 11/22/2012 9:28:53 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tori\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.75 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 56.61% Memory free 5.49 Gb Paging File | 3.96 Gb Available in Paging File | 72.07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 281.57 Gb Total Space | 225.15 Gb Free Space | 79.96% Space Free | Partition Type: NTFS Drive D: | 16.23 Gb Total Space | 2.34 Gb Free Space | 14.43% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive F: | 1.92 Gb Total Space | 1.21 Gb Free Space | 63.19% Space Free | Partition Type: FAT Computer Name: TORI-HP | User Name: Tori | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0405261C-D4F2-4233-A20F-F78842AEB7BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{465E45A9-78B2-440B-AB01-64A16017C52A}" = lport=2869 | protocol=6 | dir=in | app=system | "{4DA4FEA8-89D1-4FA7-B5D1-A7D793683367}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09804204-2350-455E-86DC-2FAA82565AA0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{0D1D17AF-A0BD-41DE-A747-B47D143132BA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{10E64BF6-71FE-4B92-BFF4-128D348F8903}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{29D7BF1B-6E51-452C-B760-2F529145FCFA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{3622B9D8-8BE5-4CEA-B5A8-70DF4CA3C71A}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe | "{36566958-5B85-4E0F-A545-EDD7D13D7B36}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | "{3960F17E-4C32-4587-94E9-F7BBB885237E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{3ACD984F-FF22-4A55-83BF-D55CBF8E37CE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{3B2B585F-746C-4F32-A938-1EC841F40276}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{62AFAE04-0262-417D-BE45-436B8B57D8A3}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe | "{66BDCFEF-B14F-40AD-B98D-F3A79712D708}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | "{74220436-65C2-4CB8-A07E-FB15FA235E41}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{777BD7A2-107F-4D48-AF0F-67F8280C605D}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe | "{80391900-E59E-4645-8428-36B7FA4F9EA0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{82A12316-05E6-4075-9DAD-62E741E346A1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{A6D8843F-8BC7-43BA-B373-7BC80949A258}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | "{B44A67AB-1BDB-4520-AB43-326887598381}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | "{B57D7162-888C-473E-A8CB-99388F02B878}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe | "{CBAF7CD0-30AE-4578-98BF-27B55BF377EF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{CF60C60C-A593-438A-AB5D-CD1C03E59910}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{D649C596-E7E7-4BC0-83AC-9C44BBECCA75}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{E6534443-29CF-4DAE-8DAC-94CF5F16A975}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{F22F0AE4-879F-4B1F-92F7-2FE8A5CA706D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{FC9B6BDA-0138-45F3-A938-A7F6C13A0D50}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java 6 Update 20 (64-bit) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B305FB9-297D-4F86-BC8B-740E7A1EF200}" = AVG 2013 "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant "{BB0CAB96-2EDE-4DDF-B6F3-AEE02C0F1CA4}" = AVG 2013 "{C01AE65A-8874-3A33-BE03-23F8516A0350}" = ccc-utility64 "{ECD0D4B5-FFA9-6E1B-A08D-58E82EA5EEB9}" = ATI Catalyst Install Manager "{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}" = RtVOsd "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "AVG" = AVG 2013 "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0190D9DE-6D57-7727-861E-D4BEA111D86B}" = Catalyst Control Center Core Implementation "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0A785656-433A-0575-8C5D-A8EAE05329CA}" = CCC Help Thai "{0AD77FFC-874E-9AAE-6A76-549DFEB17849}" = CCC Help Polish "{0CD58F4F-B339-4B81-FAD4-2BF9E3590F60}" = CCC Help Czech "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0 "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{1A47631D-8875-7993-476D-130C5D41D101}" = CCC Help Spanish "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java 6 Update 32 "{28749552-9DBD-1D10-A894-6079282C941F}" = CCC Help German "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{30F4D459-824A-498C-826C-7721B777207F}" = Catalyst Control Center - Branding "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{32BA2A6E-6C61-0347-8958-7B2113982A55}" = CCC Help Portuguese "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7 "{3C66EECF-8143-55D4-774A-309A59230A92}" = Catalyst Control Center Graphics Full Existing "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager "{54372041-9715-DE87-F84E-B0995D7567C6}" = CCC Help Chinese Traditional "{5D6A4F95-49B5-0FC4-81CF-18176000B235}" = Catalyst Control Center Graphics Full New "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager "{6D3650CA-7104-5DF0-E7EC-290CEC529AF8}" = CCC Help Korean "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0 "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup "{76B344A5-F756-0107-3559-1D97F9B316DC}" = CCC Help Norwegian "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7C36414C-DC87-4943-A525-BC1717BA17C9}" = HP Documentation "{7CA09975-C4BE-469D-E45F-E47E9391106B}" = CCC Help Dutch "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{81ADC365-6BA4-E757-81DA-BC9DC12DD291}" = Catalyst Control Center InstallProxy "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8FA97A48-D942-AE67-D901-7C4136CC9DFD}" = CCC Help Danish "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{920E9471-FF68-680F-537C-F21777E53D31}" = CCC Help Turkish "{97174E88-52F9-445A-A28E-704A45332D19}" = HP Software Framework "{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5 "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A4E828B6-FE61-E279-A174-F5323931400B}" = CCC Help Finnish "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B6BEB695-166D-E268-8AA2-A243F615D0BA}" = CCC Help Japanese "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo "{C21A705D-D992-204F-8A2A-C31F490F502F}" = CCC Help Greek "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CAA10DB8-E20C-9192-38F9-1F5399EA2DB7}" = CCC Help Italian "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CD184A27-1174-E497-189A-0CA5DB56BC97}" = CCC Help Chinese Standard "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D3A451EE-219D-F373-5152-8C4760278628}" = Catalyst Control Center Graphics Light "{D5959B62-9515-8DC9-ED0B-1680210AAC3E}" = CCC Help English "{DA9481F2-D8A1-CC1D-4A8E-22854E60C6EB}" = Catalyst Control Center Localization All "{DE2B9A3D-976F-BE70-7557-52EE82BAB1C6}" = CCC Help French "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{E9F950D9-A469-644E-3977-31F2963AEE23}" = CCC Help Swedish "{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch "{ED6CEC68-1D49-5BCB-57B4-CD128E242356}" = CCC Help Hungarian "{EDE97402-4A1F-2D15-FDB4-5620C57A9BA5}" = Catalyst Control Center Graphics Previews Common "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F08A7C44-17FC-ED74-831E-5BCA9D5B77AD}" = ccc-core-static "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F1224610-A17E-4E65-560A-D56B963D650D}" = CCC Help Russian "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F7C81FF0-8624-8C6E-D28D-CF68DFE7AE8C}" = Catalyst Control Center Graphics Previews Vista "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "HP Photo Creations" = HP Photo Creations "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "Office14.SingleImage" = Microsoft Office Home and Student 2010 "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10/29/2012 6:30:57 PM | Computer Name = Tori-HP | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000420 Fault offset: 0x00013ce2 Faulting process id: 0xa84 Faulting application start time: 0x01cdb601acc85b05 Faulting application path: \\.\globalroot\systemroot\svchost.exe Faulting module path: unknown Report Id: 4e98d8d5-2218-11e2-8342-60eb695e33d6 Error - 10/29/2012 8:12:57 PM | Computer Name = Tori-HP | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 8.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 384 Start Time: 01cdb632c67758e9 Termination Time: 47 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: 86e04ccd-2226-11e2-a2d0-60eb695e33d6 Error - 10/29/2012 8:21:29 PM | Computer Name = Tori-HP | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5 Faulting module name: mshtml.dll, version: 8.0.7601.17940, time stamp: 0x5037b0d7 Exception code: 0xc0000005 Fault offset: 0x001faf9c Faulting process id: 0x6a0 Faulting application start time: 0x01cdb626d2dbf875 Faulting application path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\mshtml.dll Report Id: bf832081-2227-11e2-a2d0-60eb695e33d6 Error - 10/30/2012 8:23:34 PM | Computer Name = Tori-HP | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5 Faulting module name: mshtml.dll, version: 8.0.7601.17940, time stamp: 0x5037b0d7 Exception code: 0xc0000005 Fault offset: 0x00209661 Faulting process id: 0xfb4 Faulting application start time: 0x01cdb6fc39cbc239 Faulting application path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\mshtml.dll Report Id: 3480163a-22f1-11e2-a80f-60eb695e33d6 Error - 10/30/2012 8:30:31 PM | Computer Name = Tori-HP | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5 Faulting module name: mshtml.dll, version: 8.0.7601.17940, time stamp: 0x5037b0d7 Exception code: 0xc0000005 Fault offset: 0x001faf9c Faulting process id: 0x83c Faulting application start time: 0x01cdb6fe3169f72a Faulting application path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\mshtml.dll Report Id: 2cf99031-22f2-11e2-a80f-60eb695e33d6 Error - 10/30/2012 8:42:58 PM | Computer Name = Tori-HP | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002e3be Faulting process id: 0x16f4 Faulting application start time: 0x01cdb6ff09d8c6b9 Faulting application path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: e9fce34c-22f3-11e2-a80f-60eb695e33d6 Error - 10/30/2012 8:57:47 PM | Computer Name = Tori-HP | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x00032949 Faulting process id: 0x48c Faulting application start time: 0x01cdb700e12127d8 Faulting application path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: fc294f22-22f5-11e2-a80f-60eb695e33d6 Error - 10/30/2012 9:09:11 PM | Computer Name = Tori-HP | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5 Faulting module name: mshtml.dll, version: 8.0.7601.17940, time stamp: 0x5037b0d7 Exception code: 0xc0000005 Fault offset: 0x001faf9c Faulting process id: 0xf10 Faulting application start time: 0x01cdb702cfb941f8 Faulting application path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\mshtml.dll Report Id: 93df9ab4-22f7-11e2-a80f-60eb695e33d6 Error - 10/30/2012 9:54:37 PM | Computer Name = Tori-HP | Source = Application Error | ID = 1000 Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912 Faulting module name: mshtml.dll, version: 8.0.7601.17940, time stamp: 0x5037b0d7 Exception code: 0xc0000005 Fault offset: 0x001d4226 Faulting process id: 0xd38 Faulting application start time: 0x01cdb6fc242bb11c Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SysWOW64\mshtml.dll Report Id: ecb38817-22fd-11e2-a80f-60eb695e33d6 Error - 10/31/2012 7:19:26 PM | Computer Name = Tori-HP | Source = Application Error | ID = 1000 Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912 Faulting module name: mshtml.dll, version: 8.0.7601.17940, time stamp: 0x5037b0d7 Exception code: 0xc0000005 Fault offset: 0x001d4226 Faulting process id: 0xeb4 Faulting application start time: 0x01cdb7bd7fcff57d Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SysWOW64\mshtml.dll Report Id: 69526a34-23b1-11e2-8166-60eb695e33d6 [ Hewlett-Packard Events ] Error - 9/16/2012 4:46:11 PM | Computer Name = Tori-HP | Source = HPSF.exe | ID = 4000 Description = Error - 9/16/2012 4:46:26 PM | Computer Name = Tori-HP | Source = HPSF.exe | ID = 4000 Description = Error - 9/16/2012 4:46:37 PM | Computer Name = Tori-HP | Source = HPSF.exe | ID = 4000 Description = Error - 9/30/2012 6:01:55 PM | Computer Name = Tori-HP | Source = HPSF.exe | ID = 4000 Description = Error - 10/14/2012 6:56:04 PM | Computer Name = Tori-HP | Source = HPSF.exe | ID = 4000 Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Exception rethrown at [0] Message: The server did not provide a meaningful reply; this might be caused by a contract mismatch, a premature session shutdown or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer() at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 2810 Ram Utilization: 40 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage) Error - 10/14/2012 6:56:07 PM | Computer Name = Tori-HP | Source = hpsa_service.exe | ID = 2000 Description = Error - 10/28/2012 5:15:57 PM | Computer Name = Tori-HP | Source = HPSF.exe | ID = 4000 Description = Error - 10/28/2012 5:24:40 PM | Computer Name = Tori-HP | Source = HPSF.exe | ID = 4000 Description = Error - 11/11/2012 7:47:18 PM | Computer Name = Tori-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: en-US RAM: 2810 Ram Utilization: 30 TargetSite: Void UpdateAndDetect() Error - 11/13/2012 7:43:09 PM | Computer Name = Tori-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: en-US RAM: 2810 Ram Utilization: TargetSite: Void UpdateAndDetect() [ HP Wireless Assistant Events ] Error - 12/20/2010 6:40:23 PM | Computer Name = Tori-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException The RPC server is unavailable. (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 12/20/2010 6:40:29 PM | Computer Name = Tori-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException The RPC server is unavailable. (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 12/20/2010 6:40:34 PM | Computer Name = Tori-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException The RPC server is unavailable. (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 12/20/2010 6:40:39 PM | Computer Name = Tori-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException The RPC server is unavailable. (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 9/11/2011 7:25:04 PM | Computer Name = Tori-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize() at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at HPPA_Service.CurrentConfiguration.ApplyFriendlyNames() at HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 1/15/2012 3:44:30 PM | Computer Name = Tori-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize() at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName) at HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1 radios) at HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 6/24/2012 12:52:36 PM | Computer Name = Tori-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize() at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at HPPA_Service.CurrentConfiguration.ApplyFriendlyNames() at HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 10/3/2012 7:02:24 PM | Computer Name = Tori-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize() at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at HPPA_Service.CurrentConfiguration.ApplyFriendlyNames() at HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 11/5/2012 8:46:34 PM | Computer Name = Tori-HP | Source = HP WA Application | ID = 0 Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup; failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object sender, StartupEventArgs args) Error - 11/5/2012 8:46:38 PM | Computer Name = Tori-HP | Source = HP WA Application | ID = 0 Description = MainWindow.ShowImpl; not initialized, closing application... [ System Events ] Error - 11/22/2012 3:14:19 PM | Computer Name = Tori-HP | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 11/22/2012 3:15:27 PM | Computer Name = Tori-HP | Source = Service Control Manager | ID = 7006 Description = The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error - 11/22/2012 3:15:36 PM | Computer Name = Tori-HP | Source = Service Control Manager | ID = 7006 Description = The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error - 11/22/2012 3:17:37 PM | Computer Name = Tori-HP | Source = Service Control Manager | ID = 7000 Description = The HP Support Assistant Service service failed to start due to the following error: %%31 Error - 11/22/2012 3:17:37 PM | Computer Name = Tori-HP | Source = Service Control Manager | ID = 7000 Description = The HP Wireless Assistant Service service failed to start due to the following error: %%31 Error - 11/22/2012 3:17:37 PM | Computer Name = Tori-HP | Source = Service Control Manager | ID = 7000 Description = The RtVOsdService Installer service failed to start due to the following error: %%31 Error - 11/22/2012 3:37:02 PM | Computer Name = Tori-HP | Source = Service Control Manager | ID = 7006 Description = The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error - 11/22/2012 3:38:04 PM | Computer Name = Tori-HP | Source = Service Control Manager | ID = 7006 Description = The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error - 11/22/2012 3:38:13 PM | Computer Name = Tori-HP | Source = Service Control Manager | ID = 7006 Description = The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error - 11/22/2012 11:25:00 PM | Computer Name = Tori-HP | Source = Service Control Manager | ID = 7001 Description = The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: %%1058 < End of report >
-
OTL logfile created on: 11/22/2012 9:28:53 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tori\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.75 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 56.61% Memory free 5.49 Gb Paging File | 3.96 Gb Available in Paging File | 72.07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 281.57 Gb Total Space | 225.15 Gb Free Space | 79.96% Space Free | Partition Type: NTFS Drive D: | 16.23 Gb Total Space | 2.34 Gb Free Space | 14.43% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive F: | 1.92 Gb Total Space | 1.21 Gb Free Space | 63.19% Space Free | Partition Type: FAT Computer Name: TORI-HP | User Name: Tori | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/11/22 21:26:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tori\Desktop\OTL.exe PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2010/11/09 14:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2010/11/09 14:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== MOD - [2010/05/19 11:05:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2010/05/19 11:05:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll MOD - [2010/05/19 11:05:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ========== Services (SafeList) ========== SRV:64bit: - [2010/06/18 17:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV:64bit: - [2010/06/17 10:59:38 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/04/19 19:55:18 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService) SRV:64bit: - [2009/11/17 20:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/10/22 18:42:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2010/11/09 14:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012/10/05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2012/10/02 02:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012/09/21 02:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012/09/21 02:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2012/09/14 02:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/01/29 15:09:13 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011/04/26 17:10:41 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/06/17 11:07:42 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010/06/17 10:10:34 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/03/22 19:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/12/22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009/10/07 20:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/10/07 20:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/08/23 19:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 14:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{27DE9F63-90CD-4BF7-B1F3-05DCC587CA00}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{A8B0415E-8C0A-42D5-97C9-FCD94BF2E779}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{DA70C85E-04DA-4636-8B11-8FCF248E78BA}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{FAA5CC0F-6B12-485F-945A-F4FB9ECD570B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{27DE9F63-90CD-4BF7-B1F3-05DCC587CA00}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{A8B0415E-8C0A-42D5-97C9-FCD94BF2E779}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{DA70C85E-04DA-4636-8B11-8FCF248E78BA}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{FAA5CC0F-6B12-485F-945A-F4FB9ECD570B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\..\SearchScopes,DefaultScope = {C3B83978-82ED-403B-82FB-6BEC1FB8D718} IE - HKCU\..\SearchScopes\{27DE9F63-90CD-4BF7-B1F3-05DCC587CA00}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKCU\..\SearchScopes\{C3B83978-82ED-403B-82FB-6BEC1FB8D718}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{DA70C85E-04DA-4636-8B11-8FCF248E78BA}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{FAA5CC0F-6B12-485F-945A-F4FB9ECD570B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2012/06/23 17:50:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/04/28 15:45:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/05/05 20:06:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} O1 HOSTS File: ([2012/11/22 13:15:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (PopCapLoader Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D04A0FC-3742-4DD7-99AD-8C633B5A0934}: DhcpNameServer = 10.107.128.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDDF71EF-4778-448D-BC06-80DF65B3A25E}: DhcpNameServer = 75.75.75.75 75.75.76.76 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/11/22 21:26:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tori\Desktop\OTL.exe [2012/11/22 13:36:40 | 019,637,880 | ---- | C] (Mozilla) -- C:\Users\Tori\Desktop\Firefox Setup 17.0.exe [2012/11/22 13:20:28 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/11/22 13:15:55 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012/11/20 06:30:35 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\04695815.sys [2012/11/20 06:30:17 | 000,000,000 | ---D | C] -- C:\Users\Tori\Desktop\tdsskiller [2012/11/20 06:08:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/11/20 06:08:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/11/20 06:08:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/11/20 06:08:26 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/11/20 06:08:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/11/20 06:06:15 | 005,004,421 | R--- | C] (Swearware) -- C:\Users\Tori\Desktop\ComboFix.exe [2012/11/19 22:16:32 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Tori\Desktop\dds.scr [2012/11/19 22:15:43 | 000,000,000 | ---D | C] -- C:\Users\Tori\AppData\Roaming\Malwarebytes [2012/11/19 22:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/11/19 22:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/11/19 22:15:29 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/11/19 22:15:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/11/19 21:53:48 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012/11/19 21:13:26 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\32836484.sys [2012/11/19 20:44:34 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/11/19 18:53:12 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012/11/19 18:53:12 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012/11/08 20:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012/11/08 20:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012/11/08 20:02:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012/11/08 19:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InternetHelper1.5 [2012/11/08 18:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012/10/29 12:11:33 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012/10/29 12:00:01 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012/10/24 17:04:23 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012/10/24 17:04:12 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/10/24 17:04:11 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012/10/24 17:04:11 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012/10/24 17:02:10 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012/10/24 17:02:09 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll ========== Files - Modified Within 30 Days ========== [2012/11/22 21:26:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tori\Desktop\OTL.exe [2012/11/22 21:25:20 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTori.job [2012/11/22 21:25:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/22 21:25:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/11/22 15:13:25 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/22 15:13:25 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/22 13:37:55 | 2210,582,528 | -HS- | M] () -- C:\hiberfil.sys [2012/11/22 13:35:14 | 019,637,880 | ---- | M] (Mozilla) -- C:\Users\Tori\Desktop\Firefox Setup 17.0.exe [2012/11/22 13:33:58 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/11/22 13:33:58 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/11/22 13:33:58 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/11/22 13:15:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/11/20 06:37:53 | 000,059,147 | ---- | M] () -- C:\Users\Tori\Desktop\tdsskillerlog.zip [2012/11/20 06:30:35 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\04695815.sys [2012/11/20 06:22:22 | 000,543,531 | ---- | M] () -- C:\Users\Tori\Desktop\adwcleaner.exe [2012/11/20 06:06:19 | 005,004,421 | R--- | M] (Swearware) -- C:\Users\Tori\Desktop\ComboFix.exe [2012/11/19 22:26:25 | 000,425,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/11/19 22:16:38 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Tori\Desktop\dds.scr [2012/11/19 22:15:31 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/19 21:13:26 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\32836484.sys [2012/11/19 20:27:56 | 002,195,061 | ---- | M] () -- C:\Users\Tori\Desktop\tdsskiller.zip [2012/11/19 19:13:00 | 245,366,635 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/11/19 19:02:47 | 000,000,133 | ---- | M] () -- C:\Windows\wininit.ini [2012/11/08 20:02:39 | 000,001,242 | ---- | M] () -- C:\Users\Tori\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2012/11/08 20:02:39 | 000,001,218 | ---- | M] () -- C:\Users\Tori\Desktop\Spybot - Search & Destroy.lnk [2012/11/08 19:56:32 | 000,000,009 | ---- | M] () -- C:\END [2012/11/08 18:49:28 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk ========== Files Created - No Company Name ========== [2012/11/20 06:37:53 | 000,059,147 | ---- | C] () -- C:\Users\Tori\Desktop\tdsskillerlog.zip [2012/11/20 06:29:59 | 002,195,061 | ---- | C] () -- C:\Users\Tori\Desktop\tdsskiller.zip [2012/11/20 06:22:22 | 000,543,531 | ---- | C] () -- C:\Users\Tori\Desktop\adwcleaner.exe [2012/11/20 06:08:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/11/20 06:08:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/11/20 06:08:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/11/20 06:08:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/11/20 06:08:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/11/19 22:15:31 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/19 18:26:14 | 000,000,133 | ---- | C] () -- C:\Windows\wininit.ini [2012/11/08 20:02:39 | 000,001,242 | ---- | C] () -- C:\Users\Tori\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2012/11/08 20:02:39 | 000,001,218 | ---- | C] () -- C:\Users\Tori\Desktop\Spybot - Search & Destroy.lnk [2012/11/08 19:56:32 | 000,000,009 | ---- | C] () -- C:\END [2012/11/05 18:57:06 | 245,366,635 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011/10/02 17:49:23 | 000,001,854 | ---- | C] () -- C:\Users\Tori\AppData\Roaming\GhostObjGAFix.xml ========== ZeroAccess Check ========== [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2012/11/20 06:22:45 | 000,006,263 | ---- | M] () -- C:\AdwCleaner[R1].txt [2012/11/21 06:33:34 | 000,003,174 | ---- | M] () -- C:\AdwCleaner[s1].txt [2009/07/13 19:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2012/11/22 13:20:26 | 000,066,730 | ---- | M] () -- C:\ComboFix.txt [2012/11/08 19:56:32 | 000,000,009 | ---- | M] () -- C:\END [2012/11/22 13:37:55 | 2210,582,528 | -HS- | M] () -- C:\hiberfil.sys [2012/11/22 13:37:55 | 2947,444,736 | -HS- | M] () -- C:\pagefile.sys [2012/01/29 15:10:04 | 000,000,085 | ---- | M] () -- C:\SYNTPAD.LOG [2012/11/19 20:39:50 | 000,007,102 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_19.11.2012_20.39.05_log.txt [2012/11/19 20:44:41 | 000,393,726 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_19.11.2012_20.41.39_log.txt [2012/11/19 20:46:42 | 000,005,028 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_19.11.2012_20.46.27_log.txt [2012/11/19 21:13:51 | 000,004,966 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_19.11.2012_21.13.25_log.txt [2012/11/19 21:18:05 | 000,398,404 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_19.11.2012_21.15.22_log.txt [2012/11/20 06:24:45 | 000,004,966 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_20.11.2012_06.24.31_log.txt [2012/11/20 06:30:04 | 000,395,336 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_20.11.2012_06.26.36_log.txt [2012/11/20 06:32:14 | 000,456,196 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_20.11.2012_06.30.34_log.txt [2012/11/20 06:48:05 | 000,005,028 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_20.11.2012_06.35.05_log.txt < %systemroot%\*. /mp /s > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > < > < End of report >
-
tried to run the online scanner and it would nto run, never popped up to install activex or anything not sure what to do with that one
-
after runnign combofix the internet has slowed to a crawl
-
ComboFix 12-11-20.02 - Tori 11/22/2012 13:08:02.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1704 [GMT -6:00] Running from: c:\users\Tori\Desktop\ComboFix.exe Command switches used :: c:\users\Tori\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . FILE :: "c:\programdata\Microsoft\Windows\DRM\3D5D.tmp.dat" "c:\programdata\Microsoft\Windows\DRM\3D9E.tmp" "c:\programdata\Microsoft\Windows\DRM\4AFA.tmp.dat" . . ((((((((((((((((((((((((( Files Created from 2012-10-22 to 2012-11-22 ))))))))))))))))))))))))))))))) . . 2012-11-22 19:14 . 2012-11-22 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-20 12:30 . 2012-11-20 12:30 208216 ----a-w- c:\windows\system32\drivers\04695815.sys 2012-11-20 04:15 . 2012-11-20 04:15 -------- d-----w- c:\users\Tori\AppData\Roaming\Malwarebytes 2012-11-20 04:15 . 2012-11-20 04:15 -------- d-----w- c:\programdata\Malwarebytes 2012-11-20 04:15 . 2012-09-30 01:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-20 04:15 . 2012-11-20 04:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-20 03:50 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-11-20 03:13 . 2012-11-20 03:13 208216 ----a-w- c:\windows\system32\drivers\32836484.sys 2012-11-20 02:44 . 2012-11-20 02:44 -------- d-----w- C:\TDSSKiller_Quarantine 2012-11-20 00:53 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-20 00:53 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-09 02:02 . 2012-11-20 00:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-11-09 02:02 . 2012-11-09 02:02 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-11-09 01:56 . 2012-11-14 01:30 -------- d-----w- c:\program files (x86)\InternetHelper1.5 2012-11-06 01:20 . 2012-11-06 01:20 119808 ----a-w- c:\programdata\Microsoft\Windows\DRM\3D5D.tmp.dat 2012-10-31 00:25 . 2012-10-31 00:25 -------- d-----w- c:\users\Administrator 2012-10-29 18:11 . 2012-10-29 18:11 -------- d-----w- c:\windows\Sun 2012-10-28 23:54 . 2012-10-28 23:54 119808 ----a-w- c:\programdata\Microsoft\Windows\DRM\4AFA.tmp.dat 2012-10-24 23:04 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-10-24 23:04 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-10-24 23:04 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-24 23:04 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-10-24 23:04 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-10-24 23:04 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-24 23:04 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-10-24 23:03 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll 2012-10-24 23:03 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-10-24 23:02 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2012-10-24 23:02 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-24 23:02 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-24 23:02 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-10-24 23:02 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-10-24 23:02 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-20 03:54 . 2011-01-13 01:42 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-23 00:42 . 2012-05-03 22:49 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-23 00:42 . 2012-03-26 23:35 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-22 19:02 . 2012-10-22 19:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2012-10-15 09:48 . 2012-10-15 09:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2012-10-05 09:32 . 2012-10-05 09:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys 2012-10-02 08:30 . 2012-10-02 08:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys 2012-09-21 08:46 . 2012-09-21 08:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2012-09-21 08:46 . 2012-09-21 08:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys 2012-09-14 08:05 . 2012-09-14 08:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992] R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-20 315392] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-26 1255736] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-17 202752] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 00:42] . 2012-10-23 c:\windows\Tasks\HPCeeScheduleForTori.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-05-26 6245408] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 . - - - - ORPHANS REMOVED - - - - . SafeBoot-97252530.sys AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET CLR Data] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET CLR Networking] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET CLR Networking 4.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET Data Provider for Oracle] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET Data Provider for SqlServer] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NETFramework] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\1394ohci] "ImagePath"="\SystemRoot\system32\drivers\1394ohci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ACPI] "ImagePath"="system32\drivers\ACPI.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AcpiPmi] "ImagePath"="\SystemRoot\system32\drivers\acpipmi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AdobeFlashPlayerUpdateSvc] "ImagePath"="c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\adp94xx] "ImagePath"="\SystemRoot\system32\DRIVERS\adp94xx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\adpahci] "ImagePath"="\SystemRoot\system32\DRIVERS\adpahci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\adpu320] "ImagePath"="\SystemRoot\system32\DRIVERS\adpu320.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\adsi] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AeLookupSvc] "ServiceDll"="%SystemRoot%\System32\aelupsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AERTFilters] "ImagePath"="c:\program files\Realtek\Audio\HDA\AERTSr64.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AFD] "ImagePath"="\SystemRoot\system32\drivers\afd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\agp440] "ImagePath"="\SystemRoot\system32\drivers\agp440.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ALG] "ImagePath"="%SystemRoot%\System32\alg.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\aliide] "ImagePath"="\SystemRoot\system32\drivers\aliide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AMD External Events Utility] "ImagePath"="%SystemRoot%\system32\atiesrxx.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdide] "ImagePath"="\SystemRoot\system32\drivers\amdide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AmdK8] "ImagePath"="\SystemRoot\system32\DRIVERS\amdk8.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdkmdag] "ImagePath"="system32\DRIVERS\atipmdag.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdkmdap] "ImagePath"="system32\DRIVERS\atikmpag.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AmdPPM] "ImagePath"="system32\DRIVERS\amdppm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdsata] "ImagePath"="system32\DRIVERS\amdsata.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdsbs] "ImagePath"="\SystemRoot\system32\DRIVERS\amdsbs.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdxata] "ImagePath"="system32\DRIVERS\amdxata.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AppID] "ImagePath"="\SystemRoot\system32\drivers\appid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AppIDSvc] "ServiceDll"="%SystemRoot%\System32\appidsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Appinfo] "ServiceDll"="%SystemRoot%\System32\appinfo.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AppMgmt] "ServiceDll"="%SystemRoot%\System32\appmgmts.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\arc] "ImagePath"="\SystemRoot\system32\DRIVERS\arc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\arcsas] "ImagePath"="\SystemRoot\system32\DRIVERS\arcsas.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AsyncMac] "ImagePath"="system32\DRIVERS\asyncmac.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\atapi] "ImagePath"="system32\drivers\atapi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Atierecord] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AtiPcie] "ImagePath"="system32\DRIVERS\AtiPcie.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AudioEndpointBuilder] "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AudioSrv] "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avg] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AVGIDSAgent] "ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgidsagent.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AVGIDSDriver] "ImagePath"="system32\DRIVERS\avgidsdrivera.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AVGIDSHA] "ImagePath"="system32\DRIVERS\avgidsha.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgldx64] "ImagePath"="system32\DRIVERS\avgldx64.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgloga] "ImagePath"="system32\DRIVERS\avgloga.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgmfx64] "ImagePath"="system32\DRIVERS\avgmfx64.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgrkx64] "ImagePath"="system32\DRIVERS\avgrkx64.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgtdia] "ImagePath"="system32\DRIVERS\avgtdia.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\avgwd] "ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AxInstSV] "ServiceDll"="%SystemRoot%\System32\AxInstSV.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\b06bdrv] "ImagePath"="\SystemRoot\system32\DRIVERS\bxvbda.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\b57nd60a] "ImagePath"="system32\DRIVERS\b57nd60a.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BattC] "MofImagePath"="system32\drivers\battc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BCM43XX] "ImagePath"="system32\DRIVERS\bcmwl664.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BDESVC] "ServiceDll"="%SystemRoot%\System32\bdesvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Beep] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BFE] "ServiceDll"="%SystemRoot%\System32\bfe.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BHDrvx64] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BITS] "ServiceDll"="%systemroot%\system32\qmgr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\blbdrive] "ImagePath"="\SystemRoot\system32\DRIVERS\blbdrive.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\bowser] "ImagePath"="system32\DRIVERS\bowser.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrFiltLo] "ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltLo.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrFiltUp] "ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltUp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BridgeMP] "ImagePath"="system32\DRIVERS\bridge.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Browser] "ServiceDll"="%SystemRoot%\System32\browser.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Brserid] "ImagePath"="\SystemRoot\System32\Drivers\Brserid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrSerWdm] "ImagePath"="\SystemRoot\System32\Drivers\BrSerWdm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrUsbMdm] "ImagePath"="\SystemRoot\System32\Drivers\BrUsbMdm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrUsbSer] "ImagePath"="\SystemRoot\System32\Drivers\BrUsbSer.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BTHMODEM] "ImagePath"="\SystemRoot\system32\DRIVERS\bthmodem.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BTHPORT] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\bthserv] "ServiceDll"="%SystemRoot%\system32\bthserv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\catchme] "ImagePath"="\??\c:\combofix\catchme.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\cdfs] "ImagePath"="system32\DRIVERS\cdfs.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\cdrom] "ImagePath"="\SystemRoot\system32\drivers\cdrom.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\CertPropSvc] "ServiceDll"="%SystemRoot%\System32\certprop.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\CinemaNow Service] "ImagePath"="c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\circlass] "ImagePath"="\SystemRoot\system32\DRIVERS\circlass.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\CLFS] "ImagePath"="System32\CLFS.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v2.0.50727_32] "ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v2.0.50727_64] "ImagePath"="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v4.0.30319_32] "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v4.0.30319_64] "ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\CmBatt] "ImagePath"="\SystemRoot\system32\DRIVERS\CmBatt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\cmdide] "ImagePath"="\SystemRoot\system32\drivers\cmdide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\CNG] "ImagePath"="System32\Drivers\cng.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Compbatt] "ImagePath"="system32\DRIVERS\compbatt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\CompositeBus] "ImagePath"="\SystemRoot\system32\drivers\CompositeBus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\COMSysApp] "ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\crcdisk] "ImagePath"="\SystemRoot\system32\DRIVERS\crcdisk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\crypt32] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\CryptSvc] "ServiceDll"="%SystemRoot%\system32\cryptsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\DCLocator] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\DcomLaunch] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\defragsvc] "ServiceDll"="%Systemroot%\System32\defragsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\DfsC] "ImagePath"="System32\Drivers\dfsc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Dhcp] "ServiceDll"="%SystemRoot%\system32\dhcpcore.dll" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\discache] "ImagePath"="System32\drivers\discache.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Disk] "ImagePath"="system32\DRIVERS\disk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Dnscache] "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\dot3svc] "ServiceDll"="%SystemRoot%\System32\dot3svc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\DPS] "ServiceDll"="%SystemRoot%\system32\dps.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\drmkaud] "ImagePath"="system32\drivers\drmkaud.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\DXGKrnl] "ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\EapHost] "ServiceDll"="%SystemRoot%\System32\eapsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ebdrv] "ImagePath"="\SystemRoot\system32\DRIVERS\evbda.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\EFS] "ImagePath"="%SystemRoot%\System32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ehRecvr] "ImagePath"="%systemroot%\ehome\ehRecvr.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ehSched] "ImagePath"="%systemroot%\ehome\ehsched.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\elxstor] "ImagePath"="\SystemRoot\system32\DRIVERS\elxstor.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ErrDev] "ImagePath"="\SystemRoot\system32\drivers\errdev.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ESENT] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\eventlog] "ServiceDll"="%SystemRoot%\System32\wevtsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\EventSystem] "ServiceDll"="%systemroot%\system32\es.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\exfat] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\fastfat] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Fax] "ImagePath"="%systemroot%\system32\fxssvc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\fdc] "ImagePath"="\SystemRoot\system32\DRIVERS\fdc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\fdPHost] "ServiceDll"="%SystemRoot%\system32\fdPHost.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\FDResPub] "ServiceDll"="%SystemRoot%\system32\fdrespub.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\FileInfo] "ImagePath"="system32\drivers\fileinfo.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Filetrace] "ImagePath"="system32\drivers\filetrace.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\flpydisk] "ImagePath"="\SystemRoot\system32\DRIVERS\flpydisk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\FltMgr] "ImagePath"="system32\drivers\fltmgr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\FontCache] "ServiceDll"="%SystemRoot%\system32\FntCache.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\FontCache3.0.0.0] "ImagePath"="%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\FsDepends] "ImagePath"="System32\drivers\FsDepends.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Fs_Rec] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\fvevol] "ImagePath"="System32\DRIVERS\fvevol.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\gagp30kx] "ImagePath"="\SystemRoot\system32\DRIVERS\gagp30kx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\gpsvc] "ServiceDll"="%SystemRoot%\System32\gpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\hcw85cir] "ImagePath"="\SystemRoot\system32\drivers\hcw85cir.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HdAudAddService] "ImagePath"="\SystemRoot\system32\drivers\HdAudio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HDAudBus] "ImagePath"="\SystemRoot\system32\drivers\HDAudBus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidBatt] "ImagePath"="\SystemRoot\system32\DRIVERS\HidBatt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidBth] "ImagePath"="\SystemRoot\system32\DRIVERS\hidbth.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidIr] "ImagePath"="\SystemRoot\system32\DRIVERS\hidir.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\hidserv] "ServiceDll"="%SystemRoot%\System32\hidserv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidUsb] "ImagePath"="\SystemRoot\system32\drivers\hidusb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\hkmsvc] "ServiceDLL"="%SystemRoot%\system32\kmsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HomeGroupListener] "ServiceDll"="%SystemRoot%\system32\ListSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HomeGroupProvider] "ServiceDll"="%SystemRoot%\system32\provsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HP Support Assistant Service] "ImagePath"="\"c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HP Wireless Assistant Service] "ImagePath"="\"c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HPDrvMntSvc.exe] "ImagePath"="\"c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\hpqwmiex] "ImagePath"="\"c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HpSAMD] "ImagePath"="\SystemRoot\system32\drivers\HpSAMD.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HPWMISVC] "ImagePath"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HTTP] "ImagePath"="system32\drivers\HTTP.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\hwpolicy] "ImagePath"="System32\drivers\hwpolicy.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\i8042prt] "ImagePath"="\SystemRoot\system32\drivers\i8042prt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\iaStorV] "ImagePath"="\SystemRoot\system32\drivers\iaStorV.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\idsvc] "ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\IDSVia64] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\igfx] "ImagePath"="system32\DRIVERS\igdkmd64.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\iirsp] "ImagePath"="\SystemRoot\system32\DRIVERS\iirsp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\IKEEXT] "ServiceDll"="%SystemRoot%\System32\ikeext.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\inetaccs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\IntcAzAudAddService] "ImagePath"="system32\drivers\RTKVHD64.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\intelide] "ImagePath"="\SystemRoot\system32\drivers\intelide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\intelppm] "ImagePath"="\SystemRoot\system32\DRIVERS\intelppm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\IPBusEnum] "ServiceDll"="%SystemRoot%\system32\ipbusenum.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\IpFilterDriver] "ImagePath"="system32\DRIVERS\ipfltdrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\iphlpsvc] "ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\IPMIDRV] "ImagePath"="\SystemRoot\system32\drivers\IPMIDrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\IPNAT] "ImagePath"="System32\drivers\ipnat.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\IRENUM] "ImagePath"="system32\drivers\irenum.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\isapnp] "ImagePath"="\SystemRoot\system32\drivers\isapnp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\iScsiPrt] "ImagePath"="\SystemRoot\system32\drivers\msiscsi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\kbdclass] "ImagePath"="\SystemRoot\system32\drivers\kbdclass.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\kbdhid] "ImagePath"="\SystemRoot\system32\drivers\kbdhid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\KeyIso] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\KSecDD] "ImagePath"="System32\Drivers\ksecdd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\KSecPkg] "ImagePath"="System32\Drivers\ksecpkg.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ksthunk] "ImagePath"="\SystemRoot\system32\drivers\ksthunk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\KtmRm] "ServiceDll"="%systemroot%\system32\msdtckrm.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\LanmanServer] "ServiceDll"="%SystemRoot%\System32\srvsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\LanmanWorkstation] "ServiceDll"="%SystemRoot%\System32\wkssvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ldap] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\LightScribeService] "ImagePath"="\"c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\lltdio] "ImagePath"="system32\DRIVERS\lltdio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\lltdsvc] "ServiceDll"="%SystemRoot%\System32\lltdsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\lmhosts] "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Lsa] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_FC] "ImagePath"="\SystemRoot\system32\DRIVERS\lsi_fc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_SAS] "ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_SAS2] "ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas2.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_SCSI] "ImagePath"="\SystemRoot\system32\DRIVERS\lsi_scsi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\luafv] "ImagePath"="\SystemRoot\system32\drivers\luafv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Mcx2Svc] "ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\megasas] "ImagePath"="\SystemRoot\system32\DRIVERS\megasas.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MegaSR] "ImagePath"="\SystemRoot\system32\DRIVERS\MegaSR.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MMCSS] "ServiceDll"="%SystemRoot%\system32\mmcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Modem] "ImagePath"="system32\drivers\modem.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\monitor] "ImagePath"="system32\DRIVERS\monitor.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\mouclass] "ImagePath"="\SystemRoot\system32\drivers\mouclass.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\mouhid] "ImagePath"="system32\DRIVERS\mouhid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\mountmgr] "ImagePath"="System32\drivers\mountmgr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\mpio] "ImagePath"="\SystemRoot\system32\drivers\mpio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\mpsdrv] "ImagePath"="System32\drivers\mpsdrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MpsSvc] "ServiceDll"="%SystemRoot%\system32\mpssvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MRxDAV] "ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\mrxsmb] "ImagePath"="system32\DRIVERS\mrxsmb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\mrxsmb10] "ImagePath"="system32\DRIVERS\mrxsmb10.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\mrxsmb20] "ImagePath"="system32\DRIVERS\mrxsmb20.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\msahci] "ImagePath"="system32\drivers\msahci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\msdsm] "ImagePath"="\SystemRoot\system32\drivers\msdsm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSDTC] "ImagePath"="%SystemRoot%\System32\msdtc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSDTC Bridge 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSDTC Bridge 4.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Msfs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\mshidkmdf] "ImagePath"="\SystemRoot\System32\drivers\mshidkmdf.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\msisadrv] "ImagePath"="system32\drivers\msisadrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSiSCSI] "ServiceDll"="%systemroot%\system32\iscsiexe.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\msiserver] "ImagePath"="%systemroot%\system32\msiexec.exe /V" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSKSSRV] "ImagePath"="system32\drivers\MSKSSRV.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSPCLOCK] "ImagePath"="system32\drivers\MSPCLOCK.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSPQM] "ImagePath"="system32\drivers\MSPQM.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsRPC] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSSCNTRS] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\mssmbios] "ImagePath"="\SystemRoot\system32\drivers\mssmbios.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSTEE] "ImagePath"="system32\drivers\MSTEE.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MTConfig] "ImagePath"="\SystemRoot\system32\DRIVERS\MTConfig.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Mup] "ImagePath"="System32\Drivers\mup.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\napagent] "ServiceDLL"="%SystemRoot%\system32\qagentRT.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NativeWifiP] "ImagePath"="system32\DRIVERS\nwifi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NDIS] "ImagePath"="system32\drivers\ndis.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NdisCap] "ImagePath"="system32\DRIVERS\ndiscap.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NdisTapi] "ImagePath"="system32\DRIVERS\ndistapi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Ndisuio] "ImagePath"="system32\DRIVERS\ndisuio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NdisWan] "ImagePath"="system32\DRIVERS\ndiswan.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NDProxy] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetBIOS] "ImagePath"="system32\DRIVERS\netbios.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetBT] "ImagePath"="System32\DRIVERS\netbt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Netlogon] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Netman] "ServiceDll"="%SystemRoot%\System32\netman.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\netprofm] "ServiceDll"="%SystemRoot%\System32\netprofm.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetTcpPortSharing] "ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\netw5v64] "ImagePath"="system32\DRIVERS\netw5v64.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\nfrd960] "ImagePath"="\SystemRoot\system32\DRIVERS\nfrd960.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NlaSvc] "ServiceDll"="%SystemRoot%\System32\nlasvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Npfs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\nsi] "ServiceDll"="%systemroot%\system32\nsisvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\nsiproxy] "ImagePath"="system32\drivers\nsiproxy.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NTDS] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Ntfs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Null] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\nvraid] "ImagePath"="\SystemRoot\system32\drivers\nvraid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\nvstor] "ImagePath"="\SystemRoot\system32\drivers\nvstor.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\nv_agp] "ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ohci1394] "ImagePath"="\SystemRoot\system32\drivers\ohci1394.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ose] "ImagePath"="\"c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\osppsvc] "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Outlook] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\p2pimsvc] "ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\p2psvc] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Parport] "ImagePath"="\SystemRoot\system32\DRIVERS\parport.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\partmgr] "ImagePath"="System32\drivers\partmgr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PcaSvc] "ServiceDll"="%SystemRoot%\System32\pcasvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pci] "ImagePath"="system32\drivers\pci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pciide] "ImagePath"="\SystemRoot\system32\drivers\pciide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pcmcia] "ImagePath"="\SystemRoot\system32\DRIVERS\pcmcia.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pcw] "ImagePath"="System32\drivers\pcw.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PEAUTH] "ImagePath"="system32\drivers\peauth.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfDisk] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfHost] "ImagePath"="%SystemRoot%\SysWow64\perfhost.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfNet] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfOS] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfProc] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pla] "ServiceDll"="%systemroot%\system32\pla.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PlugPlay] "ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PNRPAutoReg] "ServiceDll"="%SystemRoot%\system32\pnrpauto.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PNRPsvc] "ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PolicyAgent] "ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PortProxy] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Power] "ServiceDll"="%SystemRoot%\system32\umpo.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PptpMiniport] "ImagePath"="system32\DRIVERS\raspptp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Processor] "ImagePath"="\SystemRoot\system32\DRIVERS\processr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ProfSvc] "ServiceDll"="%systemroot%\system32\profsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ProtectedStorage] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Psched] "ImagePath"="system32\DRIVERS\pacer.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ql2300] "ImagePath"="\SystemRoot\system32\DRIVERS\ql2300.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ql40xx] "ImagePath"="\SystemRoot\system32\DRIVERS\ql40xx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\QWAVE] "ServiceDll"="%windir%\system32\qwave.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\QWAVEdrv] "ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasAcd] "ImagePath"="System32\DRIVERS\rasacd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasAgileVpn] "ImagePath"="system32\DRIVERS\AgileVpn.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasAuto] "ServiceDll"="%SystemRoot%\System32\rasauto.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Rasl2tp] "ImagePath"="system32\DRIVERS\rasl2tp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasMan] "ServiceDll"="%SystemRoot%\System32\rasmans.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasPppoe] "ImagePath"="system32\DRIVERS\raspppoe.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasSstp] "ImagePath"="system32\DRIVERS\rassstp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\rdbss] "ImagePath"="system32\DRIVERS\rdbss.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\rdpbus] "ImagePath"="\SystemRoot\system32\DRIVERS\rdpbus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPCDD] "ImagePath"="System32\DRIVERS\RDPCDD.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPDD] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPENCDD] "ImagePath"="system32\drivers\rdpencdd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPNP] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPREFMP] "ImagePath"="system32\drivers\rdprefmp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPWD] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\rdyboost] "ImagePath"="System32\drivers\rdyboost.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RemoteAccess] "ServiceDLL"="%SystemRoot%\System32\mprdim.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RemoteRegistry] "ServiceDll"="%SystemRoot%\system32\regsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcEptMapper] "ServiceDll"="%SystemRoot%\System32\RpcEpMap.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcLocator] "ImagePath"="%SystemRoot%\system32\locator.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcSs] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\rspndr] "ImagePath"="system32\DRIVERS\rspndr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RTL8167] "ImagePath"="system32\DRIVERS\Rt64win7.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RtVOsdService] "ImagePath"="\"c:\program files\Realtek\RtVOsd\RtVOsdService.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SamSs] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\sbp2port] "ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SBSDWSCService] "ImagePath"="c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SCardSvr] "ServiceDll"="%SystemRoot%\System32\SCardSvr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\scfilter] "ImagePath"="System32\DRIVERS\scfilter.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Schedule] "ServiceDll"="%systemroot%\system32\schedsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SCPolicySvc] "ServiceDll"="%SystemRoot%\System32\certprop.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\sdbus] "ImagePath"="\SystemRoot\system32\drivers\sdbus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SDRSVC] "ServiceDll"="%Systemroot%\System32\SDRSVC.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\secdrv] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\seclogon] "ServiceDll"="%windir%\system32\seclogon.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SENS] "ServiceDll"="%SystemRoot%\system32\sens.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SensrSvc] "ServiceDll"="%SystemRoot%\system32\sensrsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Serenum] "ImagePath"="\SystemRoot\system32\DRIVERS\serenum.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Serial] "ImagePath"="\SystemRoot\system32\DRIVERS\serial.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\sermouse] "ImagePath"="\SystemRoot\system32\DRIVERS\sermouse.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceModelEndpoint 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceModelOperation 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceModelService 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SessionEnv] "ServiceDLL"="%SystemRoot%\system32\sessenv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\sffdisk] "ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\sffp_mmc] "ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\sffp_sd] "ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\sfloppy] "ImagePath"="\SystemRoot\system32\DRIVERS\sfloppy.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SharedAccess] "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ShellHWDetection] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SiSRaid2] "ImagePath"="\SystemRoot\system32\DRIVERS\SiSRaid2.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SiSRaid4] "ImagePath"="\SystemRoot\system32\DRIVERS\sisraid4.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SkypeUpdate] "ImagePath"="\"c:\program files (x86)\Skype\Updater\Updater.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Smb] "ImagePath"="system32\DRIVERS\smb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SMSvcHost 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SMSvcHost 4.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SNMPTRAP] "ImagePath"="%SystemRoot%\System32\snmptrap.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\spldr] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Spooler] "ImagePath"="%SystemRoot%\System32\spoolsv.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\sppsvc] "ImagePath"="%SystemRoot%\system32\sppsvc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\sppuinotify] "ServiceDll"="%SystemRoot%\system32\sppuinotify.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\srv] "ImagePath"="System32\DRIVERS\srv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\srv2] "ImagePath"="System32\DRIVERS\srv2.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SrvHsfHDA] "ImagePath"="system32\DRIVERS\VSTAZL6.SYS" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SrvHsfV92] "ImagePath"="system32\DRIVERS\VSTDPV6.SYS" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SrvHsfWinac] "ImagePath"="system32\DRIVERS\VSTCNXT6.SYS" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\srvnet] "ImagePath"="System32\DRIVERS\srvnet.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SSDPSRV] "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SstpSvc] "ServiceDll"="%SystemRoot%\system32\sstpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\stexstor] "ImagePath"="\SystemRoot\system32\DRIVERS\stexstor.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\stisvc] "ServiceDll"="%SystemRoot%\System32\wiaservc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\swenum] "ImagePath"="\SystemRoot\system32\drivers\swenum.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\swprv] "ServiceDll"="%Systemroot%\System32\swprv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SymDS] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SymEFA] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SynTP] "ImagePath"="system32\DRIVERS\SynTP.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SysMain] "ServiceDll"="%systemroot%\system32\sysmain.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TabletInputService] "ServiceDll"="%SystemRoot%\System32\TabSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TapiSrv] "ServiceDll"="%SystemRoot%\System32\tapisrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TBS] "ServiceDll"="%SystemRoot%\System32\tbssvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Tcpip] "ImagePath"="System32\drivers\tcpip.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TCPIP6] "ImagePath"="system32\DRIVERS\tcpip.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TCPIP6TUNNEL] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\tcpipreg] "ImagePath"="System32\drivers\tcpipreg.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TCPIPTUNNEL] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TDPIPE] "ImagePath"="system32\drivers\tdpipe.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TDTCP] "ImagePath"="system32\drivers\tdtcp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\tdx] "ImagePath"="system32\DRIVERS\tdx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TermDD] "ImagePath"="\SystemRoot\system32\drivers\termdd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TermService] "ServiceDll"="%SystemRoot%\System32\termsrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Themes] "ServiceDll"="%SystemRoot%\system32\themeservice.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\THREADORDER] "ServiceDll"="%SystemRoot%\system32\mmcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrkWks] "ServiceDll"="%SystemRoot%\System32\trkwks.dll" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrustedInstaller] "ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TSDDD] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\tssecsrv] "ImagePath"="System32\DRIVERS\tssecsrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TsUsbFlt] "ImagePath"="system32\drivers\tsusbflt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\tunnel] "ImagePath"="system32\DRIVERS\tunnel.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\uagp35] "ImagePath"="\SystemRoot\system32\DRIVERS\uagp35.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\udfs] "ImagePath"="system32\DRIVERS\udfs.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\UGatherer] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\UGTHRSVC] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\UI0Detect] "ImagePath"="%SystemRoot%\system32\UI0Detect.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\uliagpkx] "ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\umbus] "ImagePath"="\SystemRoot\system32\drivers\umbus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\UmPass] "ImagePath"="\SystemRoot\system32\DRIVERS\umpass.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\upnphost] "ServiceDll"="%SystemRoot%\System32\upnphost.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbccgp] "ImagePath"="\SystemRoot\system32\drivers\usbccgp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbcir] "ImagePath"="\SystemRoot\system32\drivers\usbcir.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbehci] "ImagePath"="\SystemRoot\system32\drivers\usbehci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbfilter] "ImagePath"="system32\DRIVERS\usbfilter.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbhub] "ImagePath"="\SystemRoot\system32\drivers\usbhub.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbohci] "ImagePath"="\SystemRoot\system32\drivers\usbohci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbprint] "ImagePath"="\SystemRoot\system32\DRIVERS\usbprint.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\USBSTOR] "ImagePath"="system32\DRIVERS\USBSTOR.SYS" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbuhci] "ImagePath"="\SystemRoot\system32\drivers\usbuhci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbvideo] "ImagePath"="\SystemRoot\System32\Drivers\usbvideo.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\UxSms] "ServiceDll"="%SystemRoot%\System32\uxsms.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\VaultSvc] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vdrvroot] "ImagePath"="system32\drivers\vdrvroot.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vds] "ImagePath"="%SystemRoot%\System32\vds.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vga] "ImagePath"="system32\DRIVERS\vgapnp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\VgaSave] "ImagePath"="\SystemRoot\System32\drivers\vga.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vhdmp] "ImagePath"="\SystemRoot\system32\drivers\vhdmp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\viaide] "ImagePath"="\SystemRoot\system32\drivers\viaide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\volmgr] "ImagePath"="system32\drivers\volmgr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\volmgrx] "ImagePath"="System32\drivers\volmgrx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\volsnap] "ImagePath"="system32\drivers\volsnap.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vsmraid] "ImagePath"="\SystemRoot\system32\DRIVERS\vsmraid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\VSS] "ImagePath"="%systemroot%\system32\vssvc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vwifibus] "ImagePath"="system32\DRIVERS\vwifibus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vwififlt] "ImagePath"="system32\DRIVERS\vwififlt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\W32Time] "ServiceDll"="%systemroot%\system32\w32time.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\W3SVC] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WacomPen] "ImagePath"="\SystemRoot\system32\DRIVERS\wacompen.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WANARP] "ImagePath"="system32\DRIVERS\wanarp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wanarpv6] "ImagePath"="system32\DRIVERS\wanarp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WatAdminSvc] "ImagePath"="%SystemRoot%\system32\Wat\WatAdminSvc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wbengine] "ImagePath"="\"%systemroot%\system32\wbengine.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WbioSrvc] "ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wcncsvc] "ServiceDll"="%SystemRoot%\System32\wcncsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WcsPlugInService] "ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wd] "ImagePath"="\SystemRoot\system32\DRIVERS\wd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wdf01000] "ImagePath"="system32\drivers\Wdf01000.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiServiceHost] "ServiceDll"="%SystemRoot%\system32\wdi.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiSystemHost] "ServiceDll"="%SystemRoot%\system32\wdi.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WebClient] "ServiceDll"="%SystemRoot%\System32\webclnt.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wecsvc] "ServiceDll"="%SystemRoot%\system32\wecsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wercplsupport] "ServiceDll"="%SystemRoot%\System32\wercplsupport.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WerSvc] "ServiceDll"="%SystemRoot%\System32\WerSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WfpLwf] "ImagePath"="system32\DRIVERS\wfplwf.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WIMMount] "ImagePath"="system32\drivers\wimmount.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinDefend] "ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Windows Workflow Foundation 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinHttpAutoProxySvc] "ServiceDll"="winhttp.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winmgmt] "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRM] "ServiceDll"="%SystemRoot%\system32\WsmSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winsock] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinSock2] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinUsb] "ImagePath"="system32\DRIVERS\WinUsb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wlansvc] "ServiceDll"="%SystemRoot%\System32\wlansvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wlidsvc] "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmiAcpi] "ImagePath"="\SystemRoot\system32\drivers\wmiacpi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmiApRpl] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wmiApSrv] "ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WMPNetworkSvc] "ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WPCSvc] "ServiceDll"="%SystemRoot%\System32\wpcsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WPDBusEnum] "ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ws2ifsl] "ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WSearch] "ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WSearchIdxPi] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wuauserv] "ServiceDll"="%systemroot%\system32\wuaueng.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WudfPf] "ImagePath"="system32\drivers\WudfPf.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WUDFRd] "ImagePath"="system32\DRIVERS\WUDFRd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wudfsvc] "ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WwanSvc] "ServiceDll"="%SystemRoot%\System32\wwansvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\xmlprov] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\yukonw7] "ImagePath"="system32\DRIVERS\yk62x64.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{0D04A0FC-3742-4DD7-99AD-8C633B5A0934}] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{CDDF71EF-4778-448D-BC06-80DF65B3A25E}] . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe . ************************************************************************** . Completion time: 2012-11-22 13:20:26 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-22 19:20 ComboFix2.txt 2012-11-20 12:19 . Pre-Run: 245,407,170,560 bytes free Post-Run: 245,208,252,416 bytes free . - - End Of File - - DC7BCB558AAE95073B8BF01CA9C0F16D
-
Computer is loading a little slow but we are able to get past our homepage now and actually work on the computer to try and get it clean. Thank you so much for all your help so far.
-
SHA256: fc6a790373838af7061930acb5c6246fa82207c4528e414e7f0d1fa70fd33496 SHA1: 9a71be951fb85367da58ca543e492c6064d3f01f MD5: dbd5f8ad0da8451d2fde6d5ec2baf0ee File size: 117.0 KB ( 119808 bytes ) File name: 4AFA.tmp.dat File type: Win32 EXE Detection ratio: 28 / 43 Analysis date: 2012-11-21 12:46:11 UTC ( 0 minutes ago ) 0 0 Less details Analysis Comments Votes Additional information Antivirus Result Update Agnitum - 20121118 AhnLab-V3 Dropper/Win32.Tdss 20121118 AntiVir TR/Alureon.A.62 20121119 Antiy-AVL - 20121118 Avast Win32:Alureon-AYC [Trj] 20121119 AVG Dropper.Generic6.CPLD 20121119 BitDefender Gen:Variant.Kazy.105314 20121119 ByteHero - 20121116 CAT-QuickHeal - 20121119 ClamAV - 20121119 Commtouch - 20121119 Comodo TrojWare.Win32.Trojan.Agent.Gen 20121119 DrWeb Trojan.Tdlphaze.15 20121119 Emsisoft - 20121119 eSafe - 20121115 ESET-NOD32 a variant of Win32/Kryptik.AOHY 20121119 F-Prot - 20121119 F-Secure Gen:Variant.Kazy.105314 20121119 Fortinet W32/TDSS.AWPQ!tr 20121119 GData Gen:Variant.Kazy.105314 20121119 Ikarus Trojan.Win32.Tdss 20121119 Jiangmin TrojanDropper.TDSS.hwe 20121119 K7AntiVirus - 20121116 Kaspersky Trojan-Dropper.Win32.TDSS.awpq 20121119 Kingsoft Win32.Malware.Generic.a.(kcloud) 20121112 McAfee DNSChanger!fh 20121119 McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.G 20121119 Microsoft Trojan:Win32/Alureon 20121119 MicroWorld-eScan Gen:Variant.Kazy.105314 20121119 Norman W32/Troj_Generic.FFGRN 20121119 nProtect - 20121119 Panda Trj/OCJ.A 20121119 Rising - 20121119 Sophos Mal/Generic-L 20121119 SUPERAntiSpyware - 20121119 Symantec Backdoor.Pihar 20121119 TheHacker - 20121118 TotalDefense - 20121118 TrendMicro TROJ_SPNR.16K612 20121119 TrendMicro-HouseCall TROJ_SPNR.16K612 20121119 VBA32 BScope.Malware-Cryptor.TDSS.2112 20121119 VIPRE Trojan.Win32.Generic!BT 20121119 ViRobot Dropper.A.Tdss.119808.H 20121119 No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so! More comments Leave your comment... ? Rich Text Area Toolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y) StylesStyles ▼ Remove Formatting Post comment You have not signed in. Only registered users can leave comments, sign in and have a voice! Sign in Join the community No votes. No one has voted on this item yet, be the first one to do so! More votes An error occurred ssdeep 1536:4YJ+3X3g8u66Ch2mu20uiQPVPKskO7GzYKVju13tHuJMpxU2Ndf8KhaaX7YEi962:4YU3guZhBuNEPxnkbX7MoGXfX7yb TrID Win 9x/ME Control Panel applet (43.5%) Win32 Executable Generic (23.9%) Win32 Dynamic Link Library (generic) (21.2%) Generic Win/DOS Executable (5.6%) DOS Executable Generic (5.6%) ExifTool MIMEType.................: application/octet-stream Subsystem................: Windows GUI MachineType..............: Intel 386 or later, and compatibles TimeStamp................: 2012:05:07 06:42:59+01:00 FileType.................: Win32 EXE PEType...................: PE32 CodeSize.................: 10240 LinkerVersion............: 12.0 Warning..................: Error processing PE data dictionary EntryPoint...............: 0x3371 InitializedDataSize......: 108032 SubsystemVersion.........: 5.1 ImageVersion.............: 0.0 OSVersion................: 5.1 UninitializedDataSize....: 0 Portable Executable structural information Compilation timedatestamp.....: 2012-05-07 05:42:59 Target machine................: 0x14C (Intel 386 or later processors and compatible processors) Entry point address...........: 0x00003371 PE Sections...................: Name Virtual Address Virtual Size Raw Size Entropy MD5 .text 4096 9864 10240 6.54 90d7968d261258b96495acebfb6cb081 .oeLhK 16384 324 512 2.34 ff4c659db46bc8d7109c3f6ceda1d755 .uzrdi 20480 1408 1536 5.14 24d6aafae30a98c13df4a0520adca2fd .xRb 24576 28 512 0.16 987a4ce24f364f6165e344d312fbe77d .vyWb 28672 50 512 0.87 0201fdf7d79a6048b06d5e9c60ded788 .rvcGbk 32768 76 512 0.98 73064c5f040a9350b3bc849ba0e1f988 .quWnov 36864 64 512 0.84 00416c5f6bf0878a188942770f5d367f .Tjrpg 40960 64 512 0.83 2ce4f3ae50bc836239aace105e4e153e .qhma 45056 127 512 1.68 0331f3497abe3afa82b2dc37e1e7a971 .NFX 49152 68 512 0.74 166b8065fbe8c83b2df907193c5a2520 .data 53248 2804 3072 5.30 e1f5929fb786fac06df8af102f52857b .liTd 57344 118188 0 0.00 d41d8cd98f00b204e9800998ecf8427e .rsrc 176128 97623 97792 7.81 13d4778ed1afe6f928dde504b96365b9 .reloc 274432 1076 1536 5.21 9e24a2425a9843aa57622dd957ce10fe PE Imports....................: [[COMDLG32.dll]] ReplaceTextW, GetSaveFileNameA, PrintDlgW [[GDI32.dll]] SetDIBits, GetDIBColorTable, SetROP2, CreateHalftonePalette, TranslateCharsetInfo, SetDIBColorTable, SetViewportOrgEx, GetTextColor, CreateSolidBrush, CreateEllipticRgnIndirect, PtVisible, CreateDCW, SetTextAlign, GetTextMetricsA [[KERNEL32.dll]] AreFileApisANSI, CreatePipe, lstrcpyW, GetTimeZoneInformation, GetVersion, GetModuleFileNameW, EnumResourceNamesW, FindFirstFileA, IsBadWritePtr, GetCommProperties, TransactNamedPipe, CreateDirectoryA, GlobalUnlock, lstrcmpW, HeapUnlock, GetThreadContext, LeaveCriticalSection [[console.dll]] CPlApplet [[uSER32.dll]] GetMessagePos, SetCaretPos, GetScrollPos, DestroyAcceleratorTable, RegisterWindowMessageA, ShowWindow, DrawStateW, SetScrollPos, DispatchMessageA, LockWindowUpdate, CharUpperBuffA, DrawIcon, SetWindowLongA, wvsprintfA, SendDlgItemMessageW, GetWindow, CreateCursor, MapDialogRect, CharNextExA, GetForegroundWindow, DefFrameProcA, LoadStringW, GetClientRect, DrawMenuBar, GetNextDlgTabItem, GetKeyboardLayout, SwitchToThisWindow, MonitorFromPoint, SetWindowTextW, WaitForInputIdle, ShowOwnedPopups, LoadImageA, IsCharUpperW, SetForegroundWindow, SetCursor [[COMCTL32.dll]] InitCommonControlsEx, ImageList_Draw, ImageList_ReplaceIcon, ImageList_Destroy, PropertySheetW PE Resources..................: Resource type Number of resources RT_FONTDIR 1 RT_MENU 1 RT_VERSION 1 RT_FONT 1 Resource language Number of resources ENGLISH US 4 Symantec Reputation Suspicious.Insight F-Secure Deepguard Suspicious:W32/Malware!Gemini First seen by VirusTotal 2012-10-28 18:14:29 UTC ( 3 weeks, 2 days ago ) Last seen by VirusTotal 2012-11-21 12:46:11 UTC ( 0 minutes ago ) File names (max. 25) 0.7888275716690919 4AFA.tmp.dat
-
SHA256: a05d9b1dbe9a67d3da6011e6a1d96b3621c1b61240f48281cfe97a50c2a2ac0b SHA1: d29df3bc310613153650b1f1c3c7073df94d9f63 MD5: 3742924b7b5f86b36423ac5178b3a2d6 File size: 117.0 KB ( 119808 bytes ) File name: 3D5D.tmp.dat File type: Win32 EXE Detection ratio: 31 / 43 Analysis date: 2012-11-21 12:41:15 UTC ( 0 minutes ago ) 0 0 Less details Antivirus Result Update Agnitum - 20121118 AhnLab-V3 Dropper/Win32.Tdss 20121118 AntiVir TR/Alureon.A.68 20121119 Antiy-AVL - 20121118 Avast Win32:Alureon-AYG [Trj] 20121119 AVG Generic30.STG 20121119 BitDefender Gen:Variant.Kazy.106561 20121119 ByteHero - 20121116 CAT-QuickHeal Trojan.Tdss.itlb 20121119 ClamAV - 20121119 Commtouch - 20121119 Comodo TrojWare.Win32.Trojan.Agent.Gen 20121119 DrWeb Trojan.Tdlphaze.15 20121119 Emsisoft - 20121119 eSafe Win32.Trojan 20121115 ESET-NOD32 a variant of Win32/Kryptik.AOHY 20121119 F-Prot - 20121119 F-Secure Gen:Variant.Kazy.106561 20121119 Fortinet W32/TDSS.ITLB!tr 20121119 GData Gen:Variant.Kazy.106561 20121119 Ikarus Trojan.Win32.Tdss 20121119 Jiangmin Trojan/TDSS.ajpv 20121119 K7AntiVirus Trojan 20121116 Kaspersky Trojan.Win32.TDSS.itlb 20121119 Kingsoft Win32.Troj.Tdss.(kcloud) 20121112 McAfee DNSChanger!fh 20121119 McAfee-GW-Edition DNSChanger!fh 20121119 Microsoft Trojan:Win32/Alureon 20121119 MicroWorld-eScan Gen:Variant.Kazy.106561 20121119 Norman W32/Troj_Generic.FFRWF 20121119 nProtect - 20121119 Panda Trj/OCJ.A 20121119 Rising - 20121119 Sophos Mal/Generic-L 20121119 SUPERAntiSpyware Trojan.Agent/Gen-Alureon 20121119 Symantec Backdoor.Pihar 20121119 TheHacker - 20121118 TotalDefense - 20121118 TrendMicro TROJ_GEN.FC2CKKA 20121119 TrendMicro-HouseCall TROJ_GEN.FC2CKKA 20121119 VBA32 - 20121119 VIPRE Trojan.Win32.Generic!BT 20121119 ViRobot Trojan.Win32.A.Tdss.119808.H 20121119 No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so! More comments Leave your comment... ? Rich Text Area Toolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y) StylesStyles ▼ Remove Formatting Post comment You have not signed in. Only registered users can leave comments, sign in and have a voice! Sign in Join the community No votes. No one has voted on this item yet, be the first one to do so! An error occurred ssdeep 3072:vrmRo0hzPzAQkKlO1k4uG8qU20Rym/9sc8GkQe1SP1J:vrJ0pxvl/9sNfRcd TrID Win 9x/ME Control Panel applet (57.2%) Win32 Dynamic Link Library (generic) (27.9%) Generic Win/DOS Executable (7.3%) DOS Executable Generic (7.3%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) ExifTool MIMEType.................: application/octet-stream Subsystem................: Windows GUI MachineType..............: Intel 386 or later, and compatibles TimeStamp................: 2012:01:18 17:54:16+00:00 FileType.................: Win32 EXE PEType...................: PE32 CodeSize.................: 11264 LinkerVersion............: 12.0 Warning..................: Error processing PE data dictionary EntryPoint...............: 0x3729 InitializedDataSize......: 107520 SubsystemVersion.........: 5.1 ImageVersion.............: 0.0 OSVersion................: 5.1 UninitializedDataSize....: 0 Portable Executable structural information Compilation timedatestamp.....: 2012-01-18 17:54:16 Target machine................: 0x14C (Intel 386 or later processors and compatible processors) Entry point address...........: 0x00003729 PE Sections...................: Name Virtual Address Virtual Size Raw Size Entropy MD5 .text 4096 10824 11264 6.44 0014f7ed6edf0a8aaaf3599ba4c5dfb7 .taoso 16384 324 512 2.29 7f305f41c5c641604bc19a2fc30968e7 .osz 20480 1368 1536 5.06 8ebedf42286782f44b67c5c7b46c89e9 .Gemsm 24576 28 512 0.16 85316d55ff87031d9334479d5b0286f8 .Obis 28672 71 512 1.27 a849cbab997484cfa00a5f155f76249d .gal 32768 64 512 0.82 021acf46b706c37ccc8c41353f80c73b .boaod 36864 64 512 0.82 995ab936e40eb425c800059c86c9686e .ehx 40960 127 512 1.72 a85769567332ad498973754d193b5815 .she 45056 68 512 0.74 db8524f6c9a7a6b4e2cb0215de7e5408 .data 49152 2508 2560 5.61 35c4277a27c26e01798d4049421e580c .dalon 53248 116550 0 0.00 d41d8cd98f00b204e9800998ecf8427e .rsrc 172032 97880 98304 7.83 a08282592dc7a07ae1e403c56475a3fe .reloc 270336 1232 1536 5.82 a3758d54d0dddecca3e0a322021186f5 PE Imports....................: [[COMDLG32.dll]] PrintDlgW, PrintDlgExW, GetSaveFileNameA, GetFileTitleW, GetOpenFileNameA [[GDI32.dll]] GetDeviceCaps, GetObjectA, TranslateCharsetInfo, LineTo, ExtTextOutW, GetStockObject, CreateHalftonePalette, EnumFontFamiliesExW, GetRgnBox, ScaleWindowExtEx, CombineRgn, StartDocW, StretchBlt, Rectangle [[KERNEL32.dll]] GetFullPathNameA, lstrcpynW, SetupComm, GetSystemDefaultLangID, lstrcmpiA, LCMapStringW, GetModuleFileNameW, GlobalDeleteAtom, GetSystemDefaultUILanguage, ReadFile, CreateEventW, GetTempFileNameA, GetHandleInformation, GetUserDefaultLCID, SetHandleInformation, SuspendThread, SetThreadExecutionState [[console.dll]] CPlApplet [[uSER32.dll]] MapVirtualKeyA, IntersectRect, MonitorFromPoint, SetMenuItemBitmaps, CharPrevW, SetClassLongW, CreateIconIndirect, GetPropW, ShowWindow, FindWindowA, DrawStateW, SetPropW, RemoveMenu, IsWindow, PeekMessageW, InflateRect, MoveWindow, DialogBoxParamW, GetWindow, CheckMenuRadioItem, GetScrollInfo, SetScrollInfo, CharLowerBuffW, LoadBitmapW, InsertMenuW, GetKeyboardLayoutList, GetNextDlgTabItem, IsCharUpperA, GetActiveWindow, AttachThreadInput, GetWindowTextW, TabbedTextOutW, GetUpdateRect, IsDialogMessageA [[COMCTL32.dll]] ImageList_Write, ImageList_Create, PropertySheetA, ImageList_SetIconSize PE Resources..................: Resource type Number of resources RT_STRING 1 RT_DIALOG 1 RT_VERSION 1 Resource language Number of resources ENGLISH US 3 First seen by VirusTotal 2012-11-07 17:27:48 UTC ( 1 week, 6 days ago ) Last seen by VirusTotal 2012-11-21 12:41:15 UTC ( 1 minute ago ) File names (max. 25) d29df3bc310613153650b1f1c3c7073df94d9f63 3D5D.tmp.dat
-
# AdwCleaner v2.008 - Logfile created 11/21/2012 at 06:33:30 # Updated 17/11/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Tori - TORI-HP # Boot Mode : Normal # Running from : C:\Users\Tori\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk File Deleted : C:\Users\Public\Desktop\eBay.lnk File Deleted : C:\Users\Tori\AppData\Local\Temp\Uninstall.exe Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Users\Tori\AppData\Local\Conduit Folder Deleted : C:\Users\Tori\AppData\LocalLow\Conduit ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3247201 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. ************************* AdwCleaner[R1].txt - [6263 octets] - [20/11/2012 06:22:41] AdwCleaner[s1].txt - [3051 octets] - [21/11/2012 06:33:30] ########## EOF - C:\AdwCleaner[s1].txt - [3111 octets] ##########
-
attached is the resident spybot log Resident.zip
-
tdsskiller log (kaspersky tool) was too long couldn't post it attached is the log file tdsskiller.zip
-
adwcleaner log # AdwCleaner v2.008 - Logfile created 11/20/2012 at 06:22:41 # Updated 17/11/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Tori - TORI-HP # Boot Mode : Normal # Running from : C:\Users\Tori\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk File Found : C:\Users\Public\Desktop\eBay.lnk Folder Found : C:\Program Files (x86)\AVG Secure Search Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\ProgramData\AVG Secure Search Folder Found : C:\ProgramData\Tarma Installer Folder Found : C:\Users\Tori\AppData\Local\AVG Secure Search Folder Found : C:\Users\Tori\AppData\Local\Conduit Folder Found : C:\Users\Tori\AppData\LocalLow\AVG Secure Search Folder Found : C:\Users\Tori\AppData\LocalLow\Conduit ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\AVG Secure Search Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\Software\AVG Secure Search Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3247201 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Found : HKLM\Software\Conduit Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : HKU\S-1-5-21-958451323-4015970961-1856407647-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. ************************* AdwCleaner[R1].txt - [6144 octets] - [20/11/2012 06:22:41] ########## EOF - C:\AdwCleaner[R1].txt - [6204 octets] ##########
-
combofix log ComboFix 12-11-20.02 - Tori 11/20/2012 6:10.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1662 [GMT -6:00] Running from: c:\users\Tori\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Microsoft\Windows\DRM\3D9E.tmp c:\users\Tori\Desktop\Internet Explorer.lnk c:\windows\Downloaded Program Files\popcaploader.dll c:\windows\Downloaded Program Files\popcaploader.inf c:\windows\security\Database\tmp.edb . . ((((((((((((((((((((((((( Files Created from 2012-10-20 to 2012-11-20 ))))))))))))))))))))))))))))))) . . 2012-11-20 12:16 . 2012-11-20 12:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-20 04:15 . 2012-11-20 04:15 -------- d-----w- c:\users\Tori\AppData\Roaming\Malwarebytes 2012-11-20 04:15 . 2012-11-20 04:15 -------- d-----w- c:\programdata\Malwarebytes 2012-11-20 04:15 . 2012-09-30 01:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-20 04:15 . 2012-11-20 04:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-20 03:50 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-11-20 03:13 . 2012-11-20 03:13 208216 ----a-w- c:\windows\system32\drivers\32836484.sys 2012-11-20 02:44 . 2012-11-20 02:44 -------- d-----w- C:\TDSSKiller_Quarantine 2012-11-20 00:53 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-20 00:53 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-09 02:02 . 2012-11-20 00:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-11-09 02:02 . 2012-11-09 02:02 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-11-09 01:56 . 2012-11-09 03:03 -------- d-----w- c:\programdata\Tarma Installer 2012-11-09 01:56 . 2012-11-09 01:56 -------- d-----w- c:\program files (x86)\Conduit 2012-11-09 01:56 . 2012-11-09 03:07 -------- d-----w- c:\users\Tori\AppData\Local\Conduit 2012-11-09 01:56 . 2012-11-14 01:30 -------- d-----w- c:\program files (x86)\InternetHelper1.5 2012-11-06 01:20 . 2012-11-06 01:20 119808 ----a-w- c:\programdata\Microsoft\Windows\DRM\3D5D.tmp.dat 2012-10-31 00:25 . 2012-10-31 00:25 -------- d-----w- c:\users\Administrator 2012-10-29 18:11 . 2012-10-29 18:11 -------- d-----w- c:\windows\Sun 2012-10-28 23:54 . 2012-10-28 23:54 119808 ----a-w- c:\programdata\Microsoft\Windows\DRM\4AFA.tmp.dat 2012-10-24 23:04 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-10-24 23:04 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-10-24 23:04 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-24 23:04 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-10-24 23:04 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-10-24 23:04 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-24 23:04 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-10-24 23:03 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll 2012-10-24 23:03 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-10-24 23:02 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2012-10-24 23:02 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-24 23:02 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-24 23:02 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-10-24 23:02 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-10-24 23:02 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-10-22 19:02 . 2012-10-22 19:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-20 03:54 . 2011-01-13 01:42 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-11-09 00:41 . 2012-09-29 20:42 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2012-10-23 00:42 . 2012-05-03 22:49 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-23 00:42 . 2012-03-26 23:35 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-15 09:48 . 2012-10-15 09:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2012-10-05 09:32 . 2012-10-05 09:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys 2012-10-02 08:30 . 2012-10-02 08:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys 2012-09-21 08:46 . 2012-09-21 08:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2012-09-21 08:46 . 2012-09-21 08:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys 2012-09-14 08:05 . 2012-09-14 08:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys 2012-08-24 18:05 . 2012-10-03 22:13 1188864 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 18:05 . 2012-10-03 22:13 1494528 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 18:05 . 2012-10-03 22:13 134144 ----a-w- c:\windows\system32\url.dll 2012-08-24 18:03 . 2012-10-03 22:14 9056256 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 18:03 . 2012-10-03 22:13 97792 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 18:03 . 2012-10-03 22:13 735744 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 18:03 . 2012-10-03 22:13 64512 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 18:02 . 2012-10-03 22:13 247808 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 18:02 . 2012-10-03 22:14 12295680 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 18:02 . 2012-10-03 22:13 2453504 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 16:57 . 2012-10-03 22:13 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 15:59 . 2012-10-03 22:13 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 15:20 . 2012-10-03 22:13 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-22 18:12 . 2012-09-23 23:51 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-23 23:51 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-23 23:51 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-11-09 00:41 1796552 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-09 1796552] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-17 98304] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-09 997320] "ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" [2012-09-29 856160] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-26 1255736] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-09 30568] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-17 202752] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680] S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-20 315392] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-09 711112] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 00:42] . 2012-10-23 c:\windows\Tasks\HPCeeScheduleForTori.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-05-26 6245408] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - (no file) Wow6432Node-HKCU-Run-HPAdvisorDock - c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe SafeBoot-04308139.sys SafeBoot-16996721.sys SafeBoot-74093487.sys WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) WebBrowser-{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-20 06:18:59 ComboFix-quarantined-files.txt 2012-11-20 12:18 . Pre-Run: 245,398,278,144 bytes free Post-Run: 245,094,039,552 bytes free . - - End Of File - - A22635913E3D242ED309896556B52C69
-
First, thank you in advance for your help. Having trouble removing smitfraud-c.generic spybot was unable to remove it. Running malwarebytes scan currently ran the kaspersky tool earlier which seemed to remove it, the internet is moving faster, but its still shows up in spybot scans. DDS scan shows DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_32 Run by Tori at 22:16:43 on 2012-11-19 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1186 [GMT -6:00] . AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2013\avgrsa.exe C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe C:\Program Files (x86)\AVG\AVG2013\avgemca.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\WUDFHost.exe C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe C:\Program Files\Realtek\RtVOsd\RtVOsd.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe C:\Windows\system32\wuauclt.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\msiexec.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uURLSearchHooks: {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - <orphaned> mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file> TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab TCP: NameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{0D04A0FC-3742-4DD7-99AD-8C633B5A0934} : DHCPNameServer = 10.107.128.1 TCP: Interfaces\{CDDF71EF-4778-448D-BC06-80DF65B3A25E} : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{CDDF71EF-4778-448D-BC06-80DF65B3A25E}\65963747160213130303 : DHCPNameServer = 10.107.128.1 TCP: Interfaces\{CDDF71EF-4778-448D-BC06-80DF65B3A25E}\659637471602830303 : DHCPNameServer = 10.107.128.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll SSODL: WebCheck - <orphaned> mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032] R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-29 30568] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-9-19 98208] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-19 202752] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680] R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-4-19 315392] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-11-8 1153368] R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-9-19 347680] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-9-19 38456] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-1-14 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-26 1255736] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120] . =============== Created Last 30 ================ . 2012-11-20 04:15:43 -------- d-----w- C:\Users\Tori\AppData\Roaming\Malwarebytes 2012-11-20 04:15:30 -------- d-----w- C:\ProgramData\Malwarebytes 2012-11-20 04:15:29 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-11-20 04:15:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-11-20 03:13:26 208216 ----a-w- C:\Windows\System32\drivers\32836484.sys 2012-11-20 02:44:34 -------- d-----w- C:\TDSSKiller_Quarantine 2012-11-20 01:10:47 20480 ----a-w- C:\Windows\svchost.exe 2012-11-20 00:53:12 95744 ----a-w- C:\Windows\System32\synceng.dll 2012-11-20 00:53:12 78336 ----a-w- C:\Windows\SysWow64\synceng.dll 2012-11-09 02:02:31 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-11-09 02:02:31 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-11-09 01:56:36 -------- d-----w- C:\ProgramData\Tarma Installer 2012-11-09 01:56:31 -------- d-----w- C:\Program Files (x86)\Conduit 2012-11-09 01:56:27 -------- d-----w- C:\Users\Tori\AppData\Local\Conduit 2012-11-09 01:56:25 -------- d-----w- C:\Program Files (x86)\InternetHelper1.5 2012-11-06 01:20:43 119808 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\3D9E.tmp 2012-11-06 01:20:42 119808 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\3D5D.tmp.dat 2012-10-28 23:54:53 119808 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\4AFA.tmp.dat 2012-10-24 23:04:23 220160 ----a-w- C:\Windows\System32\wintrust.dll 2012-10-24 23:04:23 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-10-24 23:04:12 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-10-24 23:04:11 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-10-24 23:04:11 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-10-24 23:04:05 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-10-24 23:04:05 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-10-24 23:03:32 715776 ----a-w- C:\Windows\System32\kerberos.dll 2012-10-24 23:03:32 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll 2012-10-24 23:02:10 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2012-10-24 23:02:09 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-10-24 23:02:09 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-10-24 23:02:09 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-10-24 23:02:09 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-10-24 23:02:09 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-10-22 19:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys . ==================== Find3M ==================== . 2012-11-09 00:41:39 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys 2012-10-23 00:42:22 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-23 00:42:22 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-10-15 09:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys 2012-10-05 09:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys 2012-10-02 08:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys 2012-09-21 08:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys 2012-09-21 08:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys 2012-09-14 08:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys 2012-08-24 18:05:06 1188864 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 16:57:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 15:59:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2012-08-24 15:20:39 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS . ============= FINISH: 22:18:13.11 =============== Regards, Osborne