Jump to content

reddevil1628

Members
 View Profile  See their activity

  • Posts

    12

  • Joined

  • Last visited

Reputation

0 Neutral
  1. reddevil1628
    Results- Results of screen317's Security Check version 0.99.63 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG AntiVirus Free Edition 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` iSpy Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Java 7 Update 21 Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox 18.0.2 Firefox out of Date! Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Spybot Teatimer.exe is disabled! AVG avgwdsvc.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe Malwarebytes' Anti-Malware mbamscheduler.exe MediaMall MediaMallServer.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0 % ````````````````````End of Log``````````````````````
  2. reddevil1628
    Should I leave my protection up or disable it for this scan?
  3. reddevil1628
    Well so far so good!! I am even able to open .pdf documents where before it would give me the blue screen. I forgot to mention that little tidbit earlier. I cant thank you enough for your help and time. I will definitely be donating for a very great service provided on your own dime. cheers!
  4. reddevil1628
    Delete scan complete- # AdwCleaner v2.300 - Logfile created 05/14/2013 at 08:08:39 # Updated 28/04/2013 by Xplode # Operating system : Windows Vista ™ Business Service Pack 2 (32 bits) # User : Beau and Dana - BEAUANDDANA-PC # Boot Mode : Normal # Running from : C:\Users\Beau and Dana\Documents\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Users\Beau and Dana\AppData\Roaming\Mozilla\Firefox\Profiles\vpuqhd0j.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\ProgramData\visualbee Folder Deleted : C:\Users\Beau and Dana\AppData\Local\Conduit Folder Deleted : C:\Users\Beau and Dana\AppData\Local\visualbeeexe Folder Deleted : C:\Users\Beau and Dana\AppData\LocalLow\AVG Security Toolbar Folder Deleted : C:\Users\Beau and Dana\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Beau and Dana\AppData\Roaming\iWin Folder Deleted : C:\Users\Beau and Dana\AppData\Roaming\Mozilla\Firefox\Profiles\vpuqhd0j.default\CT3220468 Folder Deleted : C:\Users\Beau and Dana\AppData\Roaming\Mozilla\Firefox\Profiles\vpuqhd0j.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} Folder Deleted : C:\Users\Beau and Dana\AppData\Roaming\Mozilla\Firefox\Profiles\vpuqhd0j.default\Smartbar ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16476 [OK] Registry is clean. -\\ Mozilla Firefox v18.0.2 (en-US) File : C:\Users\Beau and Dana\AppData\Roaming\Mozilla\Firefox\Profiles\vpuqhd0j.default\prefs.js C:\Users\Beau and Dana\AppData\Roaming\Mozilla\Firefox\Profiles\vpuqhd0j.default\user.js ... Deleted ! Deleted : user_pref("CT3220468.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM2NDkxNDg3NywidXVpZCI6NjY2MzI5ODM1NjYzNzAxLCJ[...] Deleted : user_pref("CT3220468.CBOpenMAMSettings.enc", "MA=="); Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...] Deleted : user_pref("CT3220468.FirstTime", "true"); Deleted : user_pref("CT3220468.FirstTimeFF3", "true"); Deleted : user_pref("CT3220468.LoginRevertSettingsEnabled", true); Deleted : user_pref("CT3220468.PG_ENABLE", "dHJ1ZQ=="); Deleted : user_pref("CT3220468.PG_ENABLE.enc", "ZEhKMVpRPT0="); Deleted : user_pref("CT3220468.RevertSettingsEnabled", true); Deleted : user_pref("CT3220468.UserID", "UN01886688954239102"); Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true"); Deleted : user_pref("CT3220468.autoDisableScopes", -1); Deleted : user_pref("CT3220468.cb_experience_000.enc", "NzA="); Deleted : user_pref("CT3220468.cb_firstuse0100.enc", "MQ=="); Deleted : user_pref("CT3220468.cb_user_id_000.enc", "Q0I0MjE2Njg3MDQyMzNfMTM2MTQ4NDY0MzQ0MF9GaXJlZm94"); Deleted : user_pref("CT3220468.cbcountry_001.enc", "VVM="); Deleted : user_pref("CT3220468.cbfirsttime.enc", "VGh1IEF1ZyAxNiAyMDEyIDExOjIzOjAyIEdNVC0wNDAwIChFYXN0ZXJuIERh[...] Deleted : user_pref("CT3220468.defaultSearch", "FALSE"); Deleted : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...] Deleted : user_pref("CT3220468.enableAlerts", "always"); Deleted : user_pref("CT3220468.enableFix404ByUser", "FALSE"); Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE"); Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true"); Deleted : user_pref("CT3220468.fixPageNotFoundError", "true"); Deleted : user_pref("CT3220468.fixPageNotFoundErrorByUser", "true"); Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true"); Deleted : user_pref("CT3220468.fixUrls", true); Deleted : user_pref("CT3220468.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES", "op[...] Deleted : user_pref("CT3220468.installId", "fft40D3.tmp.exe"); Deleted : user_pref("CT3220468.installType", "XPE"); Deleted : user_pref("CT3220468.isCheckedStartAsHidden", true); Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT3220468.isFirstTimeToolbarLoading", "false"); Deleted : user_pref("CT3220468.isNewTabEnabled", true); Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true"); Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); Deleted : user_pref("CT3220468.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...] Deleted : user_pref("CT3220468.lastVersion", "10.14.370.524"); Deleted : user_pref("CT3220468.mam_gk_appStateReportTime.enc", "MTM2Nzg1Njg1NDI5Ng=="); Deleted : user_pref("CT3220468.mam_gk_appState_CouponBuddy.enc", "b24="); Deleted : user_pref("CT3220468.mam_gk_appState_PriceGong.enc", "b24="); Deleted : user_pref("CT3220468.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...] Deleted : user_pref("CT3220468.mam_gk_appsDefaultEnabled.enc", "bnVsbA=="); Deleted : user_pref("CT3220468.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImN[...] Deleted : user_pref("CT3220468.mam_gk_currentVersion.enc", "MS40LjQuNg=="); Deleted : user_pref("CT3220468.mam_gk_first_time.enc", "MQ=="); Deleted : user_pref("CT3220468.mam_gk_lastLoginTime.enc", "MTM2Nzg1Njg1MDIyMA=="); Deleted : user_pref("CT3220468.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...] Deleted : user_pref("CT3220468.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ=="); Deleted : user_pref("CT3220468.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...] Deleted : user_pref("CT3220468.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...] Deleted : user_pref("CT3220468.mam_gk_showCloseButton.enc", "dHJ1ZQ=="); Deleted : user_pref("CT3220468.mam_gk_showWelcomeGadget.enc", "ZmFsc2U="); Deleted : user_pref("CT3220468.mam_gk_userId.enc", "MTVjODE4OTctOTVhMi00OThiLWJmMjEtM2Y1NDM2ZGEyMzNj"); Deleted : user_pref("CT3220468.mam_gk_user_apps_selection.enc", ""); Deleted : user_pref("CT3220468.migrateAppsAndComponents", true); Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...] Deleted : user_pref("CT3220468.openThankYouPage", "true"); Deleted : user_pref("CT3220468.openUninstallPage", "FALSE"); Deleted : user_pref("CT3220468.price-gong.isManagedApp", "true"); Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747"); Deleted : user_pref("CT3220468.search.searchCount", "0"); Deleted : user_pref("CT3220468.searchInNewTabEnabledByUser", "true"); Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true"); Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...] Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...] Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...] Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...] Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...] Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...] Deleted : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...] Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1363874379149"); Deleted : user_pref("CT3220468.serviceLayer_services_appTracking_lastUpdate", "1360980923848"); Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1364914874852"); Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1364233862193"); Deleted : user_pref("CT3220468.serviceLayer_services_location_lastUpdate", "1364233863187"); Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.20.14_lastUpdate", "1346178340924"); Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1353944103140"); Deleted : user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1359762291924"); Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.370.524_lastUpdate", "1364233864317"); Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360975399856"); Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363874381028"); Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1364233862263"); Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1364233861517"); Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1364233861348"); Deleted : user_pref("CT3220468.serviceLayer_services_setupAPI_lastUpdate", "1363874382178"); Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1364233862123"); Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1364914874493"); Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1364233863242"); Deleted : user_pref("CT3220468.settingsINI", true); Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false"); Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468"); Deleted : user_pref("CT3220468.smartbar.Uninstall", "0"); Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 "); Deleted : user_pref("CT3220468.toolbarBornServerTime", "16-8-2012"); Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "25-3-2013"); Deleted : user_pref("CT3220468.toolbarLoginClientTime", "Mon Mar 25 2013 13:49:01 GMT-0400 (Eastern Daylight T[...] Deleted : user_pref("CT3220468.upgradeFromClearSBVersion", true); Deleted : user_pref("CT3220468.url_history0001.enc", "aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFuZGxlcjo6OjEz[...] Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...] Deleted : user_pref("extensions.504b566e2cd31.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...] Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3220468"); Deleted : user_pref("smartbar.machineId", "UQJBKBJ7L7JQJARCNECWXF/9ITCZEDOAAOSY5NJHFCHJMSZXDCUWTWLV+CFULXAMUBN[...] Deleted : user_pref("sweetim.toolbar.RevertDialog.enable", "false"); Deleted : user_pref("sweetim.toolbar.SearchBoxLogo", ""); Deleted : user_pref("sweetim.toolbar.SearchBoxText", ""); Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true"); Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0"); Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true"); Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7"); Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true"); Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true"); Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true"); Deleted : user_pref("sweetim.toolbar.defaultProvider", ""); Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true"); Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...] Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335"); Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog"); Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;"); Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...] Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761"); Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true"); Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...] Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300"); Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog"); Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog"); Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...] Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500"); Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true"); Deleted : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...] Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150"); Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove"); Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog"); Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp"); Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530"); Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...] Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false"); Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); Deleted : user_pref("sweetim.toolbar.mode.debug", "false"); Deleted : user_pref("sweetim.toolbar.newtab.created", "false"); Deleted : user_pref("sweetim.toolbar.newtab.enable", "true"); Deleted : user_pref("sweetim.toolbar.newtab.url", "hxxp://home.sweetim.com/?src=97&barid=$toolbar_id;&crg=$car[...] Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", ""); Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://tbsrv1.sweetim.com/simffbar/rc.html?toolbar_version=$ITE[...] Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true"); Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification"); Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", ""); Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*"); Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb"); Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "false"); Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb"); Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js"); Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true"); Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification"); Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*"); Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb"); Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false"); Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS"); Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js"); Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false"); Deleted : user_pref("sweetim.toolbar.scripts.2.callback", ""); Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...] Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", ""); Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script"); Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false"); Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad"); Deleted : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...] Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...] Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10"); Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false"); Deleted : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true"); Deleted : user_pref("sweetim.toolbar.urls.afteruninstall", "hxxp://www.sweetim.com/uninstallbar.asp?barid=$too[...] Deleted : user_pref("sweetim.toolbar.urls.contactus", "hxxp://www.sweetim.com/help_contact.asp"); Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.[...] Deleted : user_pref("sweetim.toolbar.urls.privacy", "hxxp://www.sweetim.com/eula.html#privacy"); Deleted : user_pref("sweetim.toolbar.urls.searchpage", "hxxp://search.sweetim.com/search.asp?barid=$toolbar_id[...] Deleted : user_pref("sweetim.toolbar.urls.uninstall", "hxxp://lp.sweetim.com/SweetPacksBundleUninstaller/"); Deleted : user_pref("sweetim.toolbar.version", "1.13.0.1"); -\\ Google Chrome v26.0.1410.64 File : C:\Users\Beau and Dana\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [19630 octets] - [14/05/2013 07:21:33] AdwCleaner[R2].txt - [19691 octets] - [14/05/2013 07:22:59] AdwCleaner[s1].txt - [355 octets] - [14/05/2013 07:24:13] AdwCleaner[s2].txt - [20076 octets] - [14/05/2013 08:08:39] ########## EOF - C:\AdwCleaner[s2].txt - [20137 octets] ########## I also ran the search again- # AdwCleaner v2.300 - Logfile created 05/14/2013 at 08:14:52 # Updated 28/04/2013 by Xplode # Operating system : Windows Vista ™ Business Service Pack 2 (32 bits) # User : Beau and Dana - BEAUANDDANA-PC # Boot Mode : Normal # Running from : C:\Users\Beau and Dana\Documents\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16476 [OK] Registry is clean. -\\ Mozilla Firefox v18.0.2 (en-US) File : C:\Users\Beau and Dana\AppData\Roaming\Mozilla\Firefox\Profiles\vpuqhd0j.default\prefs.js [OK] File is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\Beau and Dana\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [19630 octets] - [14/05/2013 07:21:33] AdwCleaner[R2].txt - [19691 octets] - [14/05/2013 07:22:59] AdwCleaner[R3].txt - [985 octets] - [14/05/2013 08:14:52] AdwCleaner[s1].txt - [355 octets] - [14/05/2013 07:24:13] AdwCleaner[s2].txt - [20207 octets] - [14/05/2013 08:08:39] ########## EOF - C:\AdwCleaner[R3].txt - [1164 octets] ########## AdwCleanerS2.txt AdwCleanerR3.txt
  5. reddevil1628
    # AdwCleaner v2.300 - Logfile created 05/14/2013 at 07:21:33 # Updated 28/04/2013 by Xplode # Operating system : Windows Vista Business Service Pack 2 (32 bits) # User : Beau and Dana - BEAUANDDANA-PC # Boot Mode : Normal # Running from : C:\Users\Beau and Dana\Documents\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\Users\Beau and Dana\AppData\Roaming\Mozilla\Firefox\Profiles\vpuqhd0j.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi Folder Found : C:\Program Files\Conduit Folder Found : C:\ProgramData\boost_interprocess Folder Found : C:\ProgramData\visualbee Folder Found : C:\Users\Beau and Dana\AppData\Local\Conduit Folder Found : C:\Users\Beau and Dana\AppData\Local\visualbeeexe Folder Found : C:\Users\Beau and Dana\AppData\LocalLow\AVG Security Toolbar Folder Found : C:\Users\Beau and Dana\AppData\LocalLow\Conduit Folder Found : C:\Users\Beau and Dana\AppData\Roaming\iWin Folder Found : C:\Users\Beau and Dana\AppData\Roaming\Mozilla\Firefox\Profiles\vpuqhd0j.default\CT3220468 Folder Found : C:\Users\Beau and Dana\AppData\Roaming\Mozilla\Firefox\Profiles\vpuqhd0j.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} Folder Found : C:\Users\Beau and Dana\AppData\Roaming\Mozilla\Firefox\Profiles\vpuqhd0j.default\Smartbar ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\Software\Conduit Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 Key Found : HKU\S-1-5-21-1767884144-503147267-1468628143-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16476 [OK] Registry is clean. -\\ Mozilla Firefox v18.0.2 (en-US) File : C:\Users\Beau and Dana\AppData\Roaming\Mozilla\Firefox\Profiles\vpuqhd0j.default\prefs.js Found : user_pref("CT3220468.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM2NDkxNDg3NywidXVpZCI6NjY2MzI5ODM1NjYzNzAxLCJ[...] Found : user_pref("CT3220468.CBOpenMAMSettings.enc", "MA=="); Found : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Found : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...] Found : user_pref("CT3220468.FirstTime", "true"); Found : user_pref("CT3220468.FirstTimeFF3", "true"); Found : user_pref("CT3220468.LoginRevertSettingsEnabled", true); Found : user_pref("CT3220468.PG_ENABLE", "dHJ1ZQ=="); Found : user_pref("CT3220468.PG_ENABLE.enc", "ZEhKMVpRPT0="); Found : user_pref("CT3220468.RevertSettingsEnabled", true); Found : user_pref("CT3220468.UserID", "UN01886688954239102"); Found : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true"); Found : user_pref("CT3220468.autoDisableScopes", -1); Found : user_pref("CT3220468.cb_experience_000.enc", "NzA="); Found : user_pref("CT3220468.cb_firstuse0100.enc", "MQ=="); Found : user_pref("CT3220468.cb_user_id_000.enc", "Q0I0MjE2Njg3MDQyMzNfMTM2MTQ4NDY0MzQ0MF9GaXJlZm94"); Found : user_pref("CT3220468.cbcountry_001.enc", "VVM="); Found : user_pref("CT3220468.cbfirsttime.enc", "VGh1IEF1ZyAxNiAyMDEyIDExOjIzOjAyIEdNVC0wNDAwIChFYXN0ZXJuIERh[...] Found : user_pref("CT3220468.defaultSearch", "FALSE"); Found : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...] Found : user_pref("CT3220468.enableAlerts", "always"); Found : user_pref("CT3220468.enableFix404ByUser", "FALSE"); Found : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE"); Found : user_pref("CT3220468.firstTimeDialogOpened", "true"); Found : user_pref("CT3220468.fixPageNotFoundError", "true"); Found : user_pref("CT3220468.fixPageNotFoundErrorByUser", "true"); Found : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true"); Found : user_pref("CT3220468.fixUrls", true); Found : user_pref("CT3220468.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES", "op[...] Found : user_pref("CT3220468.installId", "fft40D3.tmp.exe"); Found : user_pref("CT3220468.installType", "XPE"); Found : user_pref("CT3220468.isCheckedStartAsHidden", true); Found : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Found : user_pref("CT3220468.isFirstTimeToolbarLoading", "false"); Found : user_pref("CT3220468.isNewTabEnabled", true); Found : user_pref("CT3220468.isPerformedSmartBarTransition", "true"); Found : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Found : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); Found : user_pref("CT3220468.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...] Found : user_pref("CT3220468.lastVersion", "10.14.370.524"); Found : user_pref("CT3220468.mam_gk_appStateReportTime.enc", "MTM2Nzg1Njg1NDI5Ng=="); Found : user_pref("CT3220468.mam_gk_appState_CouponBuddy.enc", "b24="); Found : user_pref("CT3220468.mam_gk_appState_PriceGong.enc", "b24="); Found : user_pref("CT3220468.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...] Found : user_pref("CT3220468.mam_gk_appsDefaultEnabled.enc", "bnVsbA=="); Found : user_pref("CT3220468.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImN[...] Found : user_pref("CT3220468.mam_gk_currentVersion.enc", "MS40LjQuNg=="); Found : user_pref("CT3220468.mam_gk_first_time.enc", "MQ=="); Found : user_pref("CT3220468.mam_gk_lastLoginTime.enc", "MTM2Nzg1Njg1MDIyMA=="); Found : user_pref("CT3220468.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...] Found : user_pref("CT3220468.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ=="); Found : user_pref("CT3220468.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...] Found : user_pref("CT3220468.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...] Found : user_pref("CT3220468.mam_gk_showCloseButton.enc", "dHJ1ZQ=="); Found : user_pref("CT3220468.mam_gk_showWelcomeGadget.enc", "ZmFsc2U="); Found : user_pref("CT3220468.mam_gk_userId.enc", "MTVjODE4OTctOTVhMi00OThiLWJmMjEtM2Y1NDM2ZGEyMzNj"); Found : user_pref("CT3220468.mam_gk_user_apps_selection.enc", ""); Found : user_pref("CT3220468.migrateAppsAndComponents", true); Found : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...] Found : user_pref("CT3220468.openThankYouPage", "true"); Found : user_pref("CT3220468.openUninstallPage", "FALSE"); Found : user_pref("CT3220468.price-gong.isManagedApp", "true"); Found : user_pref("CT3220468.search.searchAppId", "129813684258939747"); Found : user_pref("CT3220468.search.searchCount", "0"); Found : user_pref("CT3220468.searchInNewTabEnabledByUser", "true"); Found : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true"); Found : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Found : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...] Found : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...] Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...] Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...] Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...] Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...] Found : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...] Found : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1363874379149"); Found : user_pref("CT3220468.serviceLayer_services_appTracking_lastUpdate", "1360980923848"); Found : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1364914874852"); Found : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1364233862193"); Found : user_pref("CT3220468.serviceLayer_services_location_lastUpdate", "1364233863187"); Found : user_pref("CT3220468.serviceLayer_services_login_10.10.20.14_lastUpdate", "1346178340924"); Found : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1353944103140"); Found : user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1359762291924"); Found : user_pref("CT3220468.serviceLayer_services_login_10.14.370.524_lastUpdate", "1364233864317"); Found : user_pref("CT3220468.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360975399856"); Found : user_pref("CT3220468.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363874381028"); Found : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1364233862263"); Found : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1364233861517"); Found : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1364233861348"); Found : user_pref("CT3220468.serviceLayer_services_setupAPI_lastUpdate", "1363874382178"); Found : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1364233862123"); Found : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1364914874493"); Found : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1364233863242"); Found : user_pref("CT3220468.settingsINI", true); Found : user_pref("CT3220468.shouldFirstTimeDialog", "false"); Found : user_pref("CT3220468.smartbar.CTID", "CT3220468"); Found : user_pref("CT3220468.smartbar.Uninstall", "0"); Found : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 "); Found : user_pref("CT3220468.toolbarBornServerTime", "16-8-2012"); Found : user_pref("CT3220468.toolbarCurrentServerTime", "25-3-2013"); Found : user_pref("CT3220468.toolbarLoginClientTime", "Mon Mar 25 2013 13:49:01 GMT-0400 (Eastern Daylight T[...] Found : user_pref("CT3220468.upgradeFromClearSBVersion", true); Found : user_pref("CT3220468.url_history0001.enc", "aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFuZGxlcjo6OjEz[...] Found : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...] Found : user_pref("extensions.504b566e2cd31.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...] Found : user_pref("smartBar.searchInNewTabOwner", "CT3220468"); Found : user_pref("smartbar.machineId", "UQJBKBJ7L7JQJARCNECWXF/9ITCZEDOAAOSY5NJHFCHJMSZXDCUWTWLV+CFULXAMUBN[...] Found : user_pref("sweetim.toolbar.RevertDialog.enable", "false"); Found : user_pref("sweetim.toolbar.SearchBoxLogo", ""); Found : user_pref("sweetim.toolbar.SearchBoxText", ""); Found : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true"); Found : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0"); Found : user_pref("sweetim.toolbar.Visibility.enable", "true"); Found : user_pref("sweetim.toolbar.Visibility.intervaldays", "7"); Found : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true"); Found : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true"); Found : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true"); Found : user_pref("sweetim.toolbar.defaultProvider", ""); Found : user_pref("sweetim.toolbar.dialogs.0.enable", "true"); Found : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...] Found : user_pref("sweetim.toolbar.dialogs.0.height", "335"); Found : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog"); Found : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;"); Found : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...] Found : user_pref("sweetim.toolbar.dialogs.0.width", "761"); Found : user_pref("sweetim.toolbar.dialogs.1.enable", "true"); Found : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...] Found : user_pref("sweetim.toolbar.dialogs.1.height", "300"); Found : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog"); Found : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog"); Found : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...] Found : user_pref("sweetim.toolbar.dialogs.1.width", "500"); Found : user_pref("sweetim.toolbar.dialogs.2.enable", "true"); Found : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...] Found : user_pref("sweetim.toolbar.dialogs.2.height", "150"); Found : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove"); Found : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog"); Found : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp"); Found : user_pref("sweetim.toolbar.dialogs.2.width", "530"); Found : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...] Found : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); Found : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false"); Found : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); Found : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); Found : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); Found : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); Found : user_pref("sweetim.toolbar.mode.debug", "false"); Found : user_pref("sweetim.toolbar.newtab.created", "false"); Found : user_pref("sweetim.toolbar.newtab.enable", "true"); Found : user_pref("sweetim.toolbar.newtab.url", "hxxp://home.sweetim.com/?src=97&barid=$toolbar_id;&crg=$car[...] Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); Found : user_pref("sweetim.toolbar.previous.keyword.URL", ""); Found : user_pref("sweetim.toolbar.rc.url", "hxxp://tbsrv1.sweetim.com/simffbar/rc.html?toolbar_version=$ITE[...] Found : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true"); Found : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification"); Found : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", ""); Found : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*"); Found : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb"); Found : user_pref("sweetim.toolbar.scripts.0.enable", "false"); Found : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb"); Found : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js"); Found : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true"); Found : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification"); Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Found : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*"); Found : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb"); Found : user_pref("sweetim.toolbar.scripts.1.enable", "false"); Found : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS"); Found : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js"); Found : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false"); Found : user_pref("sweetim.toolbar.scripts.2.callback", ""); Found : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...] Found : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", ""); Found : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script"); Found : user_pref("sweetim.toolbar.scripts.2.enable", "false"); Found : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad"); Found : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...] Found : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...] Found : user_pref("sweetim.toolbar.search.history.capacity", "10"); Found : user_pref("sweetim.toolbar.searchguard.enable", "false"); Found : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true"); Found : user_pref("sweetim.toolbar.urls.afteruninstall", "hxxp://www.sweetim.com/uninstallbar.asp?barid=$too[...] Found : user_pref("sweetim.toolbar.urls.contactus", "hxxp://www.sweetim.com/help_contact.asp"); Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.[...] Found : user_pref("sweetim.toolbar.urls.privacy", "hxxp://www.sweetim.com/eula.html#privacy"); Found : user_pref("sweetim.toolbar.urls.searchpage", "hxxp://search.sweetim.com/search.asp?barid=$toolbar_id[...] Found : user_pref("sweetim.toolbar.urls.uninstall", "hxxp://lp.sweetim.com/SweetPacksBundleUninstaller/"); Found : user_pref("sweetim.toolbar.version", "1.13.0.1"); -\\ Google Chrome v26.0.1410.64 File : C:\Users\Beau and Dana\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [19499 octets] - [14/05/2013 07:21:33] ########## EOF - C:\AdwCleaner[R1].txt - [19560 octets] ##########
  6. reddevil1628
    Here is the log. I am pretty sure my problem started with that sweetim search and toolbar. I forgot about that and thought I had deleted most of it. Thanks again for your time and help. AdwCleanerR1.txt
  7. reddevil1628
    .txt file ComboFix.txt
  8. reddevil1628
    correction- ComboFix 13-05-13.01 - Beau and Dana 05/14/2013 0:03.2.2 - x86 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2045.951 [GMT -4:00] Running from: c:\users\Beau and Dana\Documents\Desktop\ComboFix.exe AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\programdata\b66bbb43.pad c:\programdata\boost_interprocess\20130510105759.375199 c:\programdata\boost_interprocess\20130510105759.375199\9334581e-7251-4ef7-a8ec-5bfe8e89ff68 c:\programdata\boost_interprocess\20130510105759.375199\plex_frame_mutex c:\users\Beau and Dana\AppData\Local\TempDIR c:\users\Beau and Dana\AppData\Local\TempDIR\GFInstaller\GFInstaller.exe c:\users\Beau and Dana\AppData\Roaming\inst.exe c:\users\Beau and Dana\AppData\Roaming\vso_ts_preview.xml c:\windows\$NtUninstallKB13781$ c:\windows\iun6002.exe c:\windows\libmysql.dll c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2013-04-14 to 2013-05-14 ))))))))))))))))))))))))))))))) . . 2013-05-14 04:17 . 2013-05-14 04:20 -------- d-----w- c:\users\Beau and Dana\AppData\Local\temp 2013-05-14 04:17 . 2013-05-14 04:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-13 21:18 . 2013-05-13 21:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-05-13 21:18 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-05-13 16:27 . 2013-05-13 16:27 -------- d-----w- c:\users\Beau and Dana\AppData\Roaming\AVG2013 2013-05-13 16:26 . 2013-05-13 16:26 -------- d-----w- C:\$AVG 2013-05-13 16:26 . 2013-05-13 16:27 -------- d-----w- c:\programdata\AVG2013 2013-05-13 16:20 . 2013-05-13 18:33 -------- d-----w- c:\users\Beau and Dana\AppData\Local\Avg2013 2013-05-13 10:23 . 2013-05-13 10:23 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer 2013-05-13 10:23 . 2013-05-13 10:23 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer 2013-05-13 10:23 . 2013-05-13 10:23 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-05-12 05:37 . 2013-05-12 05:37 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E464C579-3708-424D-9B4A-82CD9BD01081}\offreg.dll 2013-05-11 19:40 . 2013-04-17 10:31 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E464C579-3708-424D-9B4A-82CD9BD01081}\mpengine.dll 2013-05-11 17:55 . 2013-05-11 17:55 -------- d-----w- C:\TDSSKiller_Quarantine 2013-05-11 02:31 . 2013-05-11 02:32 -------- d-----w- c:\program files\Common Files\ffdshowEx 2013-05-10 14:09 . 2013-05-10 14:09 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-10 14:09 . 2013-05-10 14:09 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-09 17:00 . 2013-05-09 17:00 -------- d-----w- c:\users\Beau and Dana\AppData\Roaming\webex 2013-05-09 17:00 . 2013-05-09 17:00 -------- d-----w- c:\programdata\WebEx 2013-05-09 16:00 . 2013-05-09 16:00 -------- d-----w- c:\program files\Common Files\Java 2013-05-09 15:49 . 2013-05-09 15:49 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-05-06 20:19 . 2013-05-06 20:20 -------- d-----w- c:\users\Beau and Dana\AppData\Roaming\iSpy 2013-05-06 20:19 . 2013-05-06 20:19 -------- d-----w- c:\program files\iSpy 2013-05-06 16:12 . 2013-05-06 16:12 -------- d-----w- c:\users\Beau and Dana\AppData\Roaming\Search tool 2013-05-06 02:27 . 2013-05-06 02:27 -------- d-----w- c:\program files\Temp 2013-05-06 02:24 . 2013-05-06 02:24 -------- d-----w- c:\users\Beau and Dana\AppData\Local\Wondershare 2013-05-06 02:24 . 2013-05-06 02:24 -------- d-----w- c:\program files\Common Files\Wondershare 2013-05-06 02:24 . 2013-05-06 02:24 -------- d--h--w- c:\program files\Dr.Fone_Temp 2013-05-06 02:24 . 2013-05-06 02:24 -------- d-----w- c:\program files\Wondershare 2013-05-04 01:13 . 2013-05-04 01:13 -------- d-----w- c:\windows\Sun 2013-05-02 20:16 . 2013-05-02 20:39 -------- d-----w- c:\users\Beau and Dana\AppData\Local\VisualBeeExe 2013-05-02 20:15 . 2013-05-02 20:16 -------- d-----w- c:\programdata\VisualBee 2013-04-29 16:11 . 2013-05-10 15:53 -------- d-----w- c:\program files\VideoLAN 2013-04-29 15:40 . 2013-04-29 16:10 -------- d-----w- C:\wamp 2013-04-27 18:26 . 2013-05-12 05:02 -------- d-----w- c:\program files\MediaMall 2013-04-27 18:25 . 2013-05-14 03:36 -------- d-----w- c:\programdata\MediaMall 2013-04-27 12:19 . 2013-05-14 03:31 -------- d-----w- c:\programdata\boost_interprocess 2013-04-27 12:19 . 2013-04-29 15:06 -------- d-----w- c:\users\Beau and Dana\AppData\Local\Plex Media Server . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-14 03:11 . 2010-06-24 16:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-09 15:49 . 2013-02-13 15:04 866720 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-05-09 15:49 . 2011-06-28 12:53 788896 ----a-w- c:\windows\system32\deployJava1.dll 2013-05-02 06:06 . 2009-10-03 13:11 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-03-29 06:53 . 2013-03-29 06:53 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2013-03-21 07:08 . 2013-03-21 07:08 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2013-03-11 13:25 . 2013-04-10 19:47 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-11 13:25 . 2013-04-10 19:47 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-09 03:45 . 2013-04-10 19:47 49152 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-09 01:28 . 2013-04-10 19:47 64000 ----a-w- c:\windows\system32\smss.exe 2013-03-08 03:53 . 2013-04-10 19:47 376320 ----a-w- c:\windows\system32\winsrv.dll 2013-03-08 03:52 . 2013-04-10 19:47 2067968 ----a-w- c:\windows\system32\mstscax.dll 2013-03-06 00:28 . 2013-03-06 00:28 23920 ----a-w- c:\windows\system32\drivers\povrtdev.sys 2013-03-05 01:40 . 2013-04-10 19:47 2049024 ----a-w- c:\windows\system32\win32k.sys 2013-03-03 19:07 . 2013-04-10 19:47 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-03-01 19:30 . 2008-03-06 04:52 139096 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2013-03-01 19:30 . 2008-03-06 04:52 202008 ----a-w- c:\windows\system32\PnkBstrB.exe 2013-03-01 19:30 . 2008-03-06 04:52 202008 ----a-w- c:\windows\system32\PnkBstrB.ex0 2013-03-01 14:32 . 2013-03-01 14:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2013-02-22 03:46 . 2013-04-11 07:41 1800704 ----a-w- c:\windows\system32\jscript9.dll 2013-02-22 03:38 . 2013-04-11 07:41 1129472 ----a-w- c:\windows\system32\wininet.dll 2013-02-22 03:37 . 2013-04-11 07:41 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2013-02-22 03:34 . 2013-04-11 07:41 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2013-02-22 03:34 . 2013-04-11 07:41 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-02-22 03:31 . 2013-04-11 07:41 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-02-16 13:16 . 2013-02-16 13:16 40352 ----a-w- c:\windows\system32\drivers\Usbkey.sys 2013-02-16 13:16 . 2013-02-16 13:16 40352 ----a-w- c:\windows\inf\Usbkey.sys 2013-02-16 13:16 . 2013-02-16 13:16 8968 ----a-w- c:\windows\system32\KL2DLL.DLL 2013-02-16 13:16 . 2013-02-16 13:16 77824 ----a-w- c:\windows\system32\NWKL2_32.DLL 2013-02-16 13:16 . 2013-02-16 13:16 7440 ----a-w- c:\windows\system32\ppmon.dll 2013-02-16 13:16 . 2013-02-16 13:16 28672 ----a-w- c:\windows\system32\KL2DLL32.DLL 2013-02-16 13:16 . 2013-02-16 13:16 24136 ----a-w- c:\windows\system32\ppmon.exe 2013-02-16 13:16 . 2013-02-16 13:16 12480 ----a-w- c:\windows\system32\KL2N.DLL 2013-02-15 21:29 . 2013-02-15 21:29 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2010-06-19 13:14 . 2013-02-15 21:29 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Beau and Dana\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Beau and Dana\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Beau and Dana\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . c:\users\Beau and Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote Table Of Contents.onetoc2 [2009-1-26 3656] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Beau and Dana^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] path=c:\users\Beau and Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk backup=c:\windows\pss\Dropbox.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2013-01-28 17:08 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] 2007-11-15 15:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter] 2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2010-06-19 13:14 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2006-10-03 17:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2013-02-20 16:35 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2013-04-04 18:50 887432 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2010-11-10 06:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PxDotNetLoader] 2011-06-23 11:26 43880 ----a-w- c:\program files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2007-05-11 13:26 4452352 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2012-07-13 17:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2013-03-12 11:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-10 12:20 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-10 14:09] . 2013-05-13 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-31 13:51] . 2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-31 19:48] . 2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-31 19:48] . . ------- Supplementary Scan ------- . uSearch Page = uStart Page = https://www.google.com/ mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={4B53C240-B367-11E2-968C-001AA08F057E} mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080223 uInternet Settings,ProxyOverride = *.local;<local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: kgptel.com\mail DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://72.10.224.194/activex/AMC.cab FF - ProfilePath - c:\users\Beau and Dana\AppData\Roaming\Mozilla\Firefox\Profiles\vpuqhd0j.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={4B53C240-B367-11E2-968C-001AA08F057E} FF - prefs.js: keyword.URL - hxxp://start.sweetpacks.com/?src=2&st=12&crg=3.5000006.10042&barid={4B53C240-B367-11E2-968C-001AA08F057E}&q= FF - ExtSQL: 2013-05-02 16:32; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\users\Beau and Dana\AppData\Roaming\Mozilla\Firefox\Profiles\vpuqhd0j.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi FF - ExtSQL: !HIDDEN! 2009-07-07 22:27; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: network.protocol-handler.warn-external.dnupdate - false . - - - - ORPHANS REMOVED - - - - . SafeBoot-40489798.sys SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-Beau - c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE MSConfigStartUp-EPSON Stylus CX6000 Series - c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe AddRemove-{2012D762-5DCA-455A-B5FE-EDF79BC93E18} - c:\program files\HP\Digital Imaging\{2012D762-5DCA-455A-B5FE-EDF79BC93E18}\setup\hpzscr01.exe AddRemove-BOXEE - c:\program files\Boxee\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-05-14 00:20 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Data] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Networking] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Networking 4.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for Oracle] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for SqlServer] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Memory Cache 4.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NETFramework] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ACPI] "ImagePath"="system32\drivers\acpi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AdobeARMservice] "ImagePath"="\"c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AdobeFlashPlayerUpdateSvc] "ImagePath"="c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adp94xx] "ImagePath"="\SystemRoot\system32\drivers\adp94xx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpahci] "ImagePath"="\SystemRoot\system32\drivers\adpahci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpu160m] "ImagePath"="\SystemRoot\system32\drivers\adpu160m.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpu320] "ImagePath"="\SystemRoot\system32\drivers\adpu320.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adsi] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AeLookupSvc] "ServiceDll"="%SystemRoot%\System32\aelupsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AFD] "ImagePath"="\SystemRoot\system32\drivers\afd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\agp440] "ImagePath"="\SystemRoot\system32\drivers\agp440.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aic78xx] "ImagePath"="\SystemRoot\system32\drivers\djsvs.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ALG] "ImagePath"="%SystemRoot%\System32\alg.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aliide] "ImagePath"="\SystemRoot\system32\drivers\aliide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AMD External Events Utility] "ImagePath"="%SystemRoot%\system32\atiesrxx.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amdagp] "ImagePath"="\SystemRoot\system32\drivers\amdagp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amdide] "ImagePath"="\SystemRoot\system32\drivers\amdide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AmdK7] "ImagePath"="\SystemRoot\system32\drivers\amdk7.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AmdK8] "ImagePath"="\SystemRoot\system32\drivers\amdk8.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amdkmdag] "ImagePath"="system32\DRIVERS\atikmdag.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amdkmdap] "ImagePath"="system32\DRIVERS\atikmpag.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Appinfo] "ServiceDll"="%SystemRoot%\System32\appinfo.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Apple Mobile Device] "ImagePath"="\"c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AppMgmt] "ServiceDll"="%SystemRoot%\System32\appmgmts.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\arc] "ImagePath"="\SystemRoot\system32\drivers\arc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\arcsas] "ImagePath"="\SystemRoot\system32\drivers\arcsas.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASP.NET] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASP.NET_4.0.30319] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aspnet_state] "ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AsyncMac] "ImagePath"="system32\DRIVERS\asyncmac.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atapi] "ImagePath"="system32\drivers\atapi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Atierecord] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atikmdag] "ImagePath"="system32\DRIVERS\atikmdag.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AudioEndpointBuilder] "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Audiosrv] "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avg] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSAgent] "ImagePath"="\"c:\program files\AVG\AVG2013\avgidsagent.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSDriver] "ImagePath"="system32\DRIVERS\avgidsdriverx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSHX] "ImagePath"="system32\DRIVERS\avgidshx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSShim] "ImagePath"="system32\DRIVERS\avgidsshimx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgldx86] "ImagePath"="system32\DRIVERS\avgldx86.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avglogx] "ImagePath"="system32\DRIVERS\avglogx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgmfx86] "ImagePath"="system32\DRIVERS\avgmfx86.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgrkx86] "ImagePath"="system32\DRIVERS\avgrkx86.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgtdix] "ImagePath"="system32\DRIVERS\avgtdix.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avgwd] "ImagePath"="\"c:\program files\AVG\AVG2013\avgwdsvc.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BattC] "MofImagePath"="system32\drivers\battc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Beep] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BFE] "ServiceDll"="%SystemRoot%\System32\bfe.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BITS] "ServiceDll"="%systemroot%\system32\qmgr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\blbdrive] "ImagePath"="\SystemRoot\system32\drivers\blbdrive.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Bonjour Service] "ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bowser] "ImagePath"="system32\DRIVERS\bowser.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrFiltLo] "ImagePath"="\SystemRoot\system32\drivers\brfiltlo.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrFiltUp] "ImagePath"="\SystemRoot\system32\drivers\brfiltup.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Browser] "ServiceDll"="%SystemRoot%\System32\browser.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Brserid] "ImagePath"="\SystemRoot\system32\drivers\brserid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrSerWdm] "ImagePath"="\SystemRoot\system32\drivers\brserwdm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrUsbMdm] "ImagePath"="\SystemRoot\system32\drivers\brusbmdm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrUsbSer] "ImagePath"="\SystemRoot\system32\drivers\brusbser.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHMODEM] "ImagePath"="\SystemRoot\system32\drivers\bthmodem.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\catchme] "ImagePath"="\??\c:\users\BEAUAN~1\AppData\Local\Temp\catchme.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdfs] "ImagePath"="system32\DRIVERS\cdfs.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdrom] "ImagePath"="system32\DRIVERS\cdrom.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CertPropSvc] "ServiceDll"="%SystemRoot%\System32\certprop.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\circlass] "ImagePath"="\SystemRoot\system32\drivers\circlass.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CLFS] "ImagePath"="System32\CLFS.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\clr_optimization_v2.0.50727_32] "ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\clr_optimization_v4.0.30319_32] "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cmdide] "ImagePath"="\SystemRoot\system32\drivers\cmdide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Compbatt] "ImagePath"="\SystemRoot\system32\drivers\compbatt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\COMSysApp] "ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\crcdisk] "ImagePath"="system32\drivers\crcdisk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Crusoe] "ImagePath"="\SystemRoot\system32\drivers\crusoe.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\crypt32] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CryptSvc] "ServiceDll"="%SystemRoot%\system32\cryptsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CSC] "ImagePath"="system32\drivers\csc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CscService] "ServiceDll"="%SystemRoot%\System32\cscsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DCLocator] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DcomLaunch] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DfsC] "ImagePath"="System32\Drivers\dfsc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DFSR] "ImagePath"="%SystemRoot%\system32\DFSR.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dhcp] "ServiceDll"="%SystemRoot%\system32\dhcpcsvc.dll" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\disk] "ImagePath"="system32\drivers\disk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dnscache] "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dot3svc] "ServiceDll"="%SystemRoot%\System32\dot3svc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dot4] "ImagePath"="system32\DRIVERS\Dot4.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dot4Print] "ImagePath"="system32\DRIVERS\Dot4Prt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dot4usb] "ImagePath"="system32\DRIVERS\dot4usb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DPS] "ServiceDll"="%SystemRoot%\system32\dps.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\drmkaud] "ImagePath"="system32\drivers\drmkaud.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DXGKrnl] "ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\e1express] "ImagePath"="system32\DRIVERS\e1e6032.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\E1G60] "ImagePath"="system32\DRIVERS\E1G60I32.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EapHost] "ServiceDll"="%SystemRoot%\System32\eapsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ecache] "ImagePath"="System32\drivers\ecache.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\elxstor] "ImagePath"="\SystemRoot\system32\drivers\elxstor.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EmdCache] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EMDMgmt] "ServiceDll"="%systemroot%\system32\emdmgmt.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ESENT] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Eventlog] "ServiceDll"="%SystemRoot%\System32\wevtsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EventSystem] "ServiceDll"="%systemroot%\system32\es.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\exfat] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fastfat] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fax] "ImagePath"="%systemroot%\system32\fxssvc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fdc] "ImagePath"="system32\DRIVERS\fdc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fdPHost] "ServiceDll"="%SystemRoot%\system32\fdPHost.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FDResPub] "ServiceDll"="%SystemRoot%\system32\fdrespub.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FileInfo] "ImagePath"="system32\drivers\fileinfo.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Filetrace] "ImagePath"="system32\drivers\filetrace.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FlipShare Service] "ImagePath"="\"c:\program files\Flip Video\FlipShare\FlipShareService.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FlipShareServer] "ImagePath"="\"c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\flpydisk] "ImagePath"="system32\DRIVERS\flpydisk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FltMgr] "ImagePath"="system32\drivers\fltmgr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FontCache] "ServiceDll"="%SystemRoot%\system32\FntCache.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FontCache3.0.0.0] "ImagePath"="%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fs_Rec] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gagp30kx] "ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GEARAspiWDM] "ImagePath"="System32\Drivers\GEARAspiWDM.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GetSusp] "ImagePath"="\??\c:\windows\stinger.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GoogleDesktopManager-051210-111108] "ImagePath"="\"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gpsvc] "ServiceDll"="%SystemRoot%\System32\gpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gupdate1c96ae49818ce20] "ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /svc" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gupdatem] "ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /medsvc" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gusvc] "ImagePath"="\"c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HdAudAddService] "ImagePath"="system32\drivers\HdAudio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HDAudBus] "ImagePath"="system32\DRIVERS\HDAudBus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidBth] "ImagePath"="\SystemRoot\system32\drivers\hidbth.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidIr] "ImagePath"="\SystemRoot\system32\drivers\hidir.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hidserv] "ServiceDll"="%SystemRoot%\System32\hidserv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidUsb] "ImagePath"="system32\DRIVERS\hidusb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hitmanpro3] "ImagePath"="\??\c:\windows\system32\drivers\hitmanpro3.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hkmsvc] "ServiceDLL"="%SystemRoot%\system32\kmsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HpCISSs] "ImagePath"="\SystemRoot\system32\drivers\hpcisss.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hpqcxs08] "ServiceDll"="c:\program files\HP\Digital Imaging\bin\hpqcxs08.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hpqddsvc] "ServiceDll"="c:\program files\HP\Digital Imaging\bin\hpqddsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HPSLPSVC] "ServiceDll"="c:\program files\HP\Digital Imaging\bin\HPSLPSVC32.DLL" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HSF_DPV] "ImagePath"="system32\DRIVERS\HSX_DPV.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HSXHWBS2] "ImagePath"="system32\DRIVERS\HSXHWBS2.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HTTP] "ImagePath"="system32\drivers\HTTP.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i2omp] "ImagePath"="\SystemRoot\system32\drivers\i2omp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i8042prt] "ImagePath"="system32\DRIVERS\i8042prt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ialm] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iaStor] "ImagePath"="\SystemRoot\system32\drivers\iastor.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iaStorV] "ImagePath"="\SystemRoot\system32\drivers\iastorv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IDriverT] "ImagePath"="\"c:\program files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\idsvc] "ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\igfx] "ImagePath"="system32\DRIVERS\igdkmd32.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iirsp] "ImagePath"="\SystemRoot\system32\drivers\iirsp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IKEEXT] "ServiceDll"="%SystemRoot%\System32\ikeext.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\inetaccs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IntcAzAudAddService] "ImagePath"="system32\drivers\RTKVHDA.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\intelide] "ImagePath"="system32\DRIVERS\intelide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\intelppm] "ImagePath"="system32\DRIVERS\intelppm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPBusEnum] "ServiceDll"="%SystemRoot%\system32\ipbusenum.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpFilterDriver] "ImagePath"="system32\DRIVERS\ipfltdrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iphlpsvc] "ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpInIp] "ImagePath"="system32\DRIVERS\ipinip.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPMIDRV] "ImagePath"="\SystemRoot\system32\drivers\ipmidrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPNAT] "ImagePath"="system32\DRIVERS\ipnat.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iPod Service] "ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IRENUM] "ImagePath"="system32\drivers\irenum.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\isapnp] "ImagePath"="\SystemRoot\system32\drivers\isapnp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iScsiPrt] "ImagePath"="system32\DRIVERS\msiscsi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iteatapi] "ImagePath"="\SystemRoot\system32\drivers\iteatapi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iteraid] "ImagePath"="\SystemRoot\system32\drivers\iteraid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kbdclass] "ImagePath"="system32\DRIVERS\kbdclass.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kbdhid] "ImagePath"="system32\DRIVERS\kbdhid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KeyIso] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KSecDD] "ImagePath"="System32\Drivers\ksecdd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KtmRm] "ServiceDll"="%systemroot%\system32\msdtckrm.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LanmanServer] "ServiceDll"="%SystemRoot%\System32\srvsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LanmanWorkstation] "ServiceDll"="%SystemRoot%\System32\wkssvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ldap] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lltdio] "ImagePath"="system32\DRIVERS\lltdio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lltdsvc] "ServiceDll"="%SystemRoot%\System32\lltdsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lmhosts] "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LMIInfo] "ImagePath"="\??\c:\program files\LogMeIn\x86\RaInfo.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lmimirr] "ImagePath"="system32\DRIVERS\lmimirr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LMIRfsClientNP] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LMIRfsDriver] "ImagePath"="\??\c:\windows\system32\drivers\LMIRfsDriver.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Lsa] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_FC] "ImagePath"="\SystemRoot\system32\drivers\lsi_fc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_SAS] "ImagePath"="\SystemRoot\system32\drivers\lsi_sas.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_SCSI] "ImagePath"="\SystemRoot\system32\drivers\lsi_scsi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\luafv] "ImagePath"="\SystemRoot\system32\drivers\luafv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MBAMProtector] "ImagePath"="\??\c:\windows\system32\drivers\mbam.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MBAMScheduler] "ImagePath"="\"c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MBAMService] "ImagePath"="\"c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mdmxsdk] "ImagePath"="system32\DRIVERS\mdmxsdk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MediaMall Server] "ImagePath"="\"c:\program files\MediaMall\MediaMallServer.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\megasas] "ImagePath"="\SystemRoot\system32\drivers\megasas.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MMCSS] "ServiceDll"="%SystemRoot%\system32\mmcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Modem] "ImagePath"="system32\drivers\modem.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\monitor] "ImagePath"="system32\DRIVERS\monitor.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mouclass] "ImagePath"="system32\DRIVERS\mouclass.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mouhid] "ImagePath"="system32\DRIVERS\mouhid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MountMgr] "ImagePath"="System32\drivers\mountmgr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MozillaMaintenance] "ImagePath"="c:\program files\Mozilla Maintenance Service\maintenanceservice.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mpio] "ImagePath"="\SystemRoot\system32\drivers\mpio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mpsdrv] "ImagePath"="System32\drivers\mpsdrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc] "ServiceDll"="%SystemRoot%\system32\mpssvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mraid35x] "ImagePath"="\SystemRoot\system32\drivers\mraid35x.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MRxDAV] "ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb] "ImagePath"="system32\DRIVERS\mrxsmb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb10] "ImagePath"="system32\DRIVERS\mrxsmb10.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb20] "ImagePath"="system32\DRIVERS\mrxsmb20.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msahci] "ImagePath"="\SystemRoot\system32\drivers\msahci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msdsm] "ImagePath"="\SystemRoot\system32\drivers\msdsm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC] "ImagePath"="%SystemRoot%\System32\msdtc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC Bridge 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC Bridge 4.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Msfs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msisadrv] "ImagePath"="system32\drivers\msisadrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSiSCSI] "ServiceDll"="%systemroot%\system32\iscsiexe.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSKSSRV] "ImagePath"="system32\drivers\MSKSSRV.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPCLOCK] "ImagePath"="system32\drivers\MSPCLOCK.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPQM] "ImagePath"="system32\drivers\MSPQM.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MsRPC] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSSCNTRS] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mssmbios] "ImagePath"="system32\DRIVERS\mssmbios.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSTEE] "ImagePath"="system32\drivers\MSTEE.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msvad_simple] "ImagePath"="system32\drivers\povrtdev.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mup] "ImagePath"="System32\Drivers\mup.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\napagent] "ServiceDLL"="%SystemRoot%\system32\qagentRT.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NativeWifiP] "ImagePath"="system32\DRIVERS\nwifi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDIS] "ImagePath"="system32\drivers\ndis.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisTapi] "ImagePath"="system32\DRIVERS\ndistapi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ndisuio] "ImagePath"="system32\DRIVERS\ndisuio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisWan] "ImagePath"="system32\DRIVERS\ndiswan.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDProxy] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Net Driver HPZ12] "ServiceDll"="c:\windows\system32\HPZinw12.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetBIOS] "ImagePath"="system32\DRIVERS\netbios.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\netbt] "ImagePath"="System32\DRIVERS\netbt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netlogon] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netman] "ServiceDll"="%SystemRoot%\System32\netman.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetMsmqActivator] "ImagePath"="\"c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe\" -NetMsmqActivator" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetPipeActivator] "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\netprofm] "ServiceDll"="%SystemRoot%\System32\netprofm.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetTcpActivator] "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetTcpPortSharing] "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nfrd960] "ImagePath"="\SystemRoot\system32\drivers\nfrd960.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NlaSvc] "ServiceDll"="%SystemRoot%\System32\nlasvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NPF] "ImagePath"="system32\drivers\npf.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Npfs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nsi] "ServiceDll"="%systemroot%\system32\nsisvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nsiproxy] "ImagePath"="system32\drivers\nsiproxy.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NTDS] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ntfs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ntrigdigi] "ImagePath"="\SystemRoot\system32\drivers\ntrigdigi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Null] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvraid] "ImagePath"="\SystemRoot\system32\drivers\nvraid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvstor] "ImagePath"="\SystemRoot\system32\drivers\nvstor.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nv_agp] "ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFlt] "ImagePath"="system32\DRIVERS\nwlnkflt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFwd] "ImagePath"="system32\DRIVERS\nwlnkfwd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\odserv] "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ohci1394] "ImagePath"="system32\DRIVERS\ohci1394.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ose] "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\p2pimsvc] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\p2psvc] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parport] "ImagePath"="\SystemRoot\system32\drivers\parport.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\partmgr] "ImagePath"="System32\drivers\partmgr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parvdm] "ImagePath"="\SystemRoot\system32\drivers\parvdm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PcaSvc] "ServiceDll"="%SystemRoot%\System32\pcasvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pci] "ImagePath"="system32\drivers\pci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pciide] "ImagePath"="system32\drivers\pciide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pcmcia] "ImagePath"="\SystemRoot\system32\drivers\pcmcia.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pcouffin] "ImagePath"="System32\Drivers\pcouffin.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PEAUTH] "ImagePath"="system32\drivers\peauth.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfDisk] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfNet] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfOS] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfProc] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pla] "ServiceDll"="%systemroot%\system32\pla.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PlugPlay] "ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Pml Driver HPZ12] "ServiceDll"="c:\windows\system32\HPZipm12.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PnkBstrA] "ImagePath"="c:\windows\system32\PnkBstrA.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PNRPAutoReg] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PNRPsvc] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PolicyAgent] "ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PortProxy] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PptpMiniport] "ImagePath"="system32\DRIVERS\raspptp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Processor] "ImagePath"="\SystemRoot\system32\drivers\processr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProfSvc] "ServiceDll"="%systemroot%\system32\profsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProtectedStorage] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSched] "ImagePath"="system32\DRIVERS\pacer.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PStrip] "ImagePath"="system32\drivers\pstrip.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PTHDRBUS] "ImagePath"="system32\DRIVERS\PTHDRBUS.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PTHDRMDM] "ImagePath"="system32\DRIVERS\PTHDRMDM.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PTHDRVSP] "ImagePath"="system32\DRIVERS\PTHDRVSP.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql2300] "ImagePath"="\SystemRoot\system32\drivers\ql2300.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql40xx] "ImagePath"="\SystemRoot\system32\drivers\ql40xx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\QWAVE] "ServiceDll"="%windir%\system32\qwave.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\QWAVEdrv] "ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\R300] "ImagePath"="system32\DRIVERS\atikmdag.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAcd] "ImagePath"="System32\DRIVERS\rasacd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAuto] "ServiceDll"="%SystemRoot%\System32\rasauto.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Rasl2tp] "ImagePath"="system32\DRIVERS\rasl2tp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasMan] "ServiceDll"="%SystemRoot%\System32\rasmans.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasPppoe] "ImagePath"="system32\DRIVERS\raspppoe.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasSstp] "ImagePath"="system32\DRIVERS\rassstp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdbss] "ImagePath"="system32\DRIVERS\rdbss.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPCDD] "ImagePath"="System32\DRIVERS\RDPCDD.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPDD] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdpdr] "ImagePath"="system32\DRIVERS\rdpdr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPENCDD] "ImagePath"="system32\drivers\rdpencdd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPNP] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPWD] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteAccess] "ServiceDLL"="%SystemRoot%\System32\mprdim.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteRegistry] "ServiceDll"="%SystemRoot%\system32\regsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rpcapd] "ImagePath"="\"%ProgramFiles%\WinPcap\rpcapd.exe\" -d -f \"%ProgramFiles%\WinPcap\rpcapd.ini\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcLocator] "ImagePath"="%SystemRoot%\system32\locator.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcSs] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rspndr] "ImagePath"="system32\DRIVERS\rspndr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SamSs] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sbp2port] "ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SBSDWSCService] "ImagePath"="c:\program files\Spybot - Search & Destroy\SDWinSec.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCardSvr] "ServiceDll"="%SystemRoot%\System32\SCardSvr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Schedule] "ServiceDll"="%systemroot%\system32\schedsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCPolicySvc] "ServiceDll"="%SystemRoot%\System32\certprop.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SDRSVC] "ServiceDll"="%Systemroot%\System32\SDRSVC.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\secdrv] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\seclogon] "ServiceDll"="%windir%\system32\seclogon.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SENS] "ServiceDll"="%SystemRoot%\system32\sens.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sentinel] "ImagePath"="\SystemRoot\System32\Drivers\SENTINEL.SYS" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Serenum] "ImagePath"="\SystemRoot\system32\drivers\serenum.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Serial] "ImagePath"="\SystemRoot\system32\drivers\serial.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sermouse] "ImagePath"="\SystemRoot\system32\drivers\sermouse.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelOperation 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelService 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SessionEnv] "ServiceDLL"="%SystemRoot%\system32\sessenv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffdisk] "ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffp_mmc] "ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffp_sd] "ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sfloppy] "ImagePath"="\SystemRoot\system32\drivers\sfloppy.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SharedAccess] "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ShellHWDetection] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sisagp] "ImagePath"="\SystemRoot\system32\drivers\sisagp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiSRaid2] "ImagePath"="\SystemRoot\system32\drivers\sisraid2.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiSRaid4] "ImagePath"="\SystemRoot\system32\drivers\sisraid4.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SkypeUpdate] "ImagePath"="\"c:\program files\Skype\Updater\Updater.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\slsvc] "ImagePath"="%SystemRoot%\system32\SLsvc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SLUINotify] "ServiceDll"="%SystemRoot%\system32\SLUINotify.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Smb] "ImagePath"="system32\DRIVERS\smb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SMSvcHost 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SMSvcHost 4.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SNMPTRAP] "ImagePath"="%SystemRoot%\System32\snmptrap.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\spldr] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Spooler] "ImagePath"="%SystemRoot%\System32\spoolsv.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srv] "ImagePath"="System32\DRIVERS\srv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srv2] "ImagePath"="System32\DRIVERS\srv2.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srvnet] "ImagePath"="System32\DRIVERS\srvnet.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SSDPSRV] "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SstpSvc] "ServiceDll"="%SystemRoot%\system32\sstpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ss_bus] "ImagePath"="system32\DRIVERS\ss_bus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ss_mdfl] "ImagePath"="system32\DRIVERS\ss_mdfl.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ss_mdm] "ImagePath"="system32\DRIVERS\ss_mdm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\StarOpen] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\stisvc] "ServiceDll"="%SystemRoot%\System32\wiaservc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swenum] "ImagePath"="system32\DRIVERS\swenum.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swprv] "ServiceDll"="%Systemroot%\System32\swprv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Symc8xx] "ImagePath"="\SystemRoot\system32\drivers\symc8xx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sym_hi] "ImagePath"="\SystemRoot\system32\drivers\sym_hi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sym_u3] "ImagePath"="\SystemRoot\system32\drivers\sym_u3.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SysMain] "ServiceDll"="%systemroot%\system32\sysmain.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TabletInputService] "ServiceDll"="%SystemRoot%\System32\TabSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TapiSrv] "ServiceDll"="%SystemRoot%\System32\tapisrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TBS] "ServiceDll"="%SystemRoot%\System32\tbssvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip] "ImagePath"="System32\drivers\tcpip.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6] "ImagePath"="system32\DRIVERS\tcpip.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tcpipreg] "ImagePath"="System32\drivers\tcpipreg.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDPIPE] "ImagePath"="system32\drivers\tdpipe.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDTCP] "ImagePath"="system32\drivers\tdtcp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tdx] "ImagePath"="system32\DRIVERS\tdx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermDD] "ImagePath"="system32\DRIVERS\termdd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermService] "ServiceDll"="%SystemRoot%\System32\termsrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Themes] "ServiceDll"="%SystemRoot%\system32\shsvcs.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\THREADORDER] "ServiceDll"="%SystemRoot%\system32\mmcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrkWks] "ServiceDll"="%SystemRoot%\System32\trkwks.dll" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrustedInstaller] "ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TSDDD] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tssecsrv] "ImagePath"="System32\DRIVERS\tssecsrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tunmp] "ImagePath"="system32\DRIVERS\tunmp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tunnel] "ImagePath"="system32\DRIVERS\tunnel.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uagp35] "ImagePath"="\SystemRoot\system32\drivers\uagp35.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\udfs] "ImagePath"="system32\DRIVERS\udfs.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UGatherer] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UGTHRSVC] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UI0Detect] "ImagePath"="%SystemRoot%\system32\UI0Detect.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uliagpkx] "ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uliahci] "ImagePath"="\SystemRoot\system32\drivers\uliahci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UlSata] "ImagePath"="\SystemRoot\system32\drivers\ulsata.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ulsata2] "ImagePath"="\SystemRoot\system32\drivers\ulsata2.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\umbus] "ImagePath"="system32\DRIVERS\umbus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UmRdpService] "ServiceDll"="%SystemRoot%\System32\umrdp.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\upnphost] "ServiceDll"="%SystemRoot%\System32\upnphost.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usb] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBAAPL] "ImagePath"="System32\Drivers\usbaapl.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbaudio] "ImagePath"="system32\drivers\usbaudio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbccgp] "ImagePath"="system32\DRIVERS\usbccgp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbcir] "ImagePath"="\SystemRoot\system32\drivers\usbcir.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbehci] "ImagePath"="system32\DRIVERS\usbehci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbhub] "ImagePath"="system32\DRIVERS\usbhub.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbohci] "ImagePath"="\SystemRoot\system32\drivers\usbohci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbprint] "ImagePath"="system32\DRIVERS\usbprint.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbscan] "ImagePath"="system32\DRIVERS\usbscan.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBSTOR] "ImagePath"="system32\DRIVERS\USBSTOR.SYS" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbuhci] "ImagePath"="system32\DRIVERS\usbuhci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UxSms] "ServiceDll"="%SystemRoot%\System32\uxsms.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vds] "ImagePath"="%SystemRoot%\System32\vds.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vga] "ImagePath"="system32\DRIVERS\vgapnp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VgaSave] "ImagePath"="\SystemRoot\System32\drivers\vga.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp] "ImagePath"="\SystemRoot\system32\drivers\viaagp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ViaC7] "ImagePath"="\SystemRoot\system32\drivers\viac7.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaide] "ImagePath"="\SystemRoot\system32\drivers\viaide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vmm] "ImagePath"="\??\c:\windows\system32\Drivers\vmm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volmgr] "ImagePath"="system32\drivers\volmgr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volmgrx] "ImagePath"="System32\drivers\volmgrx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volsnap] "ImagePath"="system32\drivers\volsnap.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VPCNetS2] "ImagePath"="system32\DRIVERS\VMNetSrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsmraid] "ImagePath"="\SystemRoot\system32\drivers\vsmraid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VSS] "ImagePath"="%systemroot%\system32\vssvc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\W32Time] "ServiceDll"="%systemroot%\system32\w32time.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\W3SVC] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WacomPen] "ImagePath"="\SystemRoot\system32\drivers\wacompen.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wanarp] "ImagePath"="system32\DRIVERS\wanarp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wanarpv6] "ImagePath"="system32\DRIVERS\wanarp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wbengine] "ImagePath"="\"%systemroot%\system32\wbengine.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wcncsvc] "ServiceDll"="%SystemRoot%\System32\wcncsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WcsPlugInService] "ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wd] "ImagePath"="\SystemRoot\system32\drivers\wd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WDC_SAM] "ImagePath"="system32\DRIVERS\wdcsam.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wdf01000] "ImagePath"="system32\drivers\Wdf01000.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WdiServiceHost] "ServiceDll"="%SystemRoot%\system32\wdi.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WdiSystemHost] "ServiceDll"="%SystemRoot%\system32\wdi.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WebClient] "ServiceDll"="%SystemRoot%\System32\webclnt.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wecsvc] "ServiceDll"="%SystemRoot%\system32\wecsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wercplsupport] "ServiceDll"="%SystemRoot%\System32\wercplsupport.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WerSvc] "ServiceDll"="%SystemRoot%\System32\WerSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\winachsf] "ImagePath"="system32\DRIVERS\HSX_CNXT.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinDefend] "ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Windows Workflow Foundation 4.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinHttpAutoProxySvc] "ServiceDll"="winhttp.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Winmgmt] "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinRM] "ServiceDll"="%SystemRoot%\system32\WsmSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Winsock] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinSock2] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wlansvc] "ServiceDll"="%SystemRoot%\System32\wlansvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wlidsvc] "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmiAcpi] "ImagePath"="\SystemRoot\system32\drivers\wmiacpi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmiApRpl] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wmiApSrv] "ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WMPNetworkSvc] "ImagePath"="\"%ProgramFiles%\Windows Media Player\wmpnetwk.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WPDBusEnum] "ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WpdUsb] "ImagePath"="system32\DRIVERS\wpdusb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WPFFontCache_v0400] "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ws2ifsl] "ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WSearch] "ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WSearchIdxPi] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wuauserv] "ServiceDll"="%systemroot%\system32\wuaueng.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfPf] "ImagePath"="system32\drivers\WudfPf.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WUDFRd] "ImagePath"="system32\DRIVERS\WUDFRd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wudfsvc] "ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\XAudio] "ImagePath"="system32\DRIVERS\xaudio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\XAudioService] "ImagePath"="%SystemRoot%\system32\DRIVERS\xaudio.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\xmlprov] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{ECA2798E-A553-4BEB-8105-793C65C71220}] . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1767884144-503147267-1468628143-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7A55D41B-255D-3961-DE90-1804E0BF2F10}*] @Allowed: (Read) (RestrictedCode) "iaalgopiolcdgbmgad"=hex:69,61,62,65,68,6e,66,6e,66,68,61,6f,6b,69,6c,6b,6b,6b, 00,00 "haknipaoalfbkbfi"=hex:6a,61,63,65,69,6d,6d,70,61,64,6f,70,65,61,65,68,69,6a, 66,65,00,01 "iamnaoicmeeedejgah"=hex:63,61,64,65,64,6d,00,7f . [HKEY_USERS\S-1-5-21-1767884144-503147267-1468628143-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{89976A7B-3503-083B-2791-5370B30FBBF2}*] @Allowed: (Read) (RestrictedCode) "abnpniefjbcmngdlejahmgkihpigdilmdk"=hex:6b,61,69,69,65,6e,66,6d,67,6e,6d,61, 6a,6b,70,6c,6d,70,6c,6e,61,6b,00,00 "pahapklldgnlppkmaglhcebpnonagkdp"=hex:6b,61,69,69,65,6e,66,6d,67,6e,6d,61,6a, 6b,70,6c,6d,70,6c,6e,61,6b,00,00 . [HKEY_USERS\S-1-5-21-1767884144-503147267-1468628143-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E83516F4-C4B0-F2B9-86CD-BCE3DBD72343}*] "bbfooomclnloehhigeieocklbcjjjdmmjibk"=hex:61,61,00,00 "abfooomclnloehhigebfblclfdgnplcgdi"=hex:61,61,00,00 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2013-05-14 00:24:36 ComboFix-quarantined-files.txt 2013-05-14 04:24 . Pre-Run: 69,159,936,000 bytes free Post-Run: 69,057,335,296 bytes free . - - End Of File - - F1097094B2D446E3212F665BA1FF765E
  9. reddevil1628
    combofix complete- ComboFix 13-05-13.01 - Beau and Dana 05/13/2013 23:13:06.1.2 - x86 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2045.1099 [GMT -4:00] Running from: C:\Users\Beau and Dana\Documents\Desktop\ComboFix.exe AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ComboFix.txt
  10. reddevil1628
    Thank you Mrcharlie! First scan turned up 5 or 6 issues that were fixed. Second clan clear. I will let you know if the problem returns. Malwarebytes Anti-Rootkit BETA 1.05.0.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.0.6002 Windows Vista Service Pack 2 x86 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.394000 GHz Memory total: 2144813056, free: 1081843712 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.05.0.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.0.6002 Windows Vista Service Pack 2 x86 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.394000 GHz Memory total: 2144813056, free: 1077760000 ------------ Kernel report ------------ 05/13/2013 21:32:06 ------------ Loaded modules ----------- \SystemRoot\system32\ntkrnlpa.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\acpi.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\DRIVERS\intelide.sys \SystemRoot\system32\DRIVERS\PCIIDEX.SYS \SystemRoot\system32\drivers\pciide.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\msrpc.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\ecache.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\drivers\crcdisk.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\tunmp.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\e1e6032.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\ohci1394.sys \SystemRoot\system32\DRIVERS\1394BUS.SYS \SystemRoot\system32\DRIVERS\HSXHWBS2.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\HSX_DPV.sys \SystemRoot\system32\DRIVERS\HSX_CNXT.sys \SystemRoot\system32\drivers\modem.sys \SystemRoot\system32\DRIVERS\fdc.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\VMNetSrv.sys \SystemRoot\system32\DRIVERS\lmimirr.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\msiscsi.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\povrtdev.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\System32\Drivers\pcouffin.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\flpydisk.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\system32\drivers\RTKVHDA.sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\smb.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\drivers\pstrip.sys \SystemRoot\System32\Drivers\StarOpen.SYS \SystemRoot\system32\DRIVERS\wanarp.sys \??\C:\Windows\system32\Drivers\vmm.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\spsys.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\drivers\mrxdav.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\System32\Drivers\SENTINEL.SYS \SystemRoot\System32\Drivers\fastfat.SYS \??\C:\Windows\system32\drivers\LMIRfsDriver.sys \SystemRoot\system32\DRIVERS\mdmxsdk.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\xaudio.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\system32\DRIVERS\avglogx.sys \SystemRoot\system32\DRIVERS\avgrkx86.sys \SystemRoot\system32\DRIVERS\avgldx86.sys \SystemRoot\system32\DRIVERS\avgmfx86.sys \SystemRoot\system32\DRIVERS\avgtdix.sys \SystemRoot\system32\DRIVERS\avgidsshimx.sys \SystemRoot\system32\DRIVERS\avgidsdriverx.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \SystemRoot\System32\ATMFD.DLL \??\C:\Users\BEAUAN~1\AppData\Local\Temp\mbr.sys \??\C:\Windows\system32\drivers\TrueSight.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff85640438 Upper Device Driver Name: \Driver\disk\ Lower Device Name: Unknown Lower Device Object: 0xffffffff84a74b98 Lower Device Driver Name: Unknown Driver name found: atapi Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0) Load Function returned 0x0 Downloaded database version: v2013.05.13.09 Downloaded database version: v2013.05.13.01 Initializing... Done! <<<2>>> Device number: 0, partition: 3 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff85640438, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff85640120, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff85640438, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffffffff84a74518, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff84a74b98, DeviceName: Unknown, DriverName: Unknown ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0xffffffffb1ceaa30, 0xffffffff85640438, 0xffffffff862eaa18 Lower DeviceData: 0xffffffffb9c8f760, 0xffffffff84a74b98, 0xffffffff84e0e540 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 3 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... MBR buffers are not equal MBR is forged! [4333f673a96dbe57f4d0023e55e5303d] Inspecting partition table: MBR Signature: 55AA Disk Signature: 48000000 Partition information: Partition 0 type is Empty (0x0) Partition is ACTIVE. Partition starts at LBA: 5 Numsec = 0 Partition is not bootable Infected: VBR on Empty active partition --> [Rootkit.Pihar.c.MBR] Changing partition to empty and not active. New active partition is 2 on drive 0 ... Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 112392 Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 112640 Numsec = 20971520 Partition 2 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 21084160 Numsec = 604055552 Partition file system is NTFS Partition is bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 MBR infection found on drive 0 Disk Size: 320072933376 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-4-625122448-625142448)... Done! Performing system, memory and registry scan... Read File: File "c:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgcore.log.3" is compressed (flags = 1) Read File: File "c:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows Mail\tmp.edb" is compressed (flags = 1) Read File: File "c:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgcore.log.3" is compressed (flags = 1) Read File: File "c:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows Mail\tmp.edb" is compressed (flags = 1) Infected: c:\windows\$ntuninstallkb13781$\1526492969 --> [backdoor.0Access] Infected: c:\windows\$ntuninstallkb13781$\1526492969\l --> [backdoor.0Access] Infected: c:\windows\$ntuninstallkb13781$\1526492969\u --> [backdoor.0Access] Infected: c:\windows\$ntuninstallkb13781$\159133550 --> [backdoor.0Access] Done! Scan finished Creating System Restore point... Could not create restore point... Scheduling clean up... <<<2>>> Device number: 0, partition: 3 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Executing an action fixdamage.exe... Success! Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.05.0.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.0.6002 Windows Vista Service Pack 2 x86 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.394000 GHz Memory total: 2144813056, free: 990994432 Removal queue found; removal started Removing c:\windows\$ntuninstallkb13781$\1526492969... Directory c:\windows\$ntuninstallkb13781$\1526492969 postponed for removal Removing c:\windows\$ntuninstallkb13781$\1526492969\l... Removing c:\windows\$ntuninstallkb13781$\1526492969\u... Removing c:\windows\$ntuninstallkb13781$\159133550... Directory c:\windows\$ntuninstallkb13781$\1526492969 deleted successfully Removal finished ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.05.0.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.0.6002 Windows Vista Service Pack 2 x86 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.394000 GHz Memory total: 2144813056, free: 1074638848 ------------ Kernel report ------------ 05/13/2013 22:02:39 ------------ Loaded modules ----------- \SystemRoot\system32\ntkrnlpa.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\acpi.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\DRIVERS\intelide.sys \SystemRoot\system32\DRIVERS\PCIIDEX.SYS \SystemRoot\system32\drivers\pciide.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\msrpc.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\ecache.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\drivers\crcdisk.sys \SystemRoot\system32\DRIVERS\avgrkx86.sys \SystemRoot\system32\DRIVERS\avglogx.sys \SystemRoot\system32\DRIVERS\avgmfx86.sys \SystemRoot\system32\DRIVERS\avgidshx.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\tunmp.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\e1e6032.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\ohci1394.sys \SystemRoot\system32\DRIVERS\1394BUS.SYS \SystemRoot\system32\DRIVERS\HSXHWBS2.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\HSX_DPV.sys \SystemRoot\system32\DRIVERS\HSX_CNXT.sys \SystemRoot\system32\drivers\modem.sys \SystemRoot\system32\DRIVERS\fdc.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\VMNetSrv.sys \SystemRoot\system32\DRIVERS\lmimirr.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\msiscsi.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\povrtdev.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\System32\Drivers\pcouffin.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\flpydisk.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\system32\drivers\RTKVHDA.sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\avgtdix.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\smb.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\drivers\pstrip.sys \SystemRoot\System32\Drivers\StarOpen.SYS \SystemRoot\system32\DRIVERS\wanarp.sys \??\C:\Windows\system32\Drivers\vmm.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\avgldx86.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\avgidsshimx.sys \SystemRoot\system32\DRIVERS\avgidsdriverx.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\drivers\spsys.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\drivers\mrxdav.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\System32\Drivers\SENTINEL.SYS \SystemRoot\System32\Drivers\fastfat.SYS \??\C:\Windows\system32\drivers\LMIRfsDriver.sys \SystemRoot\system32\DRIVERS\mdmxsdk.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\xaudio.sys \??\C:\Windows\system32\drivers\mbam.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff85d74798 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-1\ Lower Device Object: 0xffffffff851f9b98 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0) Load Function returned 0x0 Initializing... Done! <<<2>>> Device number: 0, partition: 3 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff85d74798, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff85d743b8, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff85d74798, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffffffff851db350, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff851f9b98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-1\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0xffffffffa0f26048, 0xffffffff85d74798, 0xffffffff84b2e128 Lower DeviceData: 0xffffffffa99427c8, 0xffffffff851f9b98, 0xffffffff84be6180 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 3 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 48000000 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 112392 Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 112640 Numsec = 20971520 Partition 2 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 21084160 Numsec = 604055552 Partition file system is NTFS Partition is bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 320072933376 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)... Done! Performing system, memory and registry scan... Done! Scan finished ======================================= system-log.txt
  11. reddevil1628
    Sorry, here is the copy and paste- UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Business Boot Device: \Device\HarddiskVolume3 Install Date: 2/22/2008 5:49:12 PM System Uptime: 5/13/2013 12:13:00 PM (6 hours ago) . Motherboard: Dell Inc. | | 0RY007 Processor: Intel® Core2 Duo CPU E4600 @ 2.40GHz | Socket 775 | 2000/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 288 GiB total, 64.446 GiB free. D: is FIXED (NTFS) - 10 GiB total, 6.542 GiB free. E: is CDROM () F: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Tun Miniport Adapter Device ID: ROOT\*TUNMP\0001 Manufacturer: Microsoft Name: Microsoft Tun Miniport Adapter #2 PNP Device ID: ROOT\*TUNMP\0001 Service: tunmp . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 32 Bit HP CIO Components Installer Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.4) AMD APP SDK Runtime Apple Application Support Apple Mobile Device Support Apple Software Update ATI Catalyst Control Center ATI Catalyst Install Manager AVG 2013 AXIS Media Control Embedded Bentley MicroStation (V 08.05.02.55) - 1 Bentley PowerMap Field - MobileMapping Tool Bonjour Boxee Browser Address Error Redirector BufferChm C4700 calibre Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center Localization Chinese Standard Catalyst Control Center Localization Chinese Traditional Catalyst Control Center Localization French Catalyst Control Center Localization German Catalyst Control Center Localization Hungarian Catalyst Control Center Localization Italian Catalyst Control Center Localization Japanese Catalyst Control Center Localization Korean Catalyst Control Center Localization Polish Catalyst Control Center Localization Portuguese Catalyst Control Center Localization Spanish Catalyst Control Center Localization Thai Catalyst Control Center Localization Turkish ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help English CCC Help French CCC Help German CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Polish CCC Help Portuguese CCC Help Spanish CCC Help Thai CCC Help Turkish CCleaner Cisco WebEx Meetings Conexant D850 PCI V.92 Modem ConvertXtoDVD 3.3.4.106e CutePDF Writer 2.7 D3DX10 Data Access Objects (DAO) 3.5 Dell Driver Download Manager Dell Getting Started Guide Dell Support Center Destinations DeviceDiscovery Digital Line Detect Dropbox Fidelity Active Trader Pro® FlipShare Google Chrome Google Desktop Google Earth Google Update Helper Google Updater GoToMeeting 4.1.0.366 GPBaseService2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Customer Participation Program 13.0 HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6 HP Update HPPhotoGadget hpPrintProjects HPProductAssistant HPSSupply hpWLPGInstaller iExplorer 2.2.1.3 Index.dat Suite Intel® Graphics Media Accelerator Driver Intel® PRO Network Connections 12.1.11.0 iSpy iTunes Java 7 Update 21 Java Auto Updater Karnij Client Malwarebytes Anti-Malware version 1.75.0.1300 MarketResearch Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Home and Student 2007 Trial Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Office Word Viewer 2003 Microsoft Silverlight Microsoft VC9 runtime libraries Microsoft Virtual PC 2007 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MobileMe Control Panel Modem Diagnostic Tool Mozilla Firefox 18.0.2 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Music, Photos & Videos Launcher muvee Plugin 1.0 neroxml Network OGA Notifier 2.0.0048.0 OsenXPSuite 2010 Enterprise Edition [2011.05.20] PANTECH Handset USB Driver Pantech PCSuite Planetary Conquest Client PlayOn PowerStrip 3 (remove only) Product Documentation Launcher PS_AIO_06_C4700_SW_Min PunkBuster Services QuickTime Realtek High Definition Audio Driver RedistSysFiles Safari SAMSUNG Mobile Modem Driver Set Samsung Mobile phone USB driver Software SAMSUNG Mobile USB Modem 1.0 Software SAMSUNG Mobile USB Modem Software Scan Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Segoe UI Sentinel System Driver 5.41.1 (32-bit) SJphone 1.65 Skins Skype Click to Call Skype™ 5.10 SolutionCenter Sonic Activation Module Spybot - Search & Destroy Status Toolbox TrayApp Unified Remote Unity Web Player Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) User's Guides VBA (2627.01) Ventrilo Client WebReg Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Messenger Windows Live OneCare safety scanner Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Media Player Firefox Plugin WinPcap 4.0.2 WinRAR archiver Wondershare Dr.Fone(Build 2.0.1.3) . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.21.2 Run by Beau and Dana at 18:02:15 on 2013-05-13 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2045.617 [GMT -4:00] . AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\atiesrxx.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Flip Video\FlipShare\FlipShareService.exe C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe C:\Windows\system32\PnkBstrA.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\UI0Detect.exe C:\Program Files\AVG\AVG2013\avgidsagent.exe C:\Program Files\AVG\AVG2013\avgwdsvc.exe C:\Program Files\AVG\AVG2013\avgnsx.exe C:\Program Files\AVG\AVG2013\avgemcx.exe C:\Program Files\AVG\AVG2013\avgui.exe C:\Program Files\AVG\AVG2013\avgcfgex.exe C:\Program Files\AVG\AVG2013\avgrsx.exe C:\Program Files\AVG\AVG2013\avgcsrvx.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Windows Mail\WinMail.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k netsvcs . ============== Pseudo HJT Report =============== . uStart Page = hxxps://www.google.com/ uWindow Title = Internet Explorer provided by Dell mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={4B53C240-B367-11E2-968C-001AA08F057E} mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080223 dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file> EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file> mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent dRun: [PxDotNetLoader] "c:\program files\fidelity investments\fidelity active trader\system\ATPStartupAssistant.exe" StartupFolder: c:\users\beau and dana\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote Table Of Contents.onetoc2 uPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://72.10.224.194/activex/AMC.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP10EP1-16277/webex/ieatgpc1.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=722 TCP: NameServer = 192.168.1.254 TCP: Interfaces\{ECA2798E-A553-4BEB-8105-793C65C71220} : DHCPNameServer = 192.168.1.254 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned> Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Handler: x-atng - {7e8717b0-d862-11d5-8c9e-00010304f989} - c:\program files\fidelity investments\fidelity active trader\system\atngprot.dll Notify: igfxcui - igfxdev.dll AppInit_DLLs= c:\progra~1\google\google~2\GOEC62~1.DLL LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\users\beau and dana\appdata\roaming\mozilla\firefox\profiles\vpuqhd0j.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={4B53C240-B367-11E2-968C-001AA08F057E} FF - prefs.js: keyword.URL - hxxp://start.sweetpacks.com/?src=2&st=12&crg=3.5000006.10042&barid={4B53C240-B367-11E2-968C-001AA08F057E}&q= FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll FF - plugin: c:\users\beau and dana\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\users\beau and dana\appdata\roaming\mozilla\firefox\profiles\vpuqhd0j.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\plugins\np-mswmp.dll FF - plugin: c:\users\beau and dana\appdata\roaming\mozilla\firefox\profiles\vpuqhd0j.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\plugins\npConduitFirefoxPlugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll FF - ExtSQL: 2013-05-02 16:32; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\users\beau and dana\appdata\roaming\mozilla\firefox\profiles\vpuqhd0j.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi FF - ExtSQL: !HIDDEN! 2009-07-07 22:27; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false ============= SERVICES / DRIVERS =============== . R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 245048] R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 96568] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 39224] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-3-29 208184] R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22328] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 170808] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072] R1 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-7-14 27992] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-5-24 176128] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-4-25 4936752] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-4-18 283136] R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-5-6 1085440] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-30 21504] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-1-3 47640] S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 60216] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate1c96ae49818ce20;Google Update Service (gupdate1c96ae49818ce20);c:\program files\google\update\GoogleUpdate.exe [2008-12-30 133104] S2 MediaMall Server;MediaMall Server;c:\program files\mediamall\MediaMallServer.exe [2013-5-10 4029232] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-4 1153368] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944] S3 GetSusp;GetSusp;c:\windows\stinger.sys [2012-9-22 14664] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-2-22 30192] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064] S3 PTHDRBUS;PANTECH Handset HSUSB Composite Device;c:\windows\system32\drivers\PTHDRBUS.sys [2012-6-4 55056] S3 PTHDRMDM;PANTECH HSUSB Modem;c:\windows\system32\drivers\PTHDRMDM.sys [2012-6-4 160784] S3 PTHDRVSP;PANTECH HSUSB Diagnostic Serial Port;c:\windows\system32\drivers\PTHDRVSP.sys [2012-6-4 160784] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2013-05-13 21:18:17 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-05-13 21:18:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-05-13 16:27:53 -------- d-----w- c:\users\beau and dana\appdata\roaming\AVG2013 2013-05-13 16:26:08 -------- d--h--w- C:\$AVG 2013-05-13 16:26:07 -------- d-----w- c:\programdata\AVG2013 2013-05-13 16:20:42 -------- d-----w- c:\users\beau and dana\appdata\local\Avg2013 2013-05-13 10:23:14 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-05-12 05:37:07 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e464c579-3708-424d-9b4a-82cd9bd01081}\offreg.dll 2013-05-11 19:40:16 6906960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e464c579-3708-424d-9b4a-82cd9bd01081}\mpengine.dll 2013-05-11 17:55:55 -------- d-----w- C:\TDSSKiller_Quarantine 2013-05-11 02:31:58 -------- d-----w- c:\program files\common files\ffdshowEx 2013-05-10 14:09:07 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-10 14:09:06 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-09 17:00:41 -------- d-----w- c:\users\beau and dana\appdata\roaming\webex 2013-05-09 17:00:16 -------- d-----w- c:\programdata\WebEx 2013-05-09 15:49:36 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-05-06 20:19:33 -------- d-----w- c:\users\beau and dana\appdata\roaming\iSpy 2013-05-06 20:19:14 -------- d-----w- c:\program files\iSpy 2013-05-06 16:12:38 -------- d-----w- c:\users\beau and dana\appdata\roaming\Search tool 2013-05-06 02:27:10 -------- d-----w- c:\program files\Temp 2013-05-06 02:24:40 -------- d-----w- c:\users\beau and dana\appdata\local\Wondershare 2013-05-06 02:24:37 -------- d-----w- c:\program files\common files\Wondershare 2013-05-06 02:24:19 -------- d--h--w- c:\program files\Dr.Fone_Temp 2013-05-06 02:24:19 -------- d-----w- c:\program files\Wondershare 2013-05-02 20:16:13 -------- d-----w- c:\users\beau and dana\appdata\local\VisualBeeExe 2013-05-02 20:15:21 -------- d-----w- c:\programdata\VisualBee 2013-04-29 16:11:59 -------- d-----w- c:\program files\VideoLAN 2013-04-29 15:40:22 -------- d-----w- C:\wamp 2013-04-27 18:26:29 -------- d-----w- c:\program files\MediaMall 2013-04-27 18:25:27 -------- d-----w- c:\programdata\MediaMall 2013-04-27 12:19:05 -------- d-----w- c:\programdata\boost_interprocess 2013-04-27 12:19:03 -------- d-----w- c:\users\beau and dana\appdata\local\Plex Media Server . ==================== Find3M ==================== . 2013-05-09 15:49:11 866720 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-05-09 15:49:11 788896 ----a-w- c:\windows\system32\deployJava1.dll 2013-05-02 06:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-03-29 06:53:48 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2013-03-21 07:08:24 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2013-03-11 13:25:50 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-11 13:25:50 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-09 03:45:04 49152 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-09 01:28:08 64000 ----a-w- c:\windows\system32\smss.exe 2013-03-08 03:53:50 376320 ----a-w- c:\windows\system32\winsrv.dll 2013-03-08 03:52:22 2067968 ----a-w- c:\windows\system32\mstscax.dll 2013-03-06 00:28:18 23920 ----a-w- c:\windows\system32\drivers\povrtdev.sys 2013-03-05 01:40:56 2049024 ----a-w- c:\windows\system32\win32k.sys 2013-03-03 19:07:52 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-03-01 19:30:48 139096 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2013-03-01 19:30:16 202008 ----a-w- c:\windows\system32\PnkBstrB.exe 2013-03-01 19:30:16 202008 ----a-w- c:\windows\system32\PnkBstrB.ex0 2013-03-01 14:32:20 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2013-02-22 03:46:00 1800704 ----a-w- c:\windows\system32\jscript9.dll 2013-02-22 03:38:00 1129472 ----a-w- c:\windows\system32\wininet.dll 2013-02-22 03:37:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2013-02-22 03:34:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2013-02-22 03:34:03 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-02-22 03:31:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-02-16 13:16:28 8968 ----a-w- c:\windows\system32\KL2DLL.DLL 2013-02-16 13:16:28 77824 ----a-w- c:\windows\system32\NWKL2_32.DLL 2013-02-16 13:16:28 7440 ----a-w- c:\windows\system32\ppmon.dll 2013-02-16 13:16:28 40352 ----a-w- c:\windows\system32\drivers\Usbkey.sys 2013-02-16 13:16:28 40352 ----a-w- c:\windows\inf\Usbkey.sys 2013-02-16 13:16:28 28672 ----a-w- c:\windows\system32\KL2DLL32.DLL 2013-02-16 13:16:28 24136 ----a-w- c:\windows\system32\ppmon.exe 2013-02-16 13:16:28 12480 ----a-w- c:\windows\system32\KL2N.DLL 2013-02-16 13:15:45 737280 ----a-w- c:\windows\iun6002.exe . ============= FINISH: 18:03:59.84 =============== RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : Beau and Dana [Admin rights] Mode : Scan -- Date : 05/13/2013 18:39:20 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [sVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe [x] -> KILLED [TermProc] ¤¤¤ Registry Entries : 5 ¤¤¤ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FOLDER] $NtUninstallKB13781$ : C:\Windows\$NtUninstallKB13781$ --> FOUND ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ Extern Hives: ¤¤¤ -> D:\windows\system32\config\SOFTWARE -> D:\windows\system32\config\SYSTEM -> D:\Users\Default\NTUSER.DAT ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] 09464317c7a8c1ce188241434964cc7d [bSP] 12363dafc8b1110c9583683a9ba0f769 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 10240 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21084160 | Size: 294949 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] 12f7718fac43fd7da7ea064c6518e2c4 [bSP] 12363dafc8b1110c9583683a9ba0f769 : Windows Vista MBR Code Partition table: 1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 10240 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 21084160 | Size: 294949 Mo Finished : << RKreport[1]_S_05132013_02d1839.txt >> RKreport[1]_S_05132013_02d1839.txt
  12. reddevil1628
    I recently purchased and set up a Roku 3 for my TV and at about the same time ran into a pretty consistent problem with my PC. I noticed my CPU processor running at about 70% with a svchost taking up the majority. I also started to get random audio playing at the same time. It is usually 2 or 3 audio streams on top of one another. Anything from youtube videos to news and commercials. When I kill the svchost the audio stops but shortly thereafter the process begins again and the audio starts. The weird thing is after about an hour or so the audio and process stops and most of the time stays off. Another weird tidbit is it begins at my log on screen, it doesnt wait until all programs are starting up. I have ran the suggested scans and attached them to this post. I am trying to rule out any malware problems I might have. Thanks in advance for your help. attach.txt dds.txt RKreport1_S_05132013_02d1839.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.