Osborne
-
Posts
25 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Osborne
-
-
Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Java 6 Update 37
Java version out of Date!
Adobe Flash Player 11.4.402.287 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
-
C:\ProgramData\Microsoft\Windows\DRM\3D5D.tmp.dat a variant of Win32/Kryptik.AOHY trojan
C:\ProgramData\Microsoft\Windows\DRM\4AFA.tmp.dat a variant of Win32/Kryptik.AOHY trojan
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric8.zip Win32/Bagle.gen.zip worm
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\3D9E.tmp.vir a variant of Win32/Kryptik.AOHY trojan
C:\TDSSKiller_Quarantine\19.11.2012_20.41.41\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\19.11.2012_20.41.41\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan
C:\TDSSKiller_Quarantine\19.11.2012_20.41.41\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.PR trojan
C:\TDSSKiller_Quarantine\19.11.2012_20.41.41\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan
C:\TDSSKiller_Quarantine\19.11.2012_20.41.41\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\19.11.2012_20.41.41\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan
C:\Users\All Users\Microsoft\Windows\DRM\3D5D.tmp.dat a variant of Win32/Kryptik.AOHY trojan
C:\Users\All Users\Microsoft\Windows\DRM\4AFA.tmp.dat a variant of Win32/Kryptik.AOHY trojan
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric8.zip Win32/Bagle.gen.zip worm
-
Computer looks to be working well, eset showed a bunch of things when it was up, 29 files, not sure what those were.
-
this is all that was in the log file
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
-
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Tori
->Temp folder emptied: 277470 bytes
->Temporary Internet Files folder emptied: 3891070 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 506 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 48240684 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 50.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 11252012_094205
Files\Folders moved on Reboot...
C:\Users\Tori\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Tori\AppData\Local\Temp\~DF0833C54F19DF44DF.TMP not found!
File\Folder C:\Users\Tori\AppData\Local\Temp\~DF448521B2AB196B74.TMP not found!
File\Folder C:\Users\Tori\AppData\Local\Temp\~DF4983D57CD1A4C179.TMP not found!
File\Folder C:\Users\Tori\AppData\Local\Temp\~DF751A6C17379F6BCC.TMP not found!
File\Folder C:\Users\Tori\AppData\Local\Temp\~DFA3576DE00665146B.TMP not found!
File\Folder C:\Users\Tori\AppData\Local\Temp\~DFBCD02F5DBE94A3E1.TMP not found!
C:\Users\Tori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UN5JHPZ6\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.
C:\Users\Tori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PC6IVYPF\index[2].htm moved successfully.
C:\Users\Tori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B0DM0TK3\fastbutton[1].htm moved successfully.
C:\Users\Tori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\Tori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
Good evening Osborne,
You have the Ask Toolbar (AskBarDis) installed. I strongly recommend you remove the Ask Toolbar from your computer because:
It promotes its toolbars on sites targeted at kids.
It promotes its toolbars through ads that appear to be part of other companies' sites.
It promotes its toolbars through other companies' spyware.
It is installed without any disclosure whatsoever and without any consent from the user whatsoever.
It solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
I see you also have the InternetHelper 1.5 Toolbar installed. It has been known to exhibit suspicious behaviour (please see here for more information. I recommend removing it.
Please go to Start>Control Panel>Programs and uninstall the following programs (if present):
- AskBarDis
- InternetHelper1.5 Toolbar
Please restart your computer after these program removals.
Niether of these is showing in my remove programs for control panel so I am going ahead with the OTL fix
- AskBarDis
-
OTL logfile created on: 11/24/2012 7:17:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tori\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.75 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 58.27% Memory free
5.49 Gb Paging File | 4.06 Gb Available in Paging File | 73.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.57 Gb Total Space | 230.08 Gb Free Space | 81.72% Space Free | Partition Type: NTFS
Drive D: | 16.23 Gb Total Space | 2.34 Gb Free Space | 14.43% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: TORI-HP | User Name: Tori | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/11/24 09:16:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tori\Desktop\OTL.exe
PRC - [2012/11/23 21:06:20 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/11/08 18:41:39 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/09 14:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 14:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
========== Modules (No Company Name) ==========
MOD - [2012/11/23 21:06:20 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/11/08 18:41:39 | 000,566,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
MOD - [2012/11/08 18:41:39 | 000,134,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
MOD - [2010/05/19 11:05:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/05/19 11:05:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/05/19 11:05:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
========== Services (SafeList) ==========
SRV:64bit: - [2010/06/18 17:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/17 10:59:38 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/19 19:55:18 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009/11/17 20:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/08 18:41:39 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 18:42:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/09 14:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/11/08 18:41:39 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/02 02:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 02:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 02:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 02:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/29 15:09:13 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/04/26 17:10:41 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/17 11:07:42 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/06/17 10:10:34 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/22 19:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/12/22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/07 20:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 20:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/08/23 19:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {A8B0415E-8C0A-42D5-97C9-FCD94BF2E779}
IE:64bit: - HKLM\..\SearchScopes\{27DE9F63-90CD-4BF7-B1F3-05DCC587CA00}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{A8B0415E-8C0A-42D5-97C9-FCD94BF2E779}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{DA70C85E-04DA-4636-8B11-8FCF248E78BA}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{FAA5CC0F-6B12-485F-945A-F4FB9ECD570B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{27DE9F63-90CD-4BF7-B1F3-05DCC587CA00}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{A8B0415E-8C0A-42D5-97C9-FCD94BF2E779}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3247201
IE - HKLM\..\SearchScopes\{DA70C85E-04DA-4636-8B11-8FCF248E78BA}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{FAA5CC0F-6B12-485F-945A-F4FB9ECD570B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {C3B83978-82ED-403B-82FB-6BEC1FB8D718}
IE - HKCU\..\SearchScopes\{27DE9F63-90CD-4BF7-B1F3-05DCC587CA00}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{A8B0415E-8C0A-42D5-97C9-FCD94BF2E779}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3247201
IE - HKCU\..\SearchScopes\{C3B83978-82ED-403B-82FB-6BEC1FB8D718}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{DA70C85E-04DA-4636-8B11-8FCF248E78BA}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{FAA5CC0F-6B12-485F-945A-F4FB9ECD570B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/23 21:07:03 | 000,000,000 | ---D | M]
[2012/06/23 17:50:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/28 15:45:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/05 20:06:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe ()
O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D04A0FC-3742-4DD7-99AD-8C633B5A0934}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDDF71EF-4778-448D-BC06-80DF65B3A25E}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/11/24 09:18:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/24 09:16:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tori\Desktop\OTL.exe
[2012/11/23 21:42:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/11/23 21:38:54 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/11/23 21:38:54 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/11/23 21:38:54 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/11/23 21:16:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/11/23 21:07:30 | 000,000,000 | ---D | C] -- C:\Users\Tori\AppData\Local\AVG Secure Search
[2012/11/22 13:20:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/20 06:30:17 | 000,000,000 | ---D | C] -- C:\Users\Tori\Desktop\tdsskiller
[2012/11/20 06:08:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/20 06:08:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/19 22:15:43 | 000,000,000 | ---D | C] -- C:\Users\Tori\AppData\Roaming\Malwarebytes
[2012/11/19 22:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/19 22:15:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/19 21:53:48 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/11/19 21:13:26 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\32836484.sys
[2012/11/19 20:44:34 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/11/19 19:10:47 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2012/11/19 18:53:12 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/19 18:53:12 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/08 20:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/11/08 20:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/11/08 20:02:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/11/08 19:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/11/08 19:56:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/11/08 19:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InternetHelper1.5
[2012/11/08 18:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/10/29 12:11:33 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/10/29 12:00:01 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
========== Files - Modified Within 30 Days ==========
[2012/11/24 19:22:07 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/24 19:22:06 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/24 19:14:36 | 000,425,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/24 19:14:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/24 19:13:23 | 2210,582,528 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/24 19:12:10 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTori.job
[2012/11/24 19:11:58 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/24 09:44:58 | 000,740,814 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/24 09:44:58 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/24 09:44:58 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/24 09:16:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tori\Desktop\OTL.exe
[2012/11/20 06:37:53 | 000,059,147 | ---- | M] () -- C:\Users\Tori\Desktop\tdsskillerlog.zip
[2012/11/19 21:13:26 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\32836484.sys
[2012/11/19 20:27:56 | 002,195,061 | ---- | M] () -- C:\Users\Tori\Desktop\tdsskiller.zip
[2012/11/19 19:13:00 | 245,366,635 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/19 19:02:47 | 000,000,133 | ---- | M] () -- C:\Windows\wininit.ini
[2012/11/08 20:02:39 | 000,001,242 | ---- | M] () -- C:\Users\Tori\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/11/08 20:02:39 | 000,001,218 | ---- | M] () -- C:\Users\Tori\Desktop\Spybot - Search & Destroy.lnk
[2012/11/08 19:56:32 | 000,000,009 | ---- | M] () -- C:\END
[2012/11/08 18:49:28 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/11/08 18:41:39 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
========== Files Created - No Company Name ==========
[2012/11/20 06:37:53 | 000,059,147 | ---- | C] () -- C:\Users\Tori\Desktop\tdsskillerlog.zip
[2012/11/20 06:29:59 | 002,195,061 | ---- | C] () -- C:\Users\Tori\Desktop\tdsskiller.zip
[2012/11/19 18:26:14 | 000,000,133 | ---- | C] () -- C:\Windows\wininit.ini
[2012/11/08 20:02:39 | 000,001,242 | ---- | C] () -- C:\Users\Tori\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/11/08 20:02:39 | 000,001,218 | ---- | C] () -- C:\Users\Tori\Desktop\Spybot - Search & Destroy.lnk
[2012/11/08 19:56:32 | 000,000,009 | ---- | C] () -- C:\END
[2012/11/05 18:57:06 | 245,366,635 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/10/02 17:49:23 | 000,001,854 | ---- | C] () -- C:\Users\Tori\AppData\Roaming\GhostObjGAFix.xml
========== ZeroAccess Check ==========
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
-
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Tori
->Temp folder emptied: 16027337 bytes
->Temporary Internet Files folder emptied: 159191783 bytes
->Java cache emptied: 121453223 bytes
->Flash cache emptied: 506 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14873308 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 297.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 11242012_091852
Files\Folders moved on Reboot...
C:\Users\Tori\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Tori\AppData\Local\Temp\~DF3CB14A816DE59A05.TMP not found!
File\Folder C:\Users\Tori\AppData\Local\Temp\~DF609B28502E5FC1E7.TMP not found!
File\Folder C:\Users\Tori\AppData\Local\Temp\~DF8B97EB5F5D57F59C.TMP not found!
File\Folder C:\Users\Tori\AppData\Local\Temp\~DF9870E9BBBF0E8CDB.TMP not found!
File\Folder C:\Users\Tori\AppData\Local\Temp\~DFB10E5A5979265E93.TMP not found!
File\Folder C:\Users\Tori\AppData\Local\Temp\~DFDF0CD20025D01F69.TMP not found!
C:\Users\Tori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CVQDQYSV\index[2].htm moved successfully.
C:\Users\Tori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CVQDQYSV\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.
C:\Users\Tori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\99R4INPC\fastbutton[2].htm moved successfully.
C:\Users\Tori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\Tori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Not sure I ran this correctly. Internet is working properly from what I can tell and this thing seems to be in working order in other area's too.
-
restored to before combofix was run, internet is back up
-
Internet is non existant at the moment, I am recieving the error
Windows could not automatically detect this network's proxy settings
-
OTL Extras logfile created on: 11/22/2012 9:28:53 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tori\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.75 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 56.61% Memory free
5.49 Gb Paging File | 3.96 Gb Available in Paging File | 72.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.57 Gb Total Space | 225.15 Gb Free Space | 79.96% Space Free | Partition Type: NTFS
Drive D: | 16.23 Gb Total Space | 2.34 Gb Free Space | 14.43% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 1.92 Gb Total Space | 1.21 Gb Free Space | 63.19% Space Free | Partition Type: FAT
Computer Name: TORI-HP | User Name: Tori | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0405261C-D4F2-4233-A20F-F78842AEB7BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{465E45A9-78B2-440B-AB01-64A16017C52A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4DA4FEA8-89D1-4FA7-B5D1-A7D793683367}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09804204-2350-455E-86DC-2FAA82565AA0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{0D1D17AF-A0BD-41DE-A747-B47D143132BA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{10E64BF6-71FE-4B92-BFF4-128D348F8903}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{29D7BF1B-6E51-452C-B760-2F529145FCFA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{3622B9D8-8BE5-4CEA-B5A8-70DF4CA3C71A}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{36566958-5B85-4E0F-A545-EDD7D13D7B36}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{3960F17E-4C32-4587-94E9-F7BBB885237E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{3ACD984F-FF22-4A55-83BF-D55CBF8E37CE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{3B2B585F-746C-4F32-A938-1EC841F40276}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{62AFAE04-0262-417D-BE45-436B8B57D8A3}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{66BDCFEF-B14F-40AD-B98D-F3A79712D708}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{74220436-65C2-4CB8-A07E-FB15FA235E41}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{777BD7A2-107F-4D48-AF0F-67F8280C605D}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{80391900-E59E-4645-8428-36B7FA4F9EA0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{82A12316-05E6-4075-9DAD-62E741E346A1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{A6D8843F-8BC7-43BA-B373-7BC80949A258}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{B44A67AB-1BDB-4520-AB43-326887598381}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{B57D7162-888C-473E-A8CB-99388F02B878}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{CBAF7CD0-30AE-4578-98BF-27B55BF377EF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{CF60C60C-A593-438A-AB5D-CD1C03E59910}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{D649C596-E7E7-4BC0-83AC-9C44BBECCA75}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{E6534443-29CF-4DAE-8DAC-94CF5F16A975}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{F22F0AE4-879F-4B1F-92F7-2FE8A5CA706D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{FC9B6BDA-0138-45F3-A938-A7F6C13A0D50}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java 6 Update 20 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B305FB9-297D-4F86-BC8B-740E7A1EF200}" = AVG 2013
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant
"{BB0CAB96-2EDE-4DDF-B6F3-AEE02C0F1CA4}" = AVG 2013
"{C01AE65A-8874-3A33-BE03-23F8516A0350}" = ccc-utility64
"{ECD0D4B5-FFA9-6E1B-A08D-58E82EA5EEB9}" = ATI Catalyst Install Manager
"{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}" = RtVOsd
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0190D9DE-6D57-7727-861E-D4BEA111D86B}" = Catalyst Control Center Core Implementation
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A785656-433A-0575-8C5D-A8EAE05329CA}" = CCC Help Thai
"{0AD77FFC-874E-9AAE-6A76-549DFEB17849}" = CCC Help Polish
"{0CD58F4F-B339-4B81-FAD4-2BF9E3590F60}" = CCC Help Czech
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1A47631D-8875-7993-476D-130C5D41D101}" = CCC Help Spanish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java 6 Update 32
"{28749552-9DBD-1D10-A894-6079282C941F}" = CCC Help German
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{30F4D459-824A-498C-826C-7721B777207F}" = Catalyst Control Center - Branding
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32BA2A6E-6C61-0347-8958-7B2113982A55}" = CCC Help Portuguese
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3C66EECF-8143-55D4-774A-309A59230A92}" = Catalyst Control Center Graphics Full Existing
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
"{54372041-9715-DE87-F84E-B0995D7567C6}" = CCC Help Chinese Traditional
"{5D6A4F95-49B5-0FC4-81CF-18176000B235}" = Catalyst Control Center Graphics Full New
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6D3650CA-7104-5DF0-E7EC-290CEC529AF8}" = CCC Help Korean
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{76B344A5-F756-0107-3559-1D97F9B316DC}" = CCC Help Norwegian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C36414C-DC87-4943-A525-BC1717BA17C9}" = HP Documentation
"{7CA09975-C4BE-469D-E45F-E47E9391106B}" = CCC Help Dutch
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81ADC365-6BA4-E757-81DA-BC9DC12DD291}" = Catalyst Control Center InstallProxy
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FA97A48-D942-AE67-D901-7C4136CC9DFD}" = CCC Help Danish
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{920E9471-FF68-680F-537C-F21777E53D31}" = CCC Help Turkish
"{97174E88-52F9-445A-A28E-704A45332D19}" = HP Software Framework
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4E828B6-FE61-E279-A174-F5323931400B}" = CCC Help Finnish
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6BEB695-166D-E268-8AA2-A243F615D0BA}" = CCC Help Japanese
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C21A705D-D992-204F-8A2A-C31F490F502F}" = CCC Help Greek
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAA10DB8-E20C-9192-38F9-1F5399EA2DB7}" = CCC Help Italian
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD184A27-1174-E497-189A-0CA5DB56BC97}" = CCC Help Chinese Standard
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D3A451EE-219D-F373-5152-8C4760278628}" = Catalyst Control Center Graphics Light
"{D5959B62-9515-8DC9-ED0B-1680210AAC3E}" = CCC Help English
"{DA9481F2-D8A1-CC1D-4A8E-22854E60C6EB}" = Catalyst Control Center Localization All
"{DE2B9A3D-976F-BE70-7557-52EE82BAB1C6}" = CCC Help French
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E9F950D9-A469-644E-3977-31F2963AEE23}" = CCC Help Swedish
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{ED6CEC68-1D49-5BCB-57B4-CD128E242356}" = CCC Help Hungarian
"{EDE97402-4A1F-2D15-FDB4-5620C57A9BA5}" = Catalyst Control Center Graphics Previews Common
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F08A7C44-17FC-ED74-831E-5BCA9D5B77AD}" = ccc-core-static
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1224610-A17E-4E65-560A-D56B963D650D}" = CCC Help Russian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7C81FF0-8624-8C6E-D28D-CF68DFE7AE8C}" = Catalyst Control Center Graphics Previews Vista
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10/29/2012 6:30:57 PM | Computer Name = Tori-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000420 Fault offset: 0x00013ce2 Faulting process id: 0xa84 Faulting application
start time: 0x01cdb601acc85b05 Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
module path: unknown Report Id: 4e98d8d5-2218-11e2-8342-60eb695e33d6
Error - 10/29/2012 8:12:57 PM | Computer Name = Tori-HP | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7601.17514 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 384 Start
Time: 01cdb632c67758e9 Termination Time: 47 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id: 86e04ccd-2226-11e2-a2d0-60eb695e33d6
Error - 10/29/2012 8:21:29 PM | Computer Name = Tori-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: mshtml.dll, version: 8.0.7601.17940, time
stamp: 0x5037b0d7 Exception code: 0xc0000005 Fault offset: 0x001faf9c Faulting process
id: 0x6a0 Faulting application start time: 0x01cdb626d2dbf875 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\mshtml.dll
Report
Id: bf832081-2227-11e2-a2d0-60eb695e33d6
Error - 10/30/2012 8:23:34 PM | Computer Name = Tori-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: mshtml.dll, version: 8.0.7601.17940, time
stamp: 0x5037b0d7 Exception code: 0xc0000005 Fault offset: 0x00209661 Faulting process
id: 0xfb4 Faulting application start time: 0x01cdb6fc39cbc239 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\mshtml.dll
Report
Id: 3480163a-22f1-11e2-a80f-60eb695e33d6
Error - 10/30/2012 8:30:31 PM | Computer Name = Tori-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: mshtml.dll, version: 8.0.7601.17940, time
stamp: 0x5037b0d7 Exception code: 0xc0000005 Fault offset: 0x001faf9c Faulting process
id: 0x83c Faulting application start time: 0x01cdb6fe3169f72a Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\mshtml.dll
Report
Id: 2cf99031-22f2-11e2-a80f-60eb695e33d6
Error - 10/30/2012 8:42:58 PM | Computer Name = Tori-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002e3be Faulting process
id: 0x16f4 Faulting application start time: 0x01cdb6ff09d8c6b9 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: e9fce34c-22f3-11e2-a80f-60eb695e33d6
Error - 10/30/2012 8:57:47 PM | Computer Name = Tori-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x00032949 Faulting process
id: 0x48c Faulting application start time: 0x01cdb700e12127d8 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: fc294f22-22f5-11e2-a80f-60eb695e33d6
Error - 10/30/2012 9:09:11 PM | Computer Name = Tori-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: mshtml.dll, version: 8.0.7601.17940, time
stamp: 0x5037b0d7 Exception code: 0xc0000005 Fault offset: 0x001faf9c Faulting process
id: 0xf10 Faulting application start time: 0x01cdb702cfb941f8 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\mshtml.dll
Report
Id: 93df9ab4-22f7-11e2-a80f-60eb695e33d6
Error - 10/30/2012 9:54:37 PM | Computer Name = Tori-HP | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: mshtml.dll, version: 8.0.7601.17940,
time stamp: 0x5037b0d7 Exception code: 0xc0000005 Fault offset: 0x001d4226 Faulting
process id: 0xd38 Faulting application start time: 0x01cdb6fc242bb11c Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\mshtml.dll Report Id: ecb38817-22fd-11e2-a80f-60eb695e33d6
Error - 10/31/2012 7:19:26 PM | Computer Name = Tori-HP | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: mshtml.dll, version: 8.0.7601.17940,
time stamp: 0x5037b0d7 Exception code: 0xc0000005 Fault offset: 0x001d4226 Faulting
process id: 0xeb4 Faulting application start time: 0x01cdb7bd7fcff57d Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\mshtml.dll Report Id: 69526a34-23b1-11e2-8166-60eb695e33d6
[ Hewlett-Packard Events ]
Error - 9/16/2012 4:46:11 PM | Computer Name = Tori-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 9/16/2012 4:46:26 PM | Computer Name = Tori-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 9/16/2012 4:46:37 PM | Computer Name = Tori-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 9/30/2012 6:01:55 PM | Computer Name = Tori-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 10/14/2012 6:56:04 PM | Computer Name = Tori-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0] Message: The server did not provide a meaningful
reply; this might be caused by a contract mismatch, a premature session shutdown
or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 2810 Ram Utilization: 40 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
System.Runtime.Remoting.Messaging.IMessage)
Error - 10/14/2012 6:56:07 PM | Computer Name = Tori-HP | Source = hpsa_service.exe | ID = 2000
Description =
Error - 10/28/2012 5:15:57 PM | Computer Name = Tori-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 10/28/2012 5:24:40 PM | Computer Name = Tori-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 11/11/2012 7:47:18 PM | Computer Name = Tori-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2810 Ram Utilization: 30 TargetSite: Void UpdateAndDetect()
Error - 11/13/2012 7:43:09 PM | Computer Name = Tori-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2810 Ram Utilization: TargetSite: Void UpdateAndDetect()
[ HP Wireless Assistant Events ]
Error - 12/20/2010 6:40:23 PM | Computer Name = Tori-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 12/20/2010 6:40:29 PM | Computer Name = Tori-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 12/20/2010 6:40:34 PM | Computer Name = Tori-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 12/20/2010 6:40:39 PM | Computer Name = Tori-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 9/11/2011 7:25:04 PM | Computer Name = Tori-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()
at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware
radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at HPPA_Service.CurrentConfiguration.ApplyFriendlyNames() at HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 1/15/2012 3:44:30 PM | Computer Name = Tori-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()
at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1
radios) at HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 6/24/2012 12:52:36 PM | Computer Name = Tori-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()
at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware
radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at HPPA_Service.CurrentConfiguration.ApplyFriendlyNames() at HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 10/3/2012 7:02:24 PM | Computer Name = Tori-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()
at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware
radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at HPPA_Service.CurrentConfiguration.ApplyFriendlyNames() at HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 11/5/2012 8:46:34 PM | Computer Name = Tori-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)
Error - 11/5/2012 8:46:38 PM | Computer Name = Tori-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
[ System Events ]
Error - 11/22/2012 3:14:19 PM | Computer Name = Tori-HP | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.
Error - 11/22/2012 3:15:27 PM | Computer Name = Tori-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 11/22/2012 3:15:36 PM | Computer Name = Tori-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 11/22/2012 3:17:37 PM | Computer Name = Tori-HP | Source = Service Control Manager | ID = 7000
Description = The HP Support Assistant Service service failed to start due to the
following error: %%31
Error - 11/22/2012 3:17:37 PM | Computer Name = Tori-HP | Source = Service Control Manager | ID = 7000
Description = The HP Wireless Assistant Service service failed to start due to the
following error: %%31
Error - 11/22/2012 3:17:37 PM | Computer Name = Tori-HP | Source = Service Control Manager | ID = 7000
Description = The RtVOsdService Installer service failed to start due to the following
error: %%31
Error - 11/22/2012 3:37:02 PM | Computer Name = Tori-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 11/22/2012 3:38:04 PM | Computer Name = Tori-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 11/22/2012 3:38:13 PM | Computer Name = Tori-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 11/22/2012 11:25:00 PM | Computer Name = Tori-HP | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the Ancillary Function
Driver for Winsock service which failed to start because of the following error:
%%1058
< End of report >
-
OTL logfile created on: 11/22/2012 9:28:53 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tori\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.75 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 56.61% Memory free
5.49 Gb Paging File | 3.96 Gb Available in Paging File | 72.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.57 Gb Total Space | 225.15 Gb Free Space | 79.96% Space Free | Partition Type: NTFS
Drive D: | 16.23 Gb Total Space | 2.34 Gb Free Space | 14.43% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 1.92 Gb Total Space | 1.21 Gb Free Space | 63.19% Space Free | Partition Type: FAT
Computer Name: TORI-HP | User Name: Tori | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/11/22 21:26:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tori\Desktop\OTL.exe
PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/09 14:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 14:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
========== Modules (No Company Name) ==========
MOD - [2010/05/19 11:05:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/05/19 11:05:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/05/19 11:05:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
========== Services (SafeList) ==========
SRV:64bit: - [2010/06/18 17:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/17 10:59:38 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/19 19:55:18 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009/11/17 20:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 18:42:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/09 14:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/02 02:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 02:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 02:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 02:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/29 15:09:13 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/04/26 17:10:41 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/17 11:07:42 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/06/17 10:10:34 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/22 19:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/12/22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/07 20:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 20:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/08/23 19:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{27DE9F63-90CD-4BF7-B1F3-05DCC587CA00}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{A8B0415E-8C0A-42D5-97C9-FCD94BF2E779}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{DA70C85E-04DA-4636-8B11-8FCF248E78BA}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{FAA5CC0F-6B12-485F-945A-F4FB9ECD570B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{27DE9F63-90CD-4BF7-B1F3-05DCC587CA00}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{A8B0415E-8C0A-42D5-97C9-FCD94BF2E779}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{DA70C85E-04DA-4636-8B11-8FCF248E78BA}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{FAA5CC0F-6B12-485F-945A-F4FB9ECD570B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {C3B83978-82ED-403B-82FB-6BEC1FB8D718}
IE - HKCU\..\SearchScopes\{27DE9F63-90CD-4BF7-B1F3-05DCC587CA00}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{C3B83978-82ED-403B-82FB-6BEC1FB8D718}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{DA70C85E-04DA-4636-8B11-8FCF248E78BA}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{FAA5CC0F-6B12-485F-945A-F4FB9ECD570B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
[2012/06/23 17:50:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/28 15:45:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/05 20:06:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
O1 HOSTS File: ([2012/11/22 13:15:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D04A0FC-3742-4DD7-99AD-8C633B5A0934}: DhcpNameServer = 10.107.128.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDDF71EF-4778-448D-BC06-80DF65B3A25E}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/11/22 21:26:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tori\Desktop\OTL.exe
[2012/11/22 13:36:40 | 019,637,880 | ---- | C] (Mozilla) -- C:\Users\Tori\Desktop\Firefox Setup 17.0.exe
[2012/11/22 13:20:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/22 13:15:55 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/11/20 06:30:35 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\04695815.sys
[2012/11/20 06:30:17 | 000,000,000 | ---D | C] -- C:\Users\Tori\Desktop\tdsskiller
[2012/11/20 06:08:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/20 06:08:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/20 06:08:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/20 06:08:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/20 06:08:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/20 06:06:15 | 005,004,421 | R--- | C] (Swearware) -- C:\Users\Tori\Desktop\ComboFix.exe
[2012/11/19 22:16:32 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Tori\Desktop\dds.scr
[2012/11/19 22:15:43 | 000,000,000 | ---D | C] -- C:\Users\Tori\AppData\Roaming\Malwarebytes
[2012/11/19 22:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/19 22:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/19 22:15:29 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/19 22:15:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/19 21:53:48 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/11/19 21:13:26 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\32836484.sys
[2012/11/19 20:44:34 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/11/19 18:53:12 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/19 18:53:12 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/08 20:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/11/08 20:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/11/08 20:02:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/11/08 19:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InternetHelper1.5
[2012/11/08 18:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/10/29 12:11:33 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/10/29 12:00:01 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/10/24 17:04:23 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/24 17:04:12 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/24 17:04:11 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/24 17:04:11 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/24 17:02:10 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/24 17:02:09 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
========== Files - Modified Within 30 Days ==========
[2012/11/22 21:26:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tori\Desktop\OTL.exe
[2012/11/22 21:25:20 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTori.job
[2012/11/22 21:25:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/22 21:25:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/22 15:13:25 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/22 15:13:25 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/22 13:37:55 | 2210,582,528 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/22 13:35:14 | 019,637,880 | ---- | M] (Mozilla) -- C:\Users\Tori\Desktop\Firefox Setup 17.0.exe
[2012/11/22 13:33:58 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/22 13:33:58 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/22 13:33:58 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/22 13:15:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/20 06:37:53 | 000,059,147 | ---- | M] () -- C:\Users\Tori\Desktop\tdsskillerlog.zip
[2012/11/20 06:30:35 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\04695815.sys
[2012/11/20 06:22:22 | 000,543,531 | ---- | M] () -- C:\Users\Tori\Desktop\adwcleaner.exe
[2012/11/20 06:06:19 | 005,004,421 | R--- | M] (Swearware) -- C:\Users\Tori\Desktop\ComboFix.exe
[2012/11/19 22:26:25 | 000,425,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/19 22:16:38 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Tori\Desktop\dds.scr
[2012/11/19 22:15:31 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/19 21:13:26 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\32836484.sys
[2012/11/19 20:27:56 | 002,195,061 | ---- | M] () -- C:\Users\Tori\Desktop\tdsskiller.zip
[2012/11/19 19:13:00 | 245,366,635 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/19 19:02:47 | 000,000,133 | ---- | M] () -- C:\Windows\wininit.ini
[2012/11/08 20:02:39 | 000,001,242 | ---- | M] () -- C:\Users\Tori\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/11/08 20:02:39 | 000,001,218 | ---- | M] () -- C:\Users\Tori\Desktop\Spybot - Search & Destroy.lnk
[2012/11/08 19:56:32 | 000,000,009 | ---- | M] () -- C:\END
[2012/11/08 18:49:28 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
========== Files Created - No Company Name ==========
[2012/11/20 06:37:53 | 000,059,147 | ---- | C] () -- C:\Users\Tori\Desktop\tdsskillerlog.zip
[2012/11/20 06:29:59 | 002,195,061 | ---- | C] () -- C:\Users\Tori\Desktop\tdsskiller.zip
[2012/11/20 06:22:22 | 000,543,531 | ---- | C] () -- C:\Users\Tori\Desktop\adwcleaner.exe
[2012/11/20 06:08:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/20 06:08:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/20 06:08:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/20 06:08:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/20 06:08:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/19 22:15:31 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/19 18:26:14 | 000,000,133 | ---- | C] () -- C:\Windows\wininit.ini
[2012/11/08 20:02:39 | 000,001,242 | ---- | C] () -- C:\Users\Tori\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/11/08 20:02:39 | 000,001,218 | ---- | C] () -- C:\Users\Tori\Desktop\Spybot - Search & Destroy.lnk
[2012/11/08 19:56:32 | 000,000,009 | ---- | C] () -- C:\END
[2012/11/05 18:57:06 | 245,366,635 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/10/02 17:49:23 | 000,001,854 | ---- | C] () -- C:\Users\Tori\AppData\Roaming\GhostObjGAFix.xml
========== ZeroAccess Check ==========
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2012/11/20 06:22:45 | 000,006,263 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2012/11/21 06:33:34 | 000,003,174 | ---- | M] () -- C:\AdwCleaner[s1].txt
[2009/07/13 19:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2012/11/22 13:20:26 | 000,066,730 | ---- | M] () -- C:\ComboFix.txt
[2012/11/08 19:56:32 | 000,000,009 | ---- | M] () -- C:\END
[2012/11/22 13:37:55 | 2210,582,528 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/22 13:37:55 | 2947,444,736 | -HS- | M] () -- C:\pagefile.sys
[2012/01/29 15:10:04 | 000,000,085 | ---- | M] () -- C:\SYNTPAD.LOG
[2012/11/19 20:39:50 | 000,007,102 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_19.11.2012_20.39.05_log.txt
[2012/11/19 20:44:41 | 000,393,726 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_19.11.2012_20.41.39_log.txt
[2012/11/19 20:46:42 | 000,005,028 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_19.11.2012_20.46.27_log.txt
[2012/11/19 21:13:51 | 000,004,966 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_19.11.2012_21.13.25_log.txt
[2012/11/19 21:18:05 | 000,398,404 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_19.11.2012_21.15.22_log.txt
[2012/11/20 06:24:45 | 000,004,966 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_20.11.2012_06.24.31_log.txt
[2012/11/20 06:30:04 | 000,395,336 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_20.11.2012_06.26.36_log.txt
[2012/11/20 06:32:14 | 000,456,196 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_20.11.2012_06.30.34_log.txt
[2012/11/20 06:48:05 | 000,005,028 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_20.11.2012_06.35.05_log.txt
< %systemroot%\*. /mp /s >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< >
< >
< End of report >
-
tried to run the online scanner and it would nto run, never popped up to install activex or anything not sure what to do with that one
-
after runnign combofix the internet has slowed to a crawl
-
ComboFix 12-11-20.02 - Tori 11/22/2012 13:08:02.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1704 [GMT -6:00]
Running from: c:\users\Tori\Desktop\ComboFix.exe
Command switches used :: c:\users\Tori\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\programdata\Microsoft\Windows\DRM\3D5D.tmp.dat"
"c:\programdata\Microsoft\Windows\DRM\3D9E.tmp"
"c:\programdata\Microsoft\Windows\DRM\4AFA.tmp.dat"
.
.
((((((((((((((((((((((((( Files Created from 2012-10-22 to 2012-11-22 )))))))))))))))))))))))))))))))
.
.
2012-11-22 19:14 . 2012-11-22 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-20 12:30 . 2012-11-20 12:30 208216 ----a-w- c:\windows\system32\drivers\04695815.sys
2012-11-20 04:15 . 2012-11-20 04:15 -------- d-----w- c:\users\Tori\AppData\Roaming\Malwarebytes
2012-11-20 04:15 . 2012-11-20 04:15 -------- d-----w- c:\programdata\Malwarebytes
2012-11-20 04:15 . 2012-09-30 01:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-20 04:15 . 2012-11-20 04:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-20 03:50 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-20 03:13 . 2012-11-20 03:13 208216 ----a-w- c:\windows\system32\drivers\32836484.sys
2012-11-20 02:44 . 2012-11-20 02:44 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-20 00:53 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-20 00:53 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-09 02:02 . 2012-11-20 00:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-11-09 02:02 . 2012-11-09 02:02 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-11-09 01:56 . 2012-11-14 01:30 -------- d-----w- c:\program files (x86)\InternetHelper1.5
2012-11-06 01:20 . 2012-11-06 01:20 119808 ----a-w- c:\programdata\Microsoft\Windows\DRM\3D5D.tmp.dat
2012-10-31 00:25 . 2012-10-31 00:25 -------- d-----w- c:\users\Administrator
2012-10-29 18:11 . 2012-10-29 18:11 -------- d-----w- c:\windows\Sun
2012-10-28 23:54 . 2012-10-28 23:54 119808 ----a-w- c:\programdata\Microsoft\Windows\DRM\4AFA.tmp.dat
2012-10-24 23:04 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-24 23:04 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-24 23:04 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-24 23:04 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-24 23:04 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-24 23:04 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-24 23:04 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-24 23:03 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-24 23:03 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-24 23:02 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-24 23:02 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-24 23:02 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-24 23:02 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-24 23:02 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-24 23:02 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-20 03:54 . 2011-01-13 01:42 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-23 00:42 . 2012-05-03 22:49 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-23 00:42 . 2012-03-26 23:35 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-22 19:02 . 2012-10-22 19:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-15 09:48 . 2012-10-15 09:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-10-05 09:32 . 2012-10-05 09:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-10-02 08:30 . 2012-10-02 08:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-09-21 08:46 . 2012-09-21 08:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-09-21 08:46 . 2012-09-21 08:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys
2012-09-14 08:05 . 2012-09-14 08:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-20 315392]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-26 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-17 202752]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 00:42]
.
2012-10-23 c:\windows\Tasks\HPCeeScheduleForTori.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-05-26 6245408]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-97252530.sys
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET CLR Data]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET CLR Networking]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET CLR Networking 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET Data Provider for Oracle]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET Data Provider for SqlServer]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NETFramework]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\1394ohci]
"ImagePath"="\SystemRoot\system32\drivers\1394ohci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ACPI]
"ImagePath"="system32\drivers\ACPI.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AcpiPmi]
"ImagePath"="\SystemRoot\system32\drivers\acpipmi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AdobeFlashPlayerUpdateSvc]
"ImagePath"="c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\adp94xx]
"ImagePath"="\SystemRoot\system32\DRIVERS\adp94xx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\adpahci]
"ImagePath"="\SystemRoot\system32\DRIVERS\adpahci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\adpu320]
"ImagePath"="\SystemRoot\system32\DRIVERS\adpu320.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\adsi]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AeLookupSvc]
"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AERTFilters]
"ImagePath"="c:\program files\Realtek\Audio\HDA\AERTSr64.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AFD]
"ImagePath"="\SystemRoot\system32\drivers\afd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\agp440]
"ImagePath"="\SystemRoot\system32\drivers\agp440.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\aliide]
"ImagePath"="\SystemRoot\system32\drivers\aliide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AMD External Events Utility]
"ImagePath"="%SystemRoot%\system32\atiesrxx.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdide]
"ImagePath"="\SystemRoot\system32\drivers\amdide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AmdK8]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdk8.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdkmdag]
"ImagePath"="system32\DRIVERS\atipmdag.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdkmdap]
"ImagePath"="system32\DRIVERS\atikmpag.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AmdPPM]
"ImagePath"="system32\DRIVERS\amdppm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdsata]
"ImagePath"="system32\DRIVERS\amdsata.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdsbs]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdsbs.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdxata]
"ImagePath"="system32\DRIVERS\amdxata.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AppID]
"ImagePath"="\SystemRoot\system32\drivers\appid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AppIDSvc]
"ServiceDll"="%SystemRoot%\System32\appidsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Appinfo]
"ServiceDll"="%SystemRoot%\System32\appinfo.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\arc]
"ImagePath"="\SystemRoot\system32\DRIVERS\arc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\arcsas]
"ImagePath"="\SystemRoot\system32\DRIVERS\arcsas.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\atapi]
"ImagePath"="system32\drivers\atapi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Atierecord]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AtiPcie]
"ImagePath"="system32\DRIVERS\AtiPcie.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AudioEndpointBuilder]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avg]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AVGIDSAgent]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgidsagent.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AVGIDSDriver]
"ImagePath"="system32\DRIVERS\avgidsdrivera.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AVGIDSHA]
"ImagePath"="system32\DRIVERS\avgidsha.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgldx64]
"ImagePath"="system32\DRIVERS\avgldx64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgloga]
"ImagePath"="system32\DRIVERS\avgloga.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgmfx64]
"ImagePath"="system32\DRIVERS\avgmfx64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgrkx64]
"ImagePath"="system32\DRIVERS\avgrkx64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgtdia]
"ImagePath"="system32\DRIVERS\avgtdia.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\avgwd]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AxInstSV]
"ServiceDll"="%SystemRoot%\System32\AxInstSV.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\b06bdrv]
"ImagePath"="\SystemRoot\system32\DRIVERS\bxvbda.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\b57nd60a]
"ImagePath"="system32\DRIVERS\b57nd60a.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BattC]
"MofImagePath"="system32\drivers\battc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BCM43XX]
"ImagePath"="system32\DRIVERS\bcmwl664.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BDESVC]
"ServiceDll"="%SystemRoot%\System32\bdesvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Beep]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BFE]
"ServiceDll"="%SystemRoot%\System32\bfe.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BHDrvx64]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\blbdrive]
"ImagePath"="\SystemRoot\system32\DRIVERS\blbdrive.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\bowser]
"ImagePath"="system32\DRIVERS\bowser.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrFiltLo]
"ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltLo.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrFiltUp]
"ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltUp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BridgeMP]
"ImagePath"="system32\DRIVERS\bridge.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Brserid]
"ImagePath"="\SystemRoot\System32\Drivers\Brserid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrSerWdm]
"ImagePath"="\SystemRoot\System32\Drivers\BrSerWdm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrUsbMdm]
"ImagePath"="\SystemRoot\System32\Drivers\BrUsbMdm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrUsbSer]
"ImagePath"="\SystemRoot\System32\Drivers\BrUsbSer.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BTHMODEM]
"ImagePath"="\SystemRoot\system32\DRIVERS\bthmodem.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BTHPORT]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\bthserv]
"ServiceDll"="%SystemRoot%\system32\bthserv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\catchme]
"ImagePath"="\??\c:\combofix\catchme.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\cdfs]
"ImagePath"="system32\DRIVERS\cdfs.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\cdrom]
"ImagePath"="\SystemRoot\system32\drivers\cdrom.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CertPropSvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CinemaNow Service]
"ImagePath"="c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\circlass]
"ImagePath"="\SystemRoot\system32\DRIVERS\circlass.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CLFS]
"ImagePath"="System32\CLFS.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v2.0.50727_32]
"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v2.0.50727_64]
"ImagePath"="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v4.0.30319_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v4.0.30319_64]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CmBatt]
"ImagePath"="\SystemRoot\system32\DRIVERS\CmBatt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\cmdide]
"ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CNG]
"ImagePath"="System32\Drivers\cng.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Compbatt]
"ImagePath"="system32\DRIVERS\compbatt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CompositeBus]
"ImagePath"="\SystemRoot\system32\drivers\CompositeBus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\crcdisk]
"ImagePath"="\SystemRoot\system32\DRIVERS\crcdisk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\crypt32]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CryptSvc]
"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DCLocator]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\defragsvc]
"ServiceDll"="%Systemroot%\System32\defragsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DfsC]
"ImagePath"="System32\Drivers\dfsc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Dhcp]
"ServiceDll"="%SystemRoot%\system32\dhcpcore.dll"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\discache]
"ImagePath"="System32\drivers\discache.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DPS]
"ServiceDll"="%SystemRoot%\system32\dps.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DXGKrnl]
"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ebdrv]
"ImagePath"="\SystemRoot\system32\DRIVERS\evbda.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EFS]
"ImagePath"="%SystemRoot%\System32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ehRecvr]
"ImagePath"="%systemroot%\ehome\ehRecvr.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ehSched]
"ImagePath"="%systemroot%\ehome\ehsched.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\elxstor]
"ImagePath"="\SystemRoot\system32\DRIVERS\elxstor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ErrDev]
"ImagePath"="\SystemRoot\system32\drivers\errdev.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ESENT]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\eventlog]
"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EventSystem]
"ServiceDll"="%systemroot%\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\exfat]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fastfat]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Fax]
"ImagePath"="%systemroot%\system32\fxssvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fdc]
"ImagePath"="\SystemRoot\system32\DRIVERS\fdc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fdPHost]
"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FDResPub]
"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FileInfo]
"ImagePath"="system32\drivers\fileinfo.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Filetrace]
"ImagePath"="system32\drivers\filetrace.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\flpydisk]
"ImagePath"="\SystemRoot\system32\DRIVERS\flpydisk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FontCache]
"ServiceDll"="%SystemRoot%\system32\FntCache.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FontCache3.0.0.0]
"ImagePath"="%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FsDepends]
"ImagePath"="System32\drivers\FsDepends.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Fs_Rec]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fvevol]
"ImagePath"="System32\DRIVERS\fvevol.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\gagp30kx]
"ImagePath"="\SystemRoot\system32\DRIVERS\gagp30kx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\gpsvc]
"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hcw85cir]
"ImagePath"="\SystemRoot\system32\drivers\hcw85cir.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HdAudAddService]
"ImagePath"="\SystemRoot\system32\drivers\HdAudio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HDAudBus]
"ImagePath"="\SystemRoot\system32\drivers\HDAudBus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidBatt]
"ImagePath"="\SystemRoot\system32\DRIVERS\HidBatt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidBth]
"ImagePath"="\SystemRoot\system32\DRIVERS\hidbth.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidIr]
"ImagePath"="\SystemRoot\system32\DRIVERS\hidir.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hidserv]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidUsb]
"ImagePath"="\SystemRoot\system32\drivers\hidusb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hkmsvc]
"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HomeGroupListener]
"ServiceDll"="%SystemRoot%\system32\ListSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HomeGroupProvider]
"ServiceDll"="%SystemRoot%\system32\provsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HP Support Assistant Service]
"ImagePath"="\"c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HP Wireless Assistant Service]
"ImagePath"="\"c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HPDrvMntSvc.exe]
"ImagePath"="\"c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hpqwmiex]
"ImagePath"="\"c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HpSAMD]
"ImagePath"="\SystemRoot\system32\drivers\HpSAMD.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HPWMISVC]
"ImagePath"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HTTP]
"ImagePath"="system32\drivers\HTTP.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hwpolicy]
"ImagePath"="System32\drivers\hwpolicy.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\i8042prt]
"ImagePath"="\SystemRoot\system32\drivers\i8042prt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\iaStorV]
"ImagePath"="\SystemRoot\system32\drivers\iaStorV.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\idsvc]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IDSVia64]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\igfx]
"ImagePath"="system32\DRIVERS\igdkmd64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\iirsp]
"ImagePath"="\SystemRoot\system32\DRIVERS\iirsp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IKEEXT]
"ServiceDll"="%SystemRoot%\System32\ikeext.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\inetaccs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RTKVHD64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\intelide]
"ImagePath"="\SystemRoot\system32\drivers\intelide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\intelppm]
"ImagePath"="\SystemRoot\system32\DRIVERS\intelppm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IPBusEnum]
"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\iphlpsvc]
"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IPMIDRV]
"ImagePath"="\SystemRoot\system32\drivers\IPMIDrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IPNAT]
"ImagePath"="System32\drivers\ipnat.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IRENUM]
"ImagePath"="system32\drivers\irenum.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\isapnp]
"ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\iScsiPrt]
"ImagePath"="\SystemRoot\system32\drivers\msiscsi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\kbdclass]
"ImagePath"="\SystemRoot\system32\drivers\kbdclass.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\kbdhid]
"ImagePath"="\SystemRoot\system32\drivers\kbdhid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\KeyIso]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\KSecDD]
"ImagePath"="System32\Drivers\ksecdd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\KSecPkg]
"ImagePath"="System32\Drivers\ksecpkg.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ksthunk]
"ImagePath"="\SystemRoot\system32\drivers\ksthunk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\KtmRm]
"ServiceDll"="%systemroot%\system32\msdtckrm.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LanmanServer]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LanmanWorkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ldap]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LightScribeService]
"ImagePath"="\"c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\lltdio]
"ImagePath"="system32\DRIVERS\lltdio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\lltdsvc]
"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\lmhosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Lsa]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_FC]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_fc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_SAS]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_SAS2]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas2.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_SCSI]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_scsi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\luafv]
"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Mcx2Svc]
"ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\megasas]
"ImagePath"="\SystemRoot\system32\DRIVERS\megasas.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MegaSR]
"ImagePath"="\SystemRoot\system32\DRIVERS\MegaSR.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MMCSS]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Modem]
"ImagePath"="system32\drivers\modem.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\monitor]
"ImagePath"="system32\DRIVERS\monitor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mouclass]
"ImagePath"="\SystemRoot\system32\drivers\mouclass.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mountmgr]
"ImagePath"="System32\drivers\mountmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mpio]
"ImagePath"="\SystemRoot\system32\drivers\mpio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mpsdrv]
"ImagePath"="System32\drivers\mpsdrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MpsSvc]
"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MRxDAV]
"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mrxsmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mrxsmb10]
"ImagePath"="system32\DRIVERS\mrxsmb10.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mrxsmb20]
"ImagePath"="system32\DRIVERS\mrxsmb20.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msahci]
"ImagePath"="system32\drivers\msahci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msdsm]
"ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSDTC]
"ImagePath"="%SystemRoot%\System32\msdtc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSDTC Bridge 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSDTC Bridge 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Msfs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mshidkmdf]
"ImagePath"="\SystemRoot\System32\drivers\mshidkmdf.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msisadrv]
"ImagePath"="system32\drivers\msisadrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSiSCSI]
"ServiceDll"="%systemroot%\system32\iscsiexe.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsRPC]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSSCNTRS]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mssmbios]
"ImagePath"="\SystemRoot\system32\drivers\mssmbios.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MTConfig]
"ImagePath"="\SystemRoot\system32\DRIVERS\MTConfig.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Mup]
"ImagePath"="System32\Drivers\mup.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\napagent]
"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NativeWifiP]
"ImagePath"="system32\DRIVERS\nwifi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NDIS]
"ImagePath"="system32\drivers\ndis.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NdisCap]
"ImagePath"="system32\DRIVERS\ndiscap.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NDProxy]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetBT]
"ImagePath"="System32\DRIVERS\netbt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\netprofm]
"ServiceDll"="%SystemRoot%\System32\netprofm.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetTcpPortSharing]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\netw5v64]
"ImagePath"="system32\DRIVERS\netw5v64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nfrd960]
"ImagePath"="\SystemRoot\system32\DRIVERS\nfrd960.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NlaSvc]
"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Npfs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nsi]
"ServiceDll"="%systemroot%\system32\nsisvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nsiproxy]
"ImagePath"="system32\drivers\nsiproxy.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NTDS]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Ntfs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Null]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nvraid]
"ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nvstor]
"ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nv_agp]
"ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ohci1394]
"ImagePath"="\SystemRoot\system32\drivers\ohci1394.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ose]
"ImagePath"="\"c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\osppsvc]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Outlook]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\p2pimsvc]
"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\p2psvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Parport]
"ImagePath"="\SystemRoot\system32\DRIVERS\parport.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\partmgr]
"ImagePath"="System32\drivers\partmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PcaSvc]
"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pci]
"ImagePath"="system32\drivers\pci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pciide]
"ImagePath"="\SystemRoot\system32\drivers\pciide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pcmcia]
"ImagePath"="\SystemRoot\system32\DRIVERS\pcmcia.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pcw]
"ImagePath"="System32\drivers\pcw.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PEAUTH]
"ImagePath"="system32\drivers\peauth.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfDisk]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfHost]
"ImagePath"="%SystemRoot%\SysWow64\perfhost.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfNet]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfOS]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfProc]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pla]
"ServiceDll"="%systemroot%\system32\pla.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PlugPlay]
"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PNRPAutoReg]
"ServiceDll"="%SystemRoot%\system32\pnrpauto.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PNRPsvc]
"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PolicyAgent]
"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PortProxy]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Power]
"ServiceDll"="%SystemRoot%\system32\umpo.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Processor]
"ImagePath"="\SystemRoot\system32\DRIVERS\processr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ProfSvc]
"ServiceDll"="%systemroot%\system32\profsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Psched]
"ImagePath"="system32\DRIVERS\pacer.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ql2300]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql2300.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ql40xx]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql40xx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\QWAVE]
"ServiceDll"="%windir%\system32\qwave.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\QWAVEdrv]
"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasAcd]
"ImagePath"="System32\DRIVERS\rasacd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasAgileVpn]
"ImagePath"="system32\DRIVERS\AgileVpn.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasSstp]
"ImagePath"="system32\DRIVERS\rassstp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\rdpbus]
"ImagePath"="\SystemRoot\system32\DRIVERS\rdpbus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPDD]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPENCDD]
"ImagePath"="system32\drivers\rdpencdd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPNP]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPREFMP]
"ImagePath"="system32\drivers\rdprefmp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPWD]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\rdyboost]
"ImagePath"="System32\drivers\rdyboost.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RemoteAccess]
"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcEptMapper]
"ServiceDll"="%SystemRoot%\System32\RpcEpMap.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcSs]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\rspndr]
"ImagePath"="system32\DRIVERS\rspndr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RTL8167]
"ImagePath"="system32\DRIVERS\Rt64win7.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RtVOsdService]
"ImagePath"="\"c:\program files\Realtek\RtVOsd\RtVOsdService.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sbp2port]
"ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SBSDWSCService]
"ImagePath"="c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SCardSvr]
"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\scfilter]
"ImagePath"="System32\DRIVERS\scfilter.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Schedule]
"ServiceDll"="%systemroot%\system32\schedsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SCPolicySvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sdbus]
"ImagePath"="\SystemRoot\system32\drivers\sdbus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SDRSVC]
"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\secdrv]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\seclogon]
"ServiceDll"="%windir%\system32\seclogon.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SensrSvc]
"ServiceDll"="%SystemRoot%\system32\sensrsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Serenum]
"ImagePath"="\SystemRoot\system32\DRIVERS\serenum.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Serial]
"ImagePath"="\SystemRoot\system32\DRIVERS\serial.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sermouse]
"ImagePath"="\SystemRoot\system32\DRIVERS\sermouse.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceModelEndpoint 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceModelOperation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceModelService 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SessionEnv]
"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sffdisk]
"ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sffp_mmc]
"ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sffp_sd]
"ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sfloppy]
"ImagePath"="\SystemRoot\system32\DRIVERS\sfloppy.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SiSRaid2]
"ImagePath"="\SystemRoot\system32\DRIVERS\SiSRaid2.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SiSRaid4]
"ImagePath"="\SystemRoot\system32\DRIVERS\sisraid4.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SkypeUpdate]
"ImagePath"="\"c:\program files (x86)\Skype\Updater\Updater.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Smb]
"ImagePath"="system32\DRIVERS\smb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SMSvcHost 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SMSvcHost 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SNMPTRAP]
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\spldr]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Spooler]
"ImagePath"="%SystemRoot%\System32\spoolsv.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sppsvc]
"ImagePath"="%SystemRoot%\system32\sppsvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sppuinotify]
"ServiceDll"="%SystemRoot%\system32\sppuinotify.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\srv]
"ImagePath"="System32\DRIVERS\srv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\srv2]
"ImagePath"="System32\DRIVERS\srv2.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SrvHsfHDA]
"ImagePath"="system32\DRIVERS\VSTAZL6.SYS"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SrvHsfV92]
"ImagePath"="system32\DRIVERS\VSTDPV6.SYS"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SrvHsfWinac]
"ImagePath"="system32\DRIVERS\VSTCNXT6.SYS"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\srvnet]
"ImagePath"="System32\DRIVERS\srvnet.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SstpSvc]
"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\stexstor]
"ImagePath"="\SystemRoot\system32\DRIVERS\stexstor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\stisvc]
"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\swenum]
"ImagePath"="\SystemRoot\system32\drivers\swenum.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\swprv]
"ServiceDll"="%Systemroot%\System32\swprv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SymDS]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SymEFA]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SynTP]
"ImagePath"="system32\DRIVERS\SynTP.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SysMain]
"ServiceDll"="%systemroot%\system32\sysmain.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TabletInputService]
"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TBS]
"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Tcpip]
"ImagePath"="System32\drivers\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TCPIP6]
"ImagePath"="system32\DRIVERS\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TCPIP6TUNNEL]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\tcpipreg]
"ImagePath"="System32\drivers\tcpipreg.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TCPIPTUNNEL]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TDPIPE]
"ImagePath"="system32\drivers\tdpipe.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TDTCP]
"ImagePath"="system32\drivers\tdtcp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\tdx]
"ImagePath"="system32\DRIVERS\tdx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TermDD]
"ImagePath"="\SystemRoot\system32\drivers\termdd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Themes]
"ServiceDll"="%SystemRoot%\system32\themeservice.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\THREADORDER]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrkWks]
"ServiceDll"="%SystemRoot%\System32\trkwks.dll"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrustedInstaller]
"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TSDDD]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\tssecsrv]
"ImagePath"="System32\DRIVERS\tssecsrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TsUsbFlt]
"ImagePath"="system32\drivers\tsusbflt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\tunnel]
"ImagePath"="system32\DRIVERS\tunnel.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\uagp35]
"ImagePath"="\SystemRoot\system32\DRIVERS\uagp35.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\udfs]
"ImagePath"="system32\DRIVERS\udfs.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UGatherer]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UGTHRSVC]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UI0Detect]
"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\uliagpkx]
"ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\umbus]
"ImagePath"="\SystemRoot\system32\drivers\umbus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UmPass]
"ImagePath"="\SystemRoot\system32\DRIVERS\umpass.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbccgp]
"ImagePath"="\SystemRoot\system32\drivers\usbccgp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbcir]
"ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbehci]
"ImagePath"="\SystemRoot\system32\drivers\usbehci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbfilter]
"ImagePath"="system32\DRIVERS\usbfilter.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbhub]
"ImagePath"="\SystemRoot\system32\drivers\usbhub.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbohci]
"ImagePath"="\SystemRoot\system32\drivers\usbohci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbprint]
"ImagePath"="\SystemRoot\system32\DRIVERS\usbprint.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbuhci]
"ImagePath"="\SystemRoot\system32\drivers\usbuhci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbvideo]
"ImagePath"="\SystemRoot\System32\Drivers\usbvideo.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UxSms]
"ServiceDll"="%SystemRoot%\System32\uxsms.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VaultSvc]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vdrvroot]
"ImagePath"="system32\drivers\vdrvroot.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vds]
"ImagePath"="%SystemRoot%\System32\vds.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vga]
"ImagePath"="system32\DRIVERS\vgapnp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vhdmp]
"ImagePath"="\SystemRoot\system32\drivers\vhdmp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\viaide]
"ImagePath"="\SystemRoot\system32\drivers\viaide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\volmgr]
"ImagePath"="system32\drivers\volmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\volmgrx]
"ImagePath"="System32\drivers\volmgrx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\volsnap]
"ImagePath"="system32\drivers\volsnap.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vsmraid]
"ImagePath"="\SystemRoot\system32\DRIVERS\vsmraid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VSS]
"ImagePath"="%systemroot%\system32\vssvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vwifibus]
"ImagePath"="system32\DRIVERS\vwifibus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vwififlt]
"ImagePath"="system32\DRIVERS\vwififlt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\W3SVC]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WacomPen]
"ImagePath"="\SystemRoot\system32\DRIVERS\wacompen.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WANARP]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wanarpv6]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WatAdminSvc]
"ImagePath"="%SystemRoot%\system32\Wat\WatAdminSvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wbengine]
"ImagePath"="\"%systemroot%\system32\wbengine.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WbioSrvc]
"ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wcncsvc]
"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WcsPlugInService]
"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wd]
"ImagePath"="\SystemRoot\system32\DRIVERS\wd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wdf01000]
"ImagePath"="system32\drivers\Wdf01000.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiServiceHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiSystemHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wecsvc]
"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wercplsupport]
"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WerSvc]
"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WfpLwf]
"ImagePath"="system32\DRIVERS\wfplwf.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WIMMount]
"ImagePath"="system32\drivers\wimmount.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinDefend]
"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Windows Workflow Foundation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinHttpAutoProxySvc]
"ServiceDll"="winhttp.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRM]
"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winsock]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinSock2]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinUsb]
"ImagePath"="system32\DRIVERS\WinUsb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wlansvc]
"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wlidsvc]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmiAcpi]
"ImagePath"="\SystemRoot\system32\drivers\wmiacpi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmiApRpl]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wmiApSrv]
"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WMPNetworkSvc]
"ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WPCSvc]
"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WPDBusEnum]
"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ws2ifsl]
"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WSearchIdxPi]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wuauserv]
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WudfPf]
"ImagePath"="system32\drivers\WudfPf.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WUDFRd]
"ImagePath"="system32\DRIVERS\WUDFRd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wudfsvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WwanSvc]
"ServiceDll"="%SystemRoot%\System32\wwansvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xmlprov]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\yukonw7]
"ImagePath"="system32\DRIVERS\yk62x64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{0D04A0FC-3742-4DD7-99AD-8C633B5A0934}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{CDDF71EF-4778-448D-BC06-80DF65B3A25E}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2012-11-22 13:20:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-22 19:20
ComboFix2.txt 2012-11-20 12:19
.
Pre-Run: 245,407,170,560 bytes free
Post-Run: 245,208,252,416 bytes free
.
- - End Of File - - DC7BCB558AAE95073B8BF01CA9C0F16D
-
Computer is loading a little slow but we are able to get past our homepage now and actually work on the computer to try and get it clean. Thank you so much for all your help so far.
-
SHA256: fc6a790373838af7061930acb5c6246fa82207c4528e414e7f0d1fa70fd33496 SHA1: 9a71be951fb85367da58ca543e492c6064d3f01f MD5: dbd5f8ad0da8451d2fde6d5ec2baf0ee File size: 117.0 KB ( 119808 bytes ) File name: 4AFA.tmp.dat File type: Win32 EXE Detection ratio: 28 / 43 Analysis date: 2012-11-21 12:46:11 UTC ( 0 minutes ago )
0
0
Less details
Antivirus Result Update Agnitum - 20121118 AhnLab-V3 Dropper/Win32.Tdss 20121118 AntiVir TR/Alureon.A.62 20121119 Antiy-AVL - 20121118 Avast Win32:Alureon-AYC [Trj] 20121119 AVG Dropper.Generic6.CPLD 20121119 BitDefender Gen:Variant.Kazy.105314 20121119 ByteHero - 20121116 CAT-QuickHeal - 20121119 ClamAV - 20121119 Commtouch - 20121119 Comodo TrojWare.Win32.Trojan.Agent.Gen 20121119 DrWeb Trojan.Tdlphaze.15 20121119 Emsisoft - 20121119 eSafe - 20121115 ESET-NOD32 a variant of Win32/Kryptik.AOHY 20121119 F-Prot - 20121119 F-Secure Gen:Variant.Kazy.105314 20121119 Fortinet W32/TDSS.AWPQ!tr 20121119 GData Gen:Variant.Kazy.105314 20121119 Ikarus Trojan.Win32.Tdss 20121119 Jiangmin TrojanDropper.TDSS.hwe 20121119 K7AntiVirus - 20121116 Kaspersky Trojan-Dropper.Win32.TDSS.awpq 20121119 Kingsoft Win32.Malware.Generic.a.(kcloud) 20121112 McAfee DNSChanger!fh 20121119 McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.G 20121119 Microsoft Trojan:Win32/Alureon 20121119 MicroWorld-eScan Gen:Variant.Kazy.105314 20121119 Norman W32/Troj_Generic.FFGRN 20121119 nProtect - 20121119 Panda Trj/OCJ.A 20121119 Rising - 20121119 Sophos Mal/Generic-L 20121119 SUPERAntiSpyware - 20121119 Symantec Backdoor.Pihar 20121119 TheHacker - 20121118 TotalDefense - 20121118 TrendMicro TROJ_SPNR.16K612 20121119 TrendMicro-HouseCall TROJ_SPNR.16K612 20121119 VBA32 BScope.Malware-Cryptor.TDSS.2112 20121119 VIPRE Trojan.Win32.Generic!BT 20121119 ViRobot Dropper.A.Tdss.119808.H 20121119
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
Leave your comment...
?
Rich Text Area
Toolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y) StylesStyles ▼ Remove Formatting Post comment
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes. No one has voted on this item yet, be the first one to do so!
An error occurred
ssdeep
1536:4YJ+3X3g8u66Ch2mu20uiQPVPKskO7GzYKVju13tHuJMpxU2Ndf8KhaaX7YEi962:4YU3guZhBuNEPxnkbX7MoGXfX7yb
TrID
Win 9x/ME Control Panel applet (43.5%)
Win32 Executable Generic (23.9%)
Win32 Dynamic Link Library (generic) (21.2%)
Generic Win/DOS Executable (5.6%)
DOS Executable Generic (5.6%)
ExifTool
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
MachineType..............: Intel 386 or later, and compatibles
TimeStamp................: 2012:05:07 06:42:59+01:00
FileType.................: Win32 EXE
PEType...................: PE32
CodeSize.................: 10240
LinkerVersion............: 12.0
Warning..................: Error processing PE data dictionary
EntryPoint...............: 0x3371
InitializedDataSize......: 108032
SubsystemVersion.........: 5.1
ImageVersion.............: 0.0
OSVersion................: 5.1
UninitializedDataSize....: 0
Portable Executable structural information
Compilation timedatestamp.....: 2012-05-07 05:42:59
Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x00003371
PE Sections...................:
Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 4096 9864 10240 6.54 90d7968d261258b96495acebfb6cb081
.oeLhK 16384 324 512 2.34 ff4c659db46bc8d7109c3f6ceda1d755
.uzrdi 20480 1408 1536 5.14 24d6aafae30a98c13df4a0520adca2fd
.xRb 24576 28 512 0.16 987a4ce24f364f6165e344d312fbe77d
.vyWb 28672 50 512 0.87 0201fdf7d79a6048b06d5e9c60ded788
.rvcGbk 32768 76 512 0.98 73064c5f040a9350b3bc849ba0e1f988
.quWnov 36864 64 512 0.84 00416c5f6bf0878a188942770f5d367f
.Tjrpg 40960 64 512 0.83 2ce4f3ae50bc836239aace105e4e153e
.qhma 45056 127 512 1.68 0331f3497abe3afa82b2dc37e1e7a971
.NFX 49152 68 512 0.74 166b8065fbe8c83b2df907193c5a2520
.data 53248 2804 3072 5.30 e1f5929fb786fac06df8af102f52857b
.liTd 57344 118188 0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 176128 97623 97792 7.81 13d4778ed1afe6f928dde504b96365b9
.reloc 274432 1076 1536 5.21 9e24a2425a9843aa57622dd957ce10fe
PE Imports....................:
[[COMDLG32.dll]]
ReplaceTextW, GetSaveFileNameA, PrintDlgW
[[GDI32.dll]]
SetDIBits, GetDIBColorTable, SetROP2, CreateHalftonePalette, TranslateCharsetInfo, SetDIBColorTable, SetViewportOrgEx, GetTextColor, CreateSolidBrush, CreateEllipticRgnIndirect, PtVisible, CreateDCW, SetTextAlign, GetTextMetricsA
[[KERNEL32.dll]]
AreFileApisANSI, CreatePipe, lstrcpyW, GetTimeZoneInformation, GetVersion, GetModuleFileNameW, EnumResourceNamesW, FindFirstFileA, IsBadWritePtr, GetCommProperties, TransactNamedPipe, CreateDirectoryA, GlobalUnlock, lstrcmpW, HeapUnlock, GetThreadContext, LeaveCriticalSection
[[console.dll]]
CPlApplet
[[uSER32.dll]]
GetMessagePos, SetCaretPos, GetScrollPos, DestroyAcceleratorTable, RegisterWindowMessageA, ShowWindow, DrawStateW, SetScrollPos, DispatchMessageA, LockWindowUpdate, CharUpperBuffA, DrawIcon, SetWindowLongA, wvsprintfA, SendDlgItemMessageW, GetWindow, CreateCursor, MapDialogRect, CharNextExA, GetForegroundWindow, DefFrameProcA, LoadStringW, GetClientRect, DrawMenuBar, GetNextDlgTabItem, GetKeyboardLayout, SwitchToThisWindow, MonitorFromPoint, SetWindowTextW, WaitForInputIdle, ShowOwnedPopups, LoadImageA, IsCharUpperW, SetForegroundWindow, SetCursor
[[COMCTL32.dll]]
InitCommonControlsEx, ImageList_Draw, ImageList_ReplaceIcon, ImageList_Destroy, PropertySheetW
PE Resources..................:
Resource type Number of resources
RT_FONTDIR 1
RT_MENU 1
RT_VERSION 1
RT_FONT 1
Resource language Number of resources
ENGLISH US 4
Symantec Reputation
F-Secure Deepguard
First seen by VirusTotal
2012-10-28 18:14:29 UTC ( 3 weeks, 2 days ago )
Last seen by VirusTotal
2012-11-21 12:46:11 UTC ( 0 minutes ago )
File names (max. 25)
- 0.7888275716690919
- 4AFA.tmp.dat
- 0.7888275716690919
-
SHA256: a05d9b1dbe9a67d3da6011e6a1d96b3621c1b61240f48281cfe97a50c2a2ac0b SHA1: d29df3bc310613153650b1f1c3c7073df94d9f63 MD5: 3742924b7b5f86b36423ac5178b3a2d6 File size: 117.0 KB ( 119808 bytes ) File name: 3D5D.tmp.dat File type: Win32 EXE Detection ratio: 31 / 43 Analysis date: 2012-11-21 12:41:15 UTC ( 0 minutes ago )
0
0
Less details
Antivirus Result Update Agnitum - 20121118 AhnLab-V3 Dropper/Win32.Tdss 20121118 AntiVir TR/Alureon.A.68 20121119 Antiy-AVL - 20121118 Avast Win32:Alureon-AYG [Trj] 20121119 AVG Generic30.STG 20121119 BitDefender Gen:Variant.Kazy.106561 20121119 ByteHero - 20121116 CAT-QuickHeal Trojan.Tdss.itlb 20121119 ClamAV - 20121119 Commtouch - 20121119 Comodo TrojWare.Win32.Trojan.Agent.Gen 20121119 DrWeb Trojan.Tdlphaze.15 20121119 Emsisoft - 20121119 eSafe Win32.Trojan 20121115 ESET-NOD32 a variant of Win32/Kryptik.AOHY 20121119 F-Prot - 20121119 F-Secure Gen:Variant.Kazy.106561 20121119 Fortinet W32/TDSS.ITLB!tr 20121119 GData Gen:Variant.Kazy.106561 20121119 Ikarus Trojan.Win32.Tdss 20121119 Jiangmin Trojan/TDSS.ajpv 20121119 K7AntiVirus Trojan 20121116 Kaspersky Trojan.Win32.TDSS.itlb 20121119 Kingsoft Win32.Troj.Tdss.(kcloud) 20121112 McAfee DNSChanger!fh 20121119 McAfee-GW-Edition DNSChanger!fh 20121119 Microsoft Trojan:Win32/Alureon 20121119 MicroWorld-eScan Gen:Variant.Kazy.106561 20121119 Norman W32/Troj_Generic.FFRWF 20121119 nProtect - 20121119 Panda Trj/OCJ.A 20121119 Rising - 20121119 Sophos Mal/Generic-L 20121119 SUPERAntiSpyware Trojan.Agent/Gen-Alureon 20121119 Symantec Backdoor.Pihar 20121119 TheHacker - 20121118 TotalDefense - 20121118 TrendMicro TROJ_GEN.FC2CKKA 20121119 TrendMicro-HouseCall TROJ_GEN.FC2CKKA 20121119 VBA32 - 20121119 VIPRE Trojan.Win32.Generic!BT 20121119 ViRobot Trojan.Win32.A.Tdss.119808.H 20121119
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
Leave your comment...
?
Rich Text Area
Toolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y) StylesStyles ▼ Remove Formatting Post comment
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes. No one has voted on this item yet, be the first one to do so!
An error occurred
ssdeep
3072:vrmRo0hzPzAQkKlO1k4uG8qU20Rym/9sc8GkQe1SP1J:vrJ0pxvl/9sNfRcd
TrID
Win 9x/ME Control Panel applet (57.2%)
Win32 Dynamic Link Library (generic) (27.9%)
Generic Win/DOS Executable (7.3%)
DOS Executable Generic (7.3%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ExifTool
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
MachineType..............: Intel 386 or later, and compatibles
TimeStamp................: 2012:01:18 17:54:16+00:00
FileType.................: Win32 EXE
PEType...................: PE32
CodeSize.................: 11264
LinkerVersion............: 12.0
Warning..................: Error processing PE data dictionary
EntryPoint...............: 0x3729
InitializedDataSize......: 107520
SubsystemVersion.........: 5.1
ImageVersion.............: 0.0
OSVersion................: 5.1
UninitializedDataSize....: 0
Portable Executable structural information
Compilation timedatestamp.....: 2012-01-18 17:54:16
Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x00003729
PE Sections...................:
Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 4096 10824 11264 6.44 0014f7ed6edf0a8aaaf3599ba4c5dfb7
.taoso 16384 324 512 2.29 7f305f41c5c641604bc19a2fc30968e7
.osz 20480 1368 1536 5.06 8ebedf42286782f44b67c5c7b46c89e9
.Gemsm 24576 28 512 0.16 85316d55ff87031d9334479d5b0286f8
.Obis 28672 71 512 1.27 a849cbab997484cfa00a5f155f76249d
.gal 32768 64 512 0.82 021acf46b706c37ccc8c41353f80c73b
.boaod 36864 64 512 0.82 995ab936e40eb425c800059c86c9686e
.ehx 40960 127 512 1.72 a85769567332ad498973754d193b5815
.she 45056 68 512 0.74 db8524f6c9a7a6b4e2cb0215de7e5408
.data 49152 2508 2560 5.61 35c4277a27c26e01798d4049421e580c
.dalon 53248 116550 0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 172032 97880 98304 7.83 a08282592dc7a07ae1e403c56475a3fe
.reloc 270336 1232 1536 5.82 a3758d54d0dddecca3e0a322021186f5
PE Imports....................:
[[COMDLG32.dll]]
PrintDlgW, PrintDlgExW, GetSaveFileNameA, GetFileTitleW, GetOpenFileNameA
[[GDI32.dll]]
GetDeviceCaps, GetObjectA, TranslateCharsetInfo, LineTo, ExtTextOutW, GetStockObject, CreateHalftonePalette, EnumFontFamiliesExW, GetRgnBox, ScaleWindowExtEx, CombineRgn, StartDocW, StretchBlt, Rectangle
[[KERNEL32.dll]]
GetFullPathNameA, lstrcpynW, SetupComm, GetSystemDefaultLangID, lstrcmpiA, LCMapStringW, GetModuleFileNameW, GlobalDeleteAtom, GetSystemDefaultUILanguage, ReadFile, CreateEventW, GetTempFileNameA, GetHandleInformation, GetUserDefaultLCID, SetHandleInformation, SuspendThread, SetThreadExecutionState
[[console.dll]]
CPlApplet
[[uSER32.dll]]
MapVirtualKeyA, IntersectRect, MonitorFromPoint, SetMenuItemBitmaps, CharPrevW, SetClassLongW, CreateIconIndirect, GetPropW, ShowWindow, FindWindowA, DrawStateW, SetPropW, RemoveMenu, IsWindow, PeekMessageW, InflateRect, MoveWindow, DialogBoxParamW, GetWindow, CheckMenuRadioItem, GetScrollInfo, SetScrollInfo, CharLowerBuffW, LoadBitmapW, InsertMenuW, GetKeyboardLayoutList, GetNextDlgTabItem, IsCharUpperA, GetActiveWindow, AttachThreadInput, GetWindowTextW, TabbedTextOutW, GetUpdateRect, IsDialogMessageA
[[COMCTL32.dll]]
ImageList_Write, ImageList_Create, PropertySheetA, ImageList_SetIconSize
PE Resources..................:
Resource type Number of resources
RT_STRING 1
RT_DIALOG 1
RT_VERSION 1
Resource language Number of resources
ENGLISH US 3
First seen by VirusTotal
2012-11-07 17:27:48 UTC ( 1 week, 6 days ago )
Last seen by VirusTotal
2012-11-21 12:41:15 UTC ( 1 minute ago )
File names (max. 25)
- d29df3bc310613153650b1f1c3c7073df94d9f63
- 3D5D.tmp.dat
- d29df3bc310613153650b1f1c3c7073df94d9f63
-
# AdwCleaner v2.008 - Logfile created 11/21/2012 at 06:33:30
# Updated 17/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Tori - TORI-HP
# Boot Mode : Normal
# Running from : C:\Users\Tori\Desktop\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\Tori\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Tori\AppData\Local\Conduit
Folder Deleted : C:\Users\Tori\AppData\LocalLow\Conduit
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3247201
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
***** [internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registry is clean.
*************************
AdwCleaner[R1].txt - [6263 octets] - [20/11/2012 06:22:41]
AdwCleaner[s1].txt - [3051 octets] - [21/11/2012 06:33:30]
########## EOF - C:\AdwCleaner[s1].txt - [3111 octets] ##########
-
attached is the resident spybot log
-
-
adwcleaner log
# AdwCleaner v2.008 - Logfile created 11/20/2012 at 06:22:41
# Updated 17/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Tori - TORI-HP
# Boot Mode : Normal
# Running from : C:\Users\Tori\Desktop\adwcleaner.exe
# Option [search]
***** [services] *****
***** [Files / Folders] *****
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Tori\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Tori\AppData\Local\Conduit
Folder Found : C:\Users\Tori\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Tori\AppData\LocalLow\Conduit
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3247201
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKU\S-1-5-21-958451323-4015970961-1856407647-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
***** [internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registry is clean.
*************************
AdwCleaner[R1].txt - [6144 octets] - [20/11/2012 06:22:41]
########## EOF - C:\AdwCleaner[R1].txt - [6204 octets] ##########
-
combofix log
ComboFix 12-11-20.02 - Tori 11/20/2012 6:10.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1662 [GMT -6:00]
Running from: c:\users\Tori\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\3D9E.tmp
c:\users\Tori\Desktop\Internet Explorer.lnk
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2012-10-20 to 2012-11-20 )))))))))))))))))))))))))))))))
.
.
2012-11-20 12:16 . 2012-11-20 12:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-20 04:15 . 2012-11-20 04:15 -------- d-----w- c:\users\Tori\AppData\Roaming\Malwarebytes
2012-11-20 04:15 . 2012-11-20 04:15 -------- d-----w- c:\programdata\Malwarebytes
2012-11-20 04:15 . 2012-09-30 01:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-20 04:15 . 2012-11-20 04:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-20 03:50 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-20 03:13 . 2012-11-20 03:13 208216 ----a-w- c:\windows\system32\drivers\32836484.sys
2012-11-20 02:44 . 2012-11-20 02:44 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-20 00:53 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-20 00:53 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-09 02:02 . 2012-11-20 00:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-11-09 02:02 . 2012-11-09 02:02 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-11-09 01:56 . 2012-11-09 03:03 -------- d-----w- c:\programdata\Tarma Installer
2012-11-09 01:56 . 2012-11-09 01:56 -------- d-----w- c:\program files (x86)\Conduit
2012-11-09 01:56 . 2012-11-09 03:07 -------- d-----w- c:\users\Tori\AppData\Local\Conduit
2012-11-09 01:56 . 2012-11-14 01:30 -------- d-----w- c:\program files (x86)\InternetHelper1.5
2012-11-06 01:20 . 2012-11-06 01:20 119808 ----a-w- c:\programdata\Microsoft\Windows\DRM\3D5D.tmp.dat
2012-10-31 00:25 . 2012-10-31 00:25 -------- d-----w- c:\users\Administrator
2012-10-29 18:11 . 2012-10-29 18:11 -------- d-----w- c:\windows\Sun
2012-10-28 23:54 . 2012-10-28 23:54 119808 ----a-w- c:\programdata\Microsoft\Windows\DRM\4AFA.tmp.dat
2012-10-24 23:04 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-24 23:04 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-24 23:04 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-24 23:04 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-24 23:04 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-24 23:04 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-24 23:04 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-24 23:03 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-24 23:03 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-24 23:02 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-24 23:02 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-24 23:02 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-24 23:02 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-24 23:02 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-24 23:02 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-22 19:02 . 2012-10-22 19:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-20 03:54 . 2011-01-13 01:42 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-09 00:41 . 2012-09-29 20:42 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-10-23 00:42 . 2012-05-03 22:49 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-23 00:42 . 2012-03-26 23:35 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-15 09:48 . 2012-10-15 09:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-10-05 09:32 . 2012-10-05 09:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-10-02 08:30 . 2012-10-02 08:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-09-21 08:46 . 2012-09-21 08:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-09-21 08:46 . 2012-09-21 08:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys
2012-09-14 08:05 . 2012-09-14 08:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2012-08-24 18:05 . 2012-10-03 22:13 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 18:05 . 2012-10-03 22:13 1494528 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 18:05 . 2012-10-03 22:13 134144 ----a-w- c:\windows\system32\url.dll
2012-08-24 18:03 . 2012-10-03 22:14 9056256 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 18:03 . 2012-10-03 22:13 97792 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 18:03 . 2012-10-03 22:13 735744 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 18:03 . 2012-10-03 22:13 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 18:02 . 2012-10-03 22:13 247808 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 18:02 . 2012-10-03 22:14 12295680 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 18:02 . 2012-10-03 22:13 2453504 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 16:57 . 2012-10-03 22:13 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 15:59 . 2012-10-03 22:13 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 15:20 . 2012-10-03 22:13 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-23 23:51 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-23 23:51 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-23 23:51 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-09 00:41 1796552 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-09 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-17 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-09 997320]
"ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" [2012-09-29 856160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-26 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-09 30568]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-17 202752]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-20 315392]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-09 711112]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 00:42]
.
2012-10-23 c:\windows\Tasks\HPCeeScheduleForTori.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-05-26 6245408]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - (no file)
Wow6432Node-HKCU-Run-HPAdvisorDock - c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
SafeBoot-04308139.sys
SafeBoot-16996721.sys
SafeBoot-74093487.sys
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-20 06:18:59
ComboFix-quarantined-files.txt 2012-11-20 12:18
.
Pre-Run: 245,398,278,144 bytes free
Post-Run: 245,094,039,552 bytes free
.
- - End Of File - - A22635913E3D242ED309896556B52C69
-
First, thank you in advance for your help.
Having trouble removing smitfraud-c.generic
spybot was unable to remove it.
Running malwarebytes scan currently
ran the kaspersky tool earlier which seemed to remove it, the internet is moving faster, but its still shows up in spybot scans.
DDS scan shows
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_32
Run by Tori at 22:16:43 on 2012-11-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1186 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\msiexec.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{0D04A0FC-3742-4DD7-99AD-8C633B5A0934} : DHCPNameServer = 10.107.128.1
TCP: Interfaces\{CDDF71EF-4778-448D-BC06-80DF65B3A25E} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{CDDF71EF-4778-448D-BC06-80DF65B3A25E}\65963747160213130303 : DHCPNameServer = 10.107.128.1
TCP: Interfaces\{CDDF71EF-4778-448D-BC06-80DF65B3A25E}\659637471602830303 : DHCPNameServer = 10.107.128.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-29 30568]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-9-19 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-19 202752]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-4-19 315392]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-11-8 1153368]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-9-19 347680]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-9-19 38456]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-1-14 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-26 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2012-11-20 04:15:43 -------- d-----w- C:\Users\Tori\AppData\Roaming\Malwarebytes
2012-11-20 04:15:30 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-20 04:15:29 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-20 04:15:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-20 03:13:26 208216 ----a-w- C:\Windows\System32\drivers\32836484.sys
2012-11-20 02:44:34 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-20 01:10:47 20480 ----a-w- C:\Windows\svchost.exe
2012-11-20 00:53:12 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-11-20 00:53:12 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-11-09 02:02:31 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-11-09 02:02:31 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-11-09 01:56:36 -------- d-----w- C:\ProgramData\Tarma Installer
2012-11-09 01:56:31 -------- d-----w- C:\Program Files (x86)\Conduit
2012-11-09 01:56:27 -------- d-----w- C:\Users\Tori\AppData\Local\Conduit
2012-11-09 01:56:25 -------- d-----w- C:\Program Files (x86)\InternetHelper1.5
2012-11-06 01:20:43 119808 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\3D9E.tmp
2012-11-06 01:20:42 119808 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\3D5D.tmp.dat
2012-10-28 23:54:53 119808 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\4AFA.tmp.dat
2012-10-24 23:04:23 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-10-24 23:04:23 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-10-24 23:04:12 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-10-24 23:04:11 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-10-24 23:04:11 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-10-24 23:04:05 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-24 23:04:05 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-24 23:03:32 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-24 23:03:32 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-24 23:02:10 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-24 23:02:09 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-24 23:02:09 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-24 23:02:09 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-24 23:02:09 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-24 23:02:09 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-22 19:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
.
==================== Find3M ====================
.
2012-11-09 00:41:39 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-10-23 00:42:22 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-23 00:42:22 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-15 09:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-10-05 09:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-10-02 08:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-09-21 08:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-09-21 08:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2012-09-14 08:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2012-08-24 18:05:06 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 16:57:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 15:59:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 15:20:39 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 22:18:13.11 ===============
Regards,
Osborne
smitfraud-c.generic
in Resolved Malware Removal Logs
Posted
Everything is up to date adobe global didn't find any new updates