Jump to content

smitfraud-c.generic


Osborne

Recommended Posts

First, thank you in advance for your help.

Having trouble removing smitfraud-c.generic

spybot was unable to remove it.

Running malwarebytes scan currently

ran the kaspersky tool earlier which seemed to remove it, the internet is moving faster, but its still shows up in spybot scans.

DDS scan shows

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_32

Run by Tori at 22:16:43 on 2012-11-19

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1186 [GMT -6:00]

.

AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2013\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe

C:\Program Files\Realtek\RtVOsd\RtVOsd.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\msiexec.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uURLSearchHooks: {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - <orphaned>

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll

uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab

TCP: NameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{0D04A0FC-3742-4DD7-99AD-8C633B5A0934} : DHCPNameServer = 10.107.128.1

TCP: Interfaces\{CDDF71EF-4778-448D-BC06-80DF65B3A25E} : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{CDDF71EF-4778-448D-BC06-80DF65B3A25E}\65963747160213130303 : DHCPNameServer = 10.107.128.1

TCP: Interfaces\{CDDF71EF-4778-448D-BC06-80DF65B3A25E}\659637471602830303 : DHCPNameServer = 10.107.128.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll

SSODL: WebCheck - <orphaned>

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]

R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-29 30568]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-9-19 98208]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-19 202752]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]

R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-4-19 315392]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-11-8 1153368]

R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-9-19 347680]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-9-19 38456]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-1-14 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-26 1255736]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

.

=============== Created Last 30 ================

.

2012-11-20 04:15:43 -------- d-----w- C:\Users\Tori\AppData\Roaming\Malwarebytes

2012-11-20 04:15:30 -------- d-----w- C:\ProgramData\Malwarebytes

2012-11-20 04:15:29 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-11-20 04:15:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-11-20 03:13:26 208216 ----a-w- C:\Windows\System32\drivers\32836484.sys

2012-11-20 02:44:34 -------- d-----w- C:\TDSSKiller_Quarantine

2012-11-20 01:10:47 20480 ----a-w- C:\Windows\svchost.exe

2012-11-20 00:53:12 95744 ----a-w- C:\Windows\System32\synceng.dll

2012-11-20 00:53:12 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2012-11-09 02:02:31 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-11-09 02:02:31 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-11-09 01:56:36 -------- d-----w- C:\ProgramData\Tarma Installer

2012-11-09 01:56:31 -------- d-----w- C:\Program Files (x86)\Conduit

2012-11-09 01:56:27 -------- d-----w- C:\Users\Tori\AppData\Local\Conduit

2012-11-09 01:56:25 -------- d-----w- C:\Program Files (x86)\InternetHelper1.5

2012-11-06 01:20:43 119808 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\3D9E.tmp

2012-11-06 01:20:42 119808 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\3D5D.tmp.dat

2012-10-28 23:54:53 119808 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\4AFA.tmp.dat

2012-10-24 23:04:23 220160 ----a-w- C:\Windows\System32\wintrust.dll

2012-10-24 23:04:23 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-10-24 23:04:12 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-10-24 23:04:11 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-10-24 23:04:11 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-10-24 23:04:05 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-10-24 23:04:05 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-10-24 23:03:32 715776 ----a-w- C:\Windows\System32\kerberos.dll

2012-10-24 23:03:32 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll

2012-10-24 23:02:10 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2012-10-24 23:02:09 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-10-24 23:02:09 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-10-24 23:02:09 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-10-24 23:02:09 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-10-24 23:02:09 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-10-22 19:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys

.

==================== Find3M ====================

.

2012-11-09 00:41:39 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

2012-10-23 00:42:22 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-23 00:42:22 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-10-15 09:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys

2012-10-05 09:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

2012-10-02 08:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2012-09-21 08:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys

2012-09-21 08:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys

2012-09-14 08:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

2012-08-24 18:05:06 1188864 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 16:57:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 15:59:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2012-08-24 15:20:39 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

.

============= FINISH: 22:18:13.11 ===============

Regards,

Osborne

Link to post
Share on other sites

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

=====

Also, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

=====

Do you have a log from Spybot or Kaspersky? If so, please post the contents in your reply.

=====

In your reply please provide the contents of the following logs:

  • ComboFix.txt.
  • AdwCleaner[R1].txt.

Link to post
Share on other sites

combofix log

ComboFix 12-11-20.02 - Tori 11/20/2012 6:10.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1662 [GMT -6:00]

Running from: c:\users\Tori\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Windows\DRM\3D9E.tmp

c:\users\Tori\Desktop\Internet Explorer.lnk

c:\windows\Downloaded Program Files\popcaploader.dll

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\security\Database\tmp.edb

.

.

((((((((((((((((((((((((( Files Created from 2012-10-20 to 2012-11-20 )))))))))))))))))))))))))))))))

.

.

2012-11-20 12:16 . 2012-11-20 12:16 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-20 04:15 . 2012-11-20 04:15 -------- d-----w- c:\users\Tori\AppData\Roaming\Malwarebytes

2012-11-20 04:15 . 2012-11-20 04:15 -------- d-----w- c:\programdata\Malwarebytes

2012-11-20 04:15 . 2012-09-30 01:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-20 04:15 . 2012-11-20 04:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-11-20 03:50 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys

2012-11-20 03:13 . 2012-11-20 03:13 208216 ----a-w- c:\windows\system32\drivers\32836484.sys

2012-11-20 02:44 . 2012-11-20 02:44 -------- d-----w- C:\TDSSKiller_Quarantine

2012-11-20 00:53 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2012-11-20 00:53 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll

2012-11-09 02:02 . 2012-11-20 00:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-11-09 02:02 . 2012-11-09 02:02 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-11-09 01:56 . 2012-11-09 03:03 -------- d-----w- c:\programdata\Tarma Installer

2012-11-09 01:56 . 2012-11-09 01:56 -------- d-----w- c:\program files (x86)\Conduit

2012-11-09 01:56 . 2012-11-09 03:07 -------- d-----w- c:\users\Tori\AppData\Local\Conduit

2012-11-09 01:56 . 2012-11-14 01:30 -------- d-----w- c:\program files (x86)\InternetHelper1.5

2012-11-06 01:20 . 2012-11-06 01:20 119808 ----a-w- c:\programdata\Microsoft\Windows\DRM\3D5D.tmp.dat

2012-10-31 00:25 . 2012-10-31 00:25 -------- d-----w- c:\users\Administrator

2012-10-29 18:11 . 2012-10-29 18:11 -------- d-----w- c:\windows\Sun

2012-10-28 23:54 . 2012-10-28 23:54 119808 ----a-w- c:\programdata\Microsoft\Windows\DRM\4AFA.tmp.dat

2012-10-24 23:04 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-10-24 23:04 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-10-24 23:04 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-10-24 23:04 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-10-24 23:04 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-10-24 23:04 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-24 23:04 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-10-24 23:03 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll

2012-10-24 23:03 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll

2012-10-24 23:02 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll

2012-10-24 23:02 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-24 23:02 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-24 23:02 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-10-24 23:02 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-10-24 23:02 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-10-22 19:02 . 2012-10-22 19:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-20 03:54 . 2011-01-13 01:42 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-11-09 00:41 . 2012-09-29 20:42 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2012-10-23 00:42 . 2012-05-03 22:49 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-23 00:42 . 2012-03-26 23:35 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-15 09:48 . 2012-10-15 09:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2012-10-05 09:32 . 2012-10-05 09:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

2012-10-02 08:30 . 2012-10-02 08:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys

2012-09-21 08:46 . 2012-09-21 08:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys

2012-09-21 08:46 . 2012-09-21 08:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys

2012-09-14 08:05 . 2012-09-14 08:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys

2012-08-24 18:05 . 2012-10-03 22:13 1188864 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 18:05 . 2012-10-03 22:13 1494528 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 18:05 . 2012-10-03 22:13 134144 ----a-w- c:\windows\system32\url.dll

2012-08-24 18:03 . 2012-10-03 22:14 9056256 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 18:03 . 2012-10-03 22:13 97792 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 18:03 . 2012-10-03 22:13 735744 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 18:03 . 2012-10-03 22:13 64512 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 18:02 . 2012-10-03 22:13 247808 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 18:02 . 2012-10-03 22:14 12295680 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 18:02 . 2012-10-03 22:13 2453504 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 16:57 . 2012-10-03 22:13 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 15:59 . 2012-10-03 22:13 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 15:20 . 2012-10-03 22:13 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-22 18:12 . 2012-09-23 23:51 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-23 23:51 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-23 23:51 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-11-09 00:41 1796552 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-09 1796552]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-17 98304]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-09 997320]

"ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" [2012-09-29 856160]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-26 1255736]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-09 30568]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-17 202752]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]

S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-20 315392]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-09 711112]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 00:42]

.

2012-10-23 c:\windows\Tasks\HPCeeScheduleForTori.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-05-26 6245408]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - (no file)

Wow6432Node-HKCU-Run-HPAdvisorDock - c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe

SafeBoot-04308139.sys

SafeBoot-16996721.sys

SafeBoot-74093487.sys

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

WebBrowser-{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-20 06:18:59

ComboFix-quarantined-files.txt 2012-11-20 12:18

.

Pre-Run: 245,398,278,144 bytes free

Post-Run: 245,094,039,552 bytes free

.

- - End Of File - - A22635913E3D242ED309896556B52C69

Link to post
Share on other sites

adwcleaner log

# AdwCleaner v2.008 - Logfile created 11/20/2012 at 06:22:41

# Updated 17/11/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Tori - TORI-HP

# Boot Mode : Normal

# Running from : C:\Users\Tori\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

File Found : C:\Users\Public\Desktop\eBay.lnk

Folder Found : C:\Program Files (x86)\AVG Secure Search

Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Found : C:\Program Files (x86)\Conduit

Folder Found : C:\ProgramData\AVG Secure Search

Folder Found : C:\ProgramData\Tarma Installer

Folder Found : C:\Users\Tori\AppData\Local\AVG Secure Search

Folder Found : C:\Users\Tori\AppData\Local\Conduit

Folder Found : C:\Users\Tori\AppData\LocalLow\AVG Secure Search

Folder Found : C:\Users\Tori\AppData\LocalLow\Conduit

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\AVG Secure Search

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\Software\AVG Secure Search

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3247201

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKU\S-1-5-21-958451323-4015970961-1856407647-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [6144 octets] - [20/11/2012 06:22:41]

########## EOF - C:\AdwCleaner[R1].txt - [6204 octets] ##########

Link to post
Share on other sites

Howdy Osborne,

The AVG Secure Search Toolbar is installed on your computer. It has been known to act suspiciously (please see here for more information).

You have Conduit installed. Apart from being known to exhibit suspicious behaviour, it has also being known to facilitate other infections. I strongly recommend removing this program.

Please go to Start>Control Panel>Programs and Features>Programs and uninstall the following (if present):

  • AVG Secure Search Toolbar
  • Conduit

Please restart your computer after these program removals.

=====

  • Next, please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

=====

Then, please go to http://www.virustotal.com, click on Choose File, and upload the following files for analysis: You will only be able to have one file scanned at a time.

c:\programdata\Microsoft\Windows\DRM\3D5D.tmp.dat

c:\programdata\Microsoft\Windows\DRM\4AFA.tmp.dat

Then click Scan It!. Allow the file to be scanned, and then please copy/paste the results here for me to see.

Note: If a message appears saying the file has already been analysed, please resend the file.

=====

You attached the application for TDSSKiller, not the logfile.

=====

In your reply I would like to see the contents of the following please:

  • AdwCleaner[s1].txt.
  • Results from VirusTotal.

How is your computer running?

Link to post
Share on other sites

# AdwCleaner v2.008 - Logfile created 11/21/2012 at 06:33:30

# Updated 17/11/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Tori - TORI-HP

# Boot Mode : Normal

# Running from : C:\Users\Tori\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

File Deleted : C:\Users\Public\Desktop\eBay.lnk

File Deleted : C:\Users\Tori\AppData\Local\Temp\Uninstall.exe

Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Users\Tori\AppData\Local\Conduit

Folder Deleted : C:\Users\Tori\AppData\LocalLow\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3247201

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [6263 octets] - [20/11/2012 06:22:41]

AdwCleaner[s1].txt - [3051 octets] - [21/11/2012 06:33:30]

########## EOF - C:\AdwCleaner[s1].txt - [3111 octets] ##########

Link to post
Share on other sites

SHA256: a05d9b1dbe9a67d3da6011e6a1d96b3621c1b61240f48281cfe97a50c2a2ac0b SHA1: d29df3bc310613153650b1f1c3c7073df94d9f63 MD5: 3742924b7b5f86b36423ac5178b3a2d6 File size: 117.0 KB ( 119808 bytes ) File name: 3D5D.tmp.dat File type: Win32 EXE Detection ratio: 31 / 43 Analysis date: 2012-11-21 12:41:15 UTC ( 0 minutes ago )

0

0

Less details

Antivirus Result Update Agnitum - 20121118 AhnLab-V3 Dropper/Win32.Tdss 20121118 AntiVir TR/Alureon.A.68 20121119 Antiy-AVL - 20121118 Avast Win32:Alureon-AYG [Trj] 20121119 AVG Generic30.STG 20121119 BitDefender Gen:Variant.Kazy.106561 20121119 ByteHero - 20121116 CAT-QuickHeal Trojan.Tdss.itlb 20121119 ClamAV - 20121119 Commtouch - 20121119 Comodo TrojWare.Win32.Trojan.Agent.Gen 20121119 DrWeb Trojan.Tdlphaze.15 20121119 Emsisoft - 20121119 eSafe Win32.Trojan 20121115 ESET-NOD32 a variant of Win32/Kryptik.AOHY 20121119 F-Prot - 20121119 F-Secure Gen:Variant.Kazy.106561 20121119 Fortinet W32/TDSS.ITLB!tr 20121119 GData Gen:Variant.Kazy.106561 20121119 Ikarus Trojan.Win32.Tdss 20121119 Jiangmin Trojan/TDSS.ajpv 20121119 K7AntiVirus Trojan 20121116 Kaspersky Trojan.Win32.TDSS.itlb 20121119 Kingsoft Win32.Troj.Tdss.(kcloud) 20121112 McAfee DNSChanger!fh 20121119 McAfee-GW-Edition DNSChanger!fh 20121119 Microsoft Trojan:Win32/Alureon 20121119 MicroWorld-eScan Gen:Variant.Kazy.106561 20121119 Norman W32/Troj_Generic.FFRWF 20121119 nProtect - 20121119 Panda Trj/OCJ.A 20121119 Rising - 20121119 Sophos Mal/Generic-L 20121119 SUPERAntiSpyware Trojan.Agent/Gen-Alureon 20121119 Symantec Backdoor.Pihar 20121119 TheHacker - 20121118 TotalDefense - 20121118 TrendMicro TROJ_GEN.FC2CKKA 20121119 TrendMicro-HouseCall TROJ_GEN.FC2CKKA 20121119 VBA32 - 20121119 VIPRE Trojan.Win32.Generic!BT 20121119 ViRobot Trojan.Win32.A.Tdss.119808.H 20121119

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

wait.gif

More comments

Leave your comment...

?

Rich Text Area

Toolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y) StylesStyles ▼ Remove Formatting Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community

No votes. No one has voted on this item yet, be the first one to do so!

An error occurred

ssdeep

3072:vrmRo0hzPzAQkKlO1k4uG8qU20Rym/9sc8GkQe1SP1J:vrJ0pxvl/9sNfRcd

TrID

Win 9x/ME Control Panel applet (57.2%)

Win32 Dynamic Link Library (generic) (27.9%)

Generic Win/DOS Executable (7.3%)

DOS Executable Generic (7.3%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

ExifTool

MIMEType.................: application/octet-stream

Subsystem................: Windows GUI

MachineType..............: Intel 386 or later, and compatibles

TimeStamp................: 2012:01:18 17:54:16+00:00

FileType.................: Win32 EXE

PEType...................: PE32

CodeSize.................: 11264

LinkerVersion............: 12.0

Warning..................: Error processing PE data dictionary

EntryPoint...............: 0x3729

InitializedDataSize......: 107520

SubsystemVersion.........: 5.1

ImageVersion.............: 0.0

OSVersion................: 5.1

UninitializedDataSize....: 0

Portable Executable structural information

Compilation timedatestamp.....: 2012-01-18 17:54:16

Target machine................: 0x14C (Intel 386 or later processors and compatible processors)

Entry point address...........: 0x00003729

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5

.text 4096 10824 11264 6.44 0014f7ed6edf0a8aaaf3599ba4c5dfb7

.taoso 16384 324 512 2.29 7f305f41c5c641604bc19a2fc30968e7

.osz 20480 1368 1536 5.06 8ebedf42286782f44b67c5c7b46c89e9

.Gemsm 24576 28 512 0.16 85316d55ff87031d9334479d5b0286f8

.Obis 28672 71 512 1.27 a849cbab997484cfa00a5f155f76249d

.gal 32768 64 512 0.82 021acf46b706c37ccc8c41353f80c73b

.boaod 36864 64 512 0.82 995ab936e40eb425c800059c86c9686e

.ehx 40960 127 512 1.72 a85769567332ad498973754d193b5815

.she 45056 68 512 0.74 db8524f6c9a7a6b4e2cb0215de7e5408

.data 49152 2508 2560 5.61 35c4277a27c26e01798d4049421e580c

.dalon 53248 116550 0 0.00 d41d8cd98f00b204e9800998ecf8427e

.rsrc 172032 97880 98304 7.83 a08282592dc7a07ae1e403c56475a3fe

.reloc 270336 1232 1536 5.82 a3758d54d0dddecca3e0a322021186f5

PE Imports....................:

[[COMDLG32.dll]]

PrintDlgW, PrintDlgExW, GetSaveFileNameA, GetFileTitleW, GetOpenFileNameA

[[GDI32.dll]]

GetDeviceCaps, GetObjectA, TranslateCharsetInfo, LineTo, ExtTextOutW, GetStockObject, CreateHalftonePalette, EnumFontFamiliesExW, GetRgnBox, ScaleWindowExtEx, CombineRgn, StartDocW, StretchBlt, Rectangle

[[KERNEL32.dll]]

GetFullPathNameA, lstrcpynW, SetupComm, GetSystemDefaultLangID, lstrcmpiA, LCMapStringW, GetModuleFileNameW, GlobalDeleteAtom, GetSystemDefaultUILanguage, ReadFile, CreateEventW, GetTempFileNameA, GetHandleInformation, GetUserDefaultLCID, SetHandleInformation, SuspendThread, SetThreadExecutionState

[[console.dll]]

CPlApplet

[[uSER32.dll]]

MapVirtualKeyA, IntersectRect, MonitorFromPoint, SetMenuItemBitmaps, CharPrevW, SetClassLongW, CreateIconIndirect, GetPropW, ShowWindow, FindWindowA, DrawStateW, SetPropW, RemoveMenu, IsWindow, PeekMessageW, InflateRect, MoveWindow, DialogBoxParamW, GetWindow, CheckMenuRadioItem, GetScrollInfo, SetScrollInfo, CharLowerBuffW, LoadBitmapW, InsertMenuW, GetKeyboardLayoutList, GetNextDlgTabItem, IsCharUpperA, GetActiveWindow, AttachThreadInput, GetWindowTextW, TabbedTextOutW, GetUpdateRect, IsDialogMessageA

[[COMCTL32.dll]]

ImageList_Write, ImageList_Create, PropertySheetA, ImageList_SetIconSize

PE Resources..................:

Resource type Number of resources

RT_STRING 1

RT_DIALOG 1

RT_VERSION 1

Resource language Number of resources

ENGLISH US 3

First seen by VirusTotal

2012-11-07 17:27:48 UTC ( 1 week, 6 days ago )

Last seen by VirusTotal

2012-11-21 12:41:15 UTC ( 1 minute ago )

File names (max. 25)

  1. d29df3bc310613153650b1f1c3c7073df94d9f63
  2. 3D5D.tmp.dat

Link to post
Share on other sites

SHA256: fc6a790373838af7061930acb5c6246fa82207c4528e414e7f0d1fa70fd33496 SHA1: 9a71be951fb85367da58ca543e492c6064d3f01f MD5: dbd5f8ad0da8451d2fde6d5ec2baf0ee File size: 117.0 KB ( 119808 bytes ) File name: 4AFA.tmp.dat File type: Win32 EXE Detection ratio: 28 / 43 Analysis date: 2012-11-21 12:46:11 UTC ( 0 minutes ago )

0

0

Less details

Antivirus Result Update Agnitum - 20121118 AhnLab-V3 Dropper/Win32.Tdss 20121118 AntiVir TR/Alureon.A.62 20121119 Antiy-AVL - 20121118 Avast Win32:Alureon-AYC [Trj] 20121119 AVG Dropper.Generic6.CPLD 20121119 BitDefender Gen:Variant.Kazy.105314 20121119 ByteHero - 20121116 CAT-QuickHeal - 20121119 ClamAV - 20121119 Commtouch - 20121119 Comodo TrojWare.Win32.Trojan.Agent.Gen 20121119 DrWeb Trojan.Tdlphaze.15 20121119 Emsisoft - 20121119 eSafe - 20121115 ESET-NOD32 a variant of Win32/Kryptik.AOHY 20121119 F-Prot - 20121119 F-Secure Gen:Variant.Kazy.105314 20121119 Fortinet W32/TDSS.AWPQ!tr 20121119 GData Gen:Variant.Kazy.105314 20121119 Ikarus Trojan.Win32.Tdss 20121119 Jiangmin TrojanDropper.TDSS.hwe 20121119 K7AntiVirus - 20121116 Kaspersky Trojan-Dropper.Win32.TDSS.awpq 20121119 Kingsoft Win32.Malware.Generic.a.(kcloud) 20121112 McAfee DNSChanger!fh 20121119 McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.G 20121119 Microsoft Trojan:Win32/Alureon 20121119 MicroWorld-eScan Gen:Variant.Kazy.105314 20121119 Norman W32/Troj_Generic.FFGRN 20121119 nProtect - 20121119 Panda Trj/OCJ.A 20121119 Rising - 20121119 Sophos Mal/Generic-L 20121119 SUPERAntiSpyware - 20121119 Symantec Backdoor.Pihar 20121119 TheHacker - 20121118 TotalDefense - 20121118 TrendMicro TROJ_SPNR.16K612 20121119 TrendMicro-HouseCall TROJ_SPNR.16K612 20121119 VBA32 BScope.Malware-Cryptor.TDSS.2112 20121119 VIPRE Trojan.Win32.Generic!BT 20121119 ViRobot Dropper.A.Tdss.119808.H 20121119

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

wait.gif

More comments

Leave your comment...

?

Rich Text Area

Toolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y) StylesStyles ▼ Remove Formatting Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community

No votes. No one has voted on this item yet, be the first one to do so!

wait.gif

More votes

wait.gif

An error occurred

ssdeep

1536:4YJ+3X3g8u66Ch2mu20uiQPVPKskO7GzYKVju13tHuJMpxU2Ndf8KhaaX7YEi962:4YU3guZhBuNEPxnkbX7MoGXfX7yb

TrID

Win 9x/ME Control Panel applet (43.5%)

Win32 Executable Generic (23.9%)

Win32 Dynamic Link Library (generic) (21.2%)

Generic Win/DOS Executable (5.6%)

DOS Executable Generic (5.6%)

ExifTool

MIMEType.................: application/octet-stream

Subsystem................: Windows GUI

MachineType..............: Intel 386 or later, and compatibles

TimeStamp................: 2012:05:07 06:42:59+01:00

FileType.................: Win32 EXE

PEType...................: PE32

CodeSize.................: 10240

LinkerVersion............: 12.0

Warning..................: Error processing PE data dictionary

EntryPoint...............: 0x3371

InitializedDataSize......: 108032

SubsystemVersion.........: 5.1

ImageVersion.............: 0.0

OSVersion................: 5.1

UninitializedDataSize....: 0

Portable Executable structural information

Compilation timedatestamp.....: 2012-05-07 05:42:59

Target machine................: 0x14C (Intel 386 or later processors and compatible processors)

Entry point address...........: 0x00003371

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5

.text 4096 9864 10240 6.54 90d7968d261258b96495acebfb6cb081

.oeLhK 16384 324 512 2.34 ff4c659db46bc8d7109c3f6ceda1d755

.uzrdi 20480 1408 1536 5.14 24d6aafae30a98c13df4a0520adca2fd

.xRb 24576 28 512 0.16 987a4ce24f364f6165e344d312fbe77d

.vyWb 28672 50 512 0.87 0201fdf7d79a6048b06d5e9c60ded788

.rvcGbk 32768 76 512 0.98 73064c5f040a9350b3bc849ba0e1f988

.quWnov 36864 64 512 0.84 00416c5f6bf0878a188942770f5d367f

.Tjrpg 40960 64 512 0.83 2ce4f3ae50bc836239aace105e4e153e

.qhma 45056 127 512 1.68 0331f3497abe3afa82b2dc37e1e7a971

.NFX 49152 68 512 0.74 166b8065fbe8c83b2df907193c5a2520

.data 53248 2804 3072 5.30 e1f5929fb786fac06df8af102f52857b

.liTd 57344 118188 0 0.00 d41d8cd98f00b204e9800998ecf8427e

.rsrc 176128 97623 97792 7.81 13d4778ed1afe6f928dde504b96365b9

.reloc 274432 1076 1536 5.21 9e24a2425a9843aa57622dd957ce10fe

PE Imports....................:

[[COMDLG32.dll]]

ReplaceTextW, GetSaveFileNameA, PrintDlgW

[[GDI32.dll]]

SetDIBits, GetDIBColorTable, SetROP2, CreateHalftonePalette, TranslateCharsetInfo, SetDIBColorTable, SetViewportOrgEx, GetTextColor, CreateSolidBrush, CreateEllipticRgnIndirect, PtVisible, CreateDCW, SetTextAlign, GetTextMetricsA

[[KERNEL32.dll]]

AreFileApisANSI, CreatePipe, lstrcpyW, GetTimeZoneInformation, GetVersion, GetModuleFileNameW, EnumResourceNamesW, FindFirstFileA, IsBadWritePtr, GetCommProperties, TransactNamedPipe, CreateDirectoryA, GlobalUnlock, lstrcmpW, HeapUnlock, GetThreadContext, LeaveCriticalSection

[[console.dll]]

CPlApplet

[[uSER32.dll]]

GetMessagePos, SetCaretPos, GetScrollPos, DestroyAcceleratorTable, RegisterWindowMessageA, ShowWindow, DrawStateW, SetScrollPos, DispatchMessageA, LockWindowUpdate, CharUpperBuffA, DrawIcon, SetWindowLongA, wvsprintfA, SendDlgItemMessageW, GetWindow, CreateCursor, MapDialogRect, CharNextExA, GetForegroundWindow, DefFrameProcA, LoadStringW, GetClientRect, DrawMenuBar, GetNextDlgTabItem, GetKeyboardLayout, SwitchToThisWindow, MonitorFromPoint, SetWindowTextW, WaitForInputIdle, ShowOwnedPopups, LoadImageA, IsCharUpperW, SetForegroundWindow, SetCursor

[[COMCTL32.dll]]

InitCommonControlsEx, ImageList_Draw, ImageList_ReplaceIcon, ImageList_Destroy, PropertySheetW

PE Resources..................:

Resource type Number of resources

RT_FONTDIR 1

RT_MENU 1

RT_VERSION 1

RT_FONT 1

Resource language Number of resources

ENGLISH US 4

Symantec Reputation

Suspicious.Insight

F-Secure Deepguard

Suspicious:W32/Malware!Gemini

First seen by VirusTotal

2012-10-28 18:14:29 UTC ( 3 weeks, 2 days ago )

Last seen by VirusTotal

2012-11-21 12:46:11 UTC ( 0 minutes ago )

File names (max. 25)

  1. 0.7888275716690919
  2. 4AFA.tmp.dat

Link to post
Share on other sites

Good morning Osborne,

Please follow these instructions to remove the remaining malicious entries:

  • Please close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:
    Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.

    killall::
    File::
    C:\ProgramData\Microsoft\Windows\DRM\3D9E.tmp
    C:\ProgramData\Microsoft\Windows\DRM\3D5D.tmp.dat
    C:\ProgramData\Microsoft\Windows\DRM\4AFA.tmp.dat
  • Save this as CFScript.txt, in the same location as ComboFix.exe.
    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.

Please post the ComboFix.txt in your next reply.

=====

Then, please run a free online scan with the ESET Online Scanner.

Note: You can use Internet Explorer or Mozilla Firefox for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

=====

In your reply please provide the contents of the following:

  • ComboFix.txt.
  • log.txt.

Link to post
Share on other sites

ComboFix 12-11-20.02 - Tori 11/22/2012 13:08:02.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1704 [GMT -6:00]

Running from: c:\users\Tori\Desktop\ComboFix.exe

Command switches used :: c:\users\Tori\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

FILE ::

"c:\programdata\Microsoft\Windows\DRM\3D5D.tmp.dat"

"c:\programdata\Microsoft\Windows\DRM\3D9E.tmp"

"c:\programdata\Microsoft\Windows\DRM\4AFA.tmp.dat"

.

.

((((((((((((((((((((((((( Files Created from 2012-10-22 to 2012-11-22 )))))))))))))))))))))))))))))))

.

.

2012-11-22 19:14 . 2012-11-22 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-20 12:30 . 2012-11-20 12:30 208216 ----a-w- c:\windows\system32\drivers\04695815.sys

2012-11-20 04:15 . 2012-11-20 04:15 -------- d-----w- c:\users\Tori\AppData\Roaming\Malwarebytes

2012-11-20 04:15 . 2012-11-20 04:15 -------- d-----w- c:\programdata\Malwarebytes

2012-11-20 04:15 . 2012-09-30 01:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-20 04:15 . 2012-11-20 04:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-11-20 03:50 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys

2012-11-20 03:13 . 2012-11-20 03:13 208216 ----a-w- c:\windows\system32\drivers\32836484.sys

2012-11-20 02:44 . 2012-11-20 02:44 -------- d-----w- C:\TDSSKiller_Quarantine

2012-11-20 00:53 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2012-11-20 00:53 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll

2012-11-09 02:02 . 2012-11-20 00:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-11-09 02:02 . 2012-11-09 02:02 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-11-09 01:56 . 2012-11-14 01:30 -------- d-----w- c:\program files (x86)\InternetHelper1.5

2012-11-06 01:20 . 2012-11-06 01:20 119808 ----a-w- c:\programdata\Microsoft\Windows\DRM\3D5D.tmp.dat

2012-10-31 00:25 . 2012-10-31 00:25 -------- d-----w- c:\users\Administrator

2012-10-29 18:11 . 2012-10-29 18:11 -------- d-----w- c:\windows\Sun

2012-10-28 23:54 . 2012-10-28 23:54 119808 ----a-w- c:\programdata\Microsoft\Windows\DRM\4AFA.tmp.dat

2012-10-24 23:04 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-10-24 23:04 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-10-24 23:04 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-10-24 23:04 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-10-24 23:04 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-10-24 23:04 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-24 23:04 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-10-24 23:03 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll

2012-10-24 23:03 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll

2012-10-24 23:02 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll

2012-10-24 23:02 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-24 23:02 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-24 23:02 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-10-24 23:02 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-10-24 23:02 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-20 03:54 . 2011-01-13 01:42 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-10-23 00:42 . 2012-05-03 22:49 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-23 00:42 . 2012-03-26 23:35 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-22 19:02 . 2012-10-22 19:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys

2012-10-15 09:48 . 2012-10-15 09:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2012-10-05 09:32 . 2012-10-05 09:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

2012-10-02 08:30 . 2012-10-02 08:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys

2012-09-21 08:46 . 2012-09-21 08:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys

2012-09-21 08:46 . 2012-09-21 08:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys

2012-09-14 08:05 . 2012-09-14 08:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]

R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-20 315392]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-26 1255736]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-17 202752]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 00:42]

.

2012-10-23 c:\windows\Tasks\HPCeeScheduleForTori.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-05-26 6245408]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-97252530.sys

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET CLR Data]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET CLR Networking]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET CLR Networking 4.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET Data Provider for Oracle]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET Data Provider for SqlServer]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NETFramework]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\1394ohci]

"ImagePath"="\SystemRoot\system32\drivers\1394ohci.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ACPI]

"ImagePath"="system32\drivers\ACPI.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AcpiPmi]

"ImagePath"="\SystemRoot\system32\drivers\acpipmi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AdobeFlashPlayerUpdateSvc]

"ImagePath"="c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\adp94xx]

"ImagePath"="\SystemRoot\system32\DRIVERS\adp94xx.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\adpahci]

"ImagePath"="\SystemRoot\system32\DRIVERS\adpahci.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\adpu320]

"ImagePath"="\SystemRoot\system32\DRIVERS\adpu320.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\adsi]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AeLookupSvc]

"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AERTFilters]

"ImagePath"="c:\program files\Realtek\Audio\HDA\AERTSr64.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AFD]

"ImagePath"="\SystemRoot\system32\drivers\afd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\agp440]

"ImagePath"="\SystemRoot\system32\drivers\agp440.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ALG]

"ImagePath"="%SystemRoot%\System32\alg.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\aliide]

"ImagePath"="\SystemRoot\system32\drivers\aliide.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AMD External Events Utility]

"ImagePath"="%SystemRoot%\system32\atiesrxx.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdide]

"ImagePath"="\SystemRoot\system32\drivers\amdide.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AmdK8]

"ImagePath"="\SystemRoot\system32\DRIVERS\amdk8.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdkmdag]

"ImagePath"="system32\DRIVERS\atipmdag.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdkmdap]

"ImagePath"="system32\DRIVERS\atikmpag.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AmdPPM]

"ImagePath"="system32\DRIVERS\amdppm.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdsata]

"ImagePath"="system32\DRIVERS\amdsata.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdsbs]

"ImagePath"="\SystemRoot\system32\DRIVERS\amdsbs.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdxata]

"ImagePath"="system32\DRIVERS\amdxata.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AppID]

"ImagePath"="\SystemRoot\system32\drivers\appid.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AppIDSvc]

"ServiceDll"="%SystemRoot%\System32\appidsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Appinfo]

"ServiceDll"="%SystemRoot%\System32\appinfo.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AppMgmt]

"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\arc]

"ImagePath"="\SystemRoot\system32\DRIVERS\arc.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\arcsas]

"ImagePath"="\SystemRoot\system32\DRIVERS\arcsas.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AsyncMac]

"ImagePath"="system32\DRIVERS\asyncmac.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\atapi]

"ImagePath"="system32\drivers\atapi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Atierecord]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AtiPcie]

"ImagePath"="system32\DRIVERS\AtiPcie.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AudioEndpointBuilder]

"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AudioSrv]

"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avg]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AVGIDSAgent]

"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgidsagent.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AVGIDSDriver]

"ImagePath"="system32\DRIVERS\avgidsdrivera.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AVGIDSHA]

"ImagePath"="system32\DRIVERS\avgidsha.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgldx64]

"ImagePath"="system32\DRIVERS\avgldx64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgloga]

"ImagePath"="system32\DRIVERS\avgloga.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgmfx64]

"ImagePath"="system32\DRIVERS\avgmfx64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgrkx64]

"ImagePath"="system32\DRIVERS\avgrkx64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgtdia]

"ImagePath"="system32\DRIVERS\avgtdia.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\avgwd]

"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AxInstSV]

"ServiceDll"="%SystemRoot%\System32\AxInstSV.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\b06bdrv]

"ImagePath"="\SystemRoot\system32\DRIVERS\bxvbda.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\b57nd60a]

"ImagePath"="system32\DRIVERS\b57nd60a.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BattC]

"MofImagePath"="system32\drivers\battc.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BCM43XX]

"ImagePath"="system32\DRIVERS\bcmwl664.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BDESVC]

"ServiceDll"="%SystemRoot%\System32\bdesvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Beep]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BFE]

"ServiceDll"="%SystemRoot%\System32\bfe.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BHDrvx64]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BITS]

"ServiceDll"="%systemroot%\system32\qmgr.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\blbdrive]

"ImagePath"="\SystemRoot\system32\DRIVERS\blbdrive.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\bowser]

"ImagePath"="system32\DRIVERS\bowser.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrFiltLo]

"ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltLo.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrFiltUp]

"ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltUp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BridgeMP]

"ImagePath"="system32\DRIVERS\bridge.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Browser]

"ServiceDll"="%SystemRoot%\System32\browser.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Brserid]

"ImagePath"="\SystemRoot\System32\Drivers\Brserid.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrSerWdm]

"ImagePath"="\SystemRoot\System32\Drivers\BrSerWdm.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrUsbMdm]

"ImagePath"="\SystemRoot\System32\Drivers\BrUsbMdm.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrUsbSer]

"ImagePath"="\SystemRoot\System32\Drivers\BrUsbSer.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BTHMODEM]

"ImagePath"="\SystemRoot\system32\DRIVERS\bthmodem.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BTHPORT]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\bthserv]

"ServiceDll"="%SystemRoot%\system32\bthserv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\catchme]

"ImagePath"="\??\c:\combofix\catchme.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\cdfs]

"ImagePath"="system32\DRIVERS\cdfs.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\cdrom]

"ImagePath"="\SystemRoot\system32\drivers\cdrom.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CertPropSvc]

"ServiceDll"="%SystemRoot%\System32\certprop.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CinemaNow Service]

"ImagePath"="c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\circlass]

"ImagePath"="\SystemRoot\system32\DRIVERS\circlass.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CLFS]

"ImagePath"="System32\CLFS.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v2.0.50727_32]

"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v2.0.50727_64]

"ImagePath"="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v4.0.30319_32]

"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v4.0.30319_64]

"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CmBatt]

"ImagePath"="\SystemRoot\system32\DRIVERS\CmBatt.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\cmdide]

"ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CNG]

"ImagePath"="System32\Drivers\cng.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Compbatt]

"ImagePath"="system32\DRIVERS\compbatt.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CompositeBus]

"ImagePath"="\SystemRoot\system32\drivers\CompositeBus.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\COMSysApp]

"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\crcdisk]

"ImagePath"="\SystemRoot\system32\DRIVERS\crcdisk.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\crypt32]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CryptSvc]

"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DCLocator]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DcomLaunch]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\defragsvc]

"ServiceDll"="%Systemroot%\System32\defragsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DfsC]

"ImagePath"="System32\Drivers\dfsc.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Dhcp]

"ServiceDll"="%SystemRoot%\system32\dhcpcore.dll"

--

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\discache]

"ImagePath"="System32\drivers\discache.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Disk]

"ImagePath"="system32\DRIVERS\disk.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Dnscache]

"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\dot3svc]

"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DPS]

"ServiceDll"="%SystemRoot%\system32\dps.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\drmkaud]

"ImagePath"="system32\drivers\drmkaud.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DXGKrnl]

"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EapHost]

"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ebdrv]

"ImagePath"="\SystemRoot\system32\DRIVERS\evbda.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EFS]

"ImagePath"="%SystemRoot%\System32\lsass.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ehRecvr]

"ImagePath"="%systemroot%\ehome\ehRecvr.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ehSched]

"ImagePath"="%systemroot%\ehome\ehsched.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\elxstor]

"ImagePath"="\SystemRoot\system32\DRIVERS\elxstor.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ErrDev]

"ImagePath"="\SystemRoot\system32\drivers\errdev.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ESENT]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\eventlog]

"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EventSystem]

"ServiceDll"="%systemroot%\system32\es.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\exfat]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fastfat]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Fax]

"ImagePath"="%systemroot%\system32\fxssvc.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fdc]

"ImagePath"="\SystemRoot\system32\DRIVERS\fdc.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fdPHost]

"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FDResPub]

"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FileInfo]

"ImagePath"="system32\drivers\fileinfo.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Filetrace]

"ImagePath"="system32\drivers\filetrace.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\flpydisk]

"ImagePath"="\SystemRoot\system32\DRIVERS\flpydisk.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FltMgr]

"ImagePath"="system32\drivers\fltmgr.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FontCache]

"ServiceDll"="%SystemRoot%\system32\FntCache.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FontCache3.0.0.0]

"ImagePath"="%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FsDepends]

"ImagePath"="System32\drivers\FsDepends.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Fs_Rec]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fvevol]

"ImagePath"="System32\DRIVERS\fvevol.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\gagp30kx]

"ImagePath"="\SystemRoot\system32\DRIVERS\gagp30kx.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\gpsvc]

"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hcw85cir]

"ImagePath"="\SystemRoot\system32\drivers\hcw85cir.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HdAudAddService]

"ImagePath"="\SystemRoot\system32\drivers\HdAudio.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HDAudBus]

"ImagePath"="\SystemRoot\system32\drivers\HDAudBus.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidBatt]

"ImagePath"="\SystemRoot\system32\DRIVERS\HidBatt.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidBth]

"ImagePath"="\SystemRoot\system32\DRIVERS\hidbth.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidIr]

"ImagePath"="\SystemRoot\system32\DRIVERS\hidir.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hidserv]

"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidUsb]

"ImagePath"="\SystemRoot\system32\drivers\hidusb.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hkmsvc]

"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HomeGroupListener]

"ServiceDll"="%SystemRoot%\system32\ListSvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HomeGroupProvider]

"ServiceDll"="%SystemRoot%\system32\provsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HP Support Assistant Service]

"ImagePath"="\"c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HP Wireless Assistant Service]

"ImagePath"="\"c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HPDrvMntSvc.exe]

"ImagePath"="\"c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hpqwmiex]

"ImagePath"="\"c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HpSAMD]

"ImagePath"="\SystemRoot\system32\drivers\HpSAMD.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HPWMISVC]

"ImagePath"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HTTP]

"ImagePath"="system32\drivers\HTTP.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hwpolicy]

"ImagePath"="System32\drivers\hwpolicy.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\i8042prt]

"ImagePath"="\SystemRoot\system32\drivers\i8042prt.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\iaStorV]

"ImagePath"="\SystemRoot\system32\drivers\iaStorV.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\idsvc]

"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IDSVia64]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\igfx]

"ImagePath"="system32\DRIVERS\igdkmd64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\iirsp]

"ImagePath"="\SystemRoot\system32\DRIVERS\iirsp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IKEEXT]

"ServiceDll"="%SystemRoot%\System32\ikeext.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\inetaccs]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IntcAzAudAddService]

"ImagePath"="system32\drivers\RTKVHD64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\intelide]

"ImagePath"="\SystemRoot\system32\drivers\intelide.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\intelppm]

"ImagePath"="\SystemRoot\system32\DRIVERS\intelppm.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IPBusEnum]

"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IpFilterDriver]

"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\iphlpsvc]

"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IPMIDRV]

"ImagePath"="\SystemRoot\system32\drivers\IPMIDrv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IPNAT]

"ImagePath"="System32\drivers\ipnat.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IRENUM]

"ImagePath"="system32\drivers\irenum.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\isapnp]

"ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\iScsiPrt]

"ImagePath"="\SystemRoot\system32\drivers\msiscsi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\kbdclass]

"ImagePath"="\SystemRoot\system32\drivers\kbdclass.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\kbdhid]

"ImagePath"="\SystemRoot\system32\drivers\kbdhid.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\KeyIso]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\KSecDD]

"ImagePath"="System32\Drivers\ksecdd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\KSecPkg]

"ImagePath"="System32\Drivers\ksecpkg.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ksthunk]

"ImagePath"="\SystemRoot\system32\drivers\ksthunk.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\KtmRm]

"ServiceDll"="%systemroot%\system32\msdtckrm.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LanmanServer]

"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LanmanWorkstation]

"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ldap]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LightScribeService]

"ImagePath"="\"c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\lltdio]

"ImagePath"="system32\DRIVERS\lltdio.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\lltdsvc]

"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\lmhosts]

"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Lsa]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_FC]

"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_fc.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_SAS]

"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_SAS2]

"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas2.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_SCSI]

"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_scsi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\luafv]

"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Mcx2Svc]

"ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\megasas]

"ImagePath"="\SystemRoot\system32\DRIVERS\megasas.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MegaSR]

"ImagePath"="\SystemRoot\system32\DRIVERS\MegaSR.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MMCSS]

"ServiceDll"="%SystemRoot%\system32\mmcss.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Modem]

"ImagePath"="system32\drivers\modem.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\monitor]

"ImagePath"="system32\DRIVERS\monitor.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mouclass]

"ImagePath"="\SystemRoot\system32\drivers\mouclass.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mouhid]

"ImagePath"="system32\DRIVERS\mouhid.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mountmgr]

"ImagePath"="System32\drivers\mountmgr.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mpio]

"ImagePath"="\SystemRoot\system32\drivers\mpio.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mpsdrv]

"ImagePath"="System32\drivers\mpsdrv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MpsSvc]

"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MRxDAV]

"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mrxsmb]

"ImagePath"="system32\DRIVERS\mrxsmb.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mrxsmb10]

"ImagePath"="system32\DRIVERS\mrxsmb10.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mrxsmb20]

"ImagePath"="system32\DRIVERS\mrxsmb20.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msahci]

"ImagePath"="system32\drivers\msahci.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msdsm]

"ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSDTC]

"ImagePath"="%SystemRoot%\System32\msdtc.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSDTC Bridge 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSDTC Bridge 4.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Msfs]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mshidkmdf]

"ImagePath"="\SystemRoot\System32\drivers\mshidkmdf.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msisadrv]

"ImagePath"="system32\drivers\msisadrv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSiSCSI]

"ServiceDll"="%systemroot%\system32\iscsiexe.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msiserver]

"ImagePath"="%systemroot%\system32\msiexec.exe /V"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSKSSRV]

"ImagePath"="system32\drivers\MSKSSRV.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSPCLOCK]

"ImagePath"="system32\drivers\MSPCLOCK.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSPQM]

"ImagePath"="system32\drivers\MSPQM.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsRPC]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSSCNTRS]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mssmbios]

"ImagePath"="\SystemRoot\system32\drivers\mssmbios.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSTEE]

"ImagePath"="system32\drivers\MSTEE.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MTConfig]

"ImagePath"="\SystemRoot\system32\DRIVERS\MTConfig.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Mup]

"ImagePath"="System32\Drivers\mup.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\napagent]

"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NativeWifiP]

"ImagePath"="system32\DRIVERS\nwifi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NDIS]

"ImagePath"="system32\drivers\ndis.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NdisCap]

"ImagePath"="system32\DRIVERS\ndiscap.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NdisTapi]

"ImagePath"="system32\DRIVERS\ndistapi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Ndisuio]

"ImagePath"="system32\DRIVERS\ndisuio.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NdisWan]

"ImagePath"="system32\DRIVERS\ndiswan.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NDProxy]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetBIOS]

"ImagePath"="system32\DRIVERS\netbios.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetBT]

"ImagePath"="System32\DRIVERS\netbt.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Netlogon]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Netman]

"ServiceDll"="%SystemRoot%\System32\netman.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\netprofm]

"ServiceDll"="%SystemRoot%\System32\netprofm.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetTcpPortSharing]

"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\netw5v64]

"ImagePath"="system32\DRIVERS\netw5v64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nfrd960]

"ImagePath"="\SystemRoot\system32\DRIVERS\nfrd960.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NlaSvc]

"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Npfs]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nsi]

"ServiceDll"="%systemroot%\system32\nsisvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nsiproxy]

"ImagePath"="system32\drivers\nsiproxy.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NTDS]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Ntfs]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Null]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nvraid]

"ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nvstor]

"ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nv_agp]

"ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ohci1394]

"ImagePath"="\SystemRoot\system32\drivers\ohci1394.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ose]

"ImagePath"="\"c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\osppsvc]

"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Outlook]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\p2pimsvc]

"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\p2psvc]

"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Parport]

"ImagePath"="\SystemRoot\system32\DRIVERS\parport.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\partmgr]

"ImagePath"="System32\drivers\partmgr.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PcaSvc]

"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pci]

"ImagePath"="system32\drivers\pci.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pciide]

"ImagePath"="\SystemRoot\system32\drivers\pciide.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pcmcia]

"ImagePath"="\SystemRoot\system32\DRIVERS\pcmcia.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pcw]

"ImagePath"="System32\drivers\pcw.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PEAUTH]

"ImagePath"="system32\drivers\peauth.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfDisk]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfHost]

"ImagePath"="%SystemRoot%\SysWow64\perfhost.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfNet]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfOS]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfProc]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pla]

"ServiceDll"="%systemroot%\system32\pla.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PlugPlay]

"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PNRPAutoReg]

"ServiceDll"="%SystemRoot%\system32\pnrpauto.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PNRPsvc]

"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PolicyAgent]

"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PortProxy]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Power]

"ServiceDll"="%SystemRoot%\system32\umpo.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PptpMiniport]

"ImagePath"="system32\DRIVERS\raspptp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Processor]

"ImagePath"="\SystemRoot\system32\DRIVERS\processr.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ProfSvc]

"ServiceDll"="%systemroot%\system32\profsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ProtectedStorage]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Psched]

"ImagePath"="system32\DRIVERS\pacer.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ql2300]

"ImagePath"="\SystemRoot\system32\DRIVERS\ql2300.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ql40xx]

"ImagePath"="\SystemRoot\system32\DRIVERS\ql40xx.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\QWAVE]

"ServiceDll"="%windir%\system32\qwave.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\QWAVEdrv]

"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasAcd]

"ImagePath"="System32\DRIVERS\rasacd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasAgileVpn]

"ImagePath"="system32\DRIVERS\AgileVpn.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasAuto]

"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Rasl2tp]

"ImagePath"="system32\DRIVERS\rasl2tp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasMan]

"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasPppoe]

"ImagePath"="system32\DRIVERS\raspppoe.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasSstp]

"ImagePath"="system32\DRIVERS\rassstp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\rdbss]

"ImagePath"="system32\DRIVERS\rdbss.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\rdpbus]

"ImagePath"="\SystemRoot\system32\DRIVERS\rdpbus.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPCDD]

"ImagePath"="System32\DRIVERS\RDPCDD.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPDD]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPENCDD]

"ImagePath"="system32\drivers\rdpencdd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPNP]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPREFMP]

"ImagePath"="system32\drivers\rdprefmp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPWD]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\rdyboost]

"ImagePath"="System32\drivers\rdyboost.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RemoteAccess]

"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RemoteRegistry]

"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcEptMapper]

"ServiceDll"="%SystemRoot%\System32\RpcEpMap.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcLocator]

"ImagePath"="%SystemRoot%\system32\locator.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcSs]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\rspndr]

"ImagePath"="system32\DRIVERS\rspndr.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RTL8167]

"ImagePath"="system32\DRIVERS\Rt64win7.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RtVOsdService]

"ImagePath"="\"c:\program files\Realtek\RtVOsd\RtVOsdService.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SamSs]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sbp2port]

"ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SBSDWSCService]

"ImagePath"="c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SCardSvr]

"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\scfilter]

"ImagePath"="System32\DRIVERS\scfilter.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Schedule]

"ServiceDll"="%systemroot%\system32\schedsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SCPolicySvc]

"ServiceDll"="%SystemRoot%\System32\certprop.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sdbus]

"ImagePath"="\SystemRoot\system32\drivers\sdbus.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SDRSVC]

"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\secdrv]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\seclogon]

"ServiceDll"="%windir%\system32\seclogon.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SENS]

"ServiceDll"="%SystemRoot%\system32\sens.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SensrSvc]

"ServiceDll"="%SystemRoot%\system32\sensrsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Serenum]

"ImagePath"="\SystemRoot\system32\DRIVERS\serenum.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Serial]

"ImagePath"="\SystemRoot\system32\DRIVERS\serial.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sermouse]

"ImagePath"="\SystemRoot\system32\DRIVERS\sermouse.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceModelEndpoint 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceModelOperation 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceModelService 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SessionEnv]

"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sffdisk]

"ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sffp_mmc]

"ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sffp_sd]

"ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sfloppy]

"ImagePath"="\SystemRoot\system32\DRIVERS\sfloppy.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SharedAccess]

"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ShellHWDetection]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SiSRaid2]

"ImagePath"="\SystemRoot\system32\DRIVERS\SiSRaid2.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SiSRaid4]

"ImagePath"="\SystemRoot\system32\DRIVERS\sisraid4.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SkypeUpdate]

"ImagePath"="\"c:\program files (x86)\Skype\Updater\Updater.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Smb]

"ImagePath"="system32\DRIVERS\smb.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SMSvcHost 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SMSvcHost 4.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SNMPTRAP]

"ImagePath"="%SystemRoot%\System32\snmptrap.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\spldr]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Spooler]

"ImagePath"="%SystemRoot%\System32\spoolsv.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sppsvc]

"ImagePath"="%SystemRoot%\system32\sppsvc.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sppuinotify]

"ServiceDll"="%SystemRoot%\system32\sppuinotify.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\srv]

"ImagePath"="System32\DRIVERS\srv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\srv2]

"ImagePath"="System32\DRIVERS\srv2.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SrvHsfHDA]

"ImagePath"="system32\DRIVERS\VSTAZL6.SYS"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SrvHsfV92]

"ImagePath"="system32\DRIVERS\VSTDPV6.SYS"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SrvHsfWinac]

"ImagePath"="system32\DRIVERS\VSTCNXT6.SYS"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\srvnet]

"ImagePath"="System32\DRIVERS\srvnet.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SSDPSRV]

"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SstpSvc]

"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\stexstor]

"ImagePath"="\SystemRoot\system32\DRIVERS\stexstor.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\stisvc]

"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\swenum]

"ImagePath"="\SystemRoot\system32\drivers\swenum.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\swprv]

"ServiceDll"="%Systemroot%\System32\swprv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SymDS]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SymEFA]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SynTP]

"ImagePath"="system32\DRIVERS\SynTP.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SysMain]

"ServiceDll"="%systemroot%\system32\sysmain.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TabletInputService]

"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TapiSrv]

"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TBS]

"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Tcpip]

"ImagePath"="System32\drivers\tcpip.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TCPIP6]

"ImagePath"="system32\DRIVERS\tcpip.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TCPIP6TUNNEL]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\tcpipreg]

"ImagePath"="System32\drivers\tcpipreg.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TCPIPTUNNEL]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TDPIPE]

"ImagePath"="system32\drivers\tdpipe.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TDTCP]

"ImagePath"="system32\drivers\tdtcp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\tdx]

"ImagePath"="system32\DRIVERS\tdx.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TermDD]

"ImagePath"="\SystemRoot\system32\drivers\termdd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TermService]

"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Themes]

"ServiceDll"="%SystemRoot%\system32\themeservice.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\THREADORDER]

"ServiceDll"="%SystemRoot%\system32\mmcss.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrkWks]

"ServiceDll"="%SystemRoot%\System32\trkwks.dll"

--

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrustedInstaller]

"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TSDDD]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\tssecsrv]

"ImagePath"="System32\DRIVERS\tssecsrv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TsUsbFlt]

"ImagePath"="system32\drivers\tsusbflt.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\tunnel]

"ImagePath"="system32\DRIVERS\tunnel.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\uagp35]

"ImagePath"="\SystemRoot\system32\DRIVERS\uagp35.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\udfs]

"ImagePath"="system32\DRIVERS\udfs.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UGatherer]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UGTHRSVC]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UI0Detect]

"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\uliagpkx]

"ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\umbus]

"ImagePath"="\SystemRoot\system32\drivers\umbus.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UmPass]

"ImagePath"="\SystemRoot\system32\DRIVERS\umpass.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\upnphost]

"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbccgp]

"ImagePath"="\SystemRoot\system32\drivers\usbccgp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbcir]

"ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbehci]

"ImagePath"="\SystemRoot\system32\drivers\usbehci.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbfilter]

"ImagePath"="system32\DRIVERS\usbfilter.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbhub]

"ImagePath"="\SystemRoot\system32\drivers\usbhub.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbohci]

"ImagePath"="\SystemRoot\system32\drivers\usbohci.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbprint]

"ImagePath"="\SystemRoot\system32\DRIVERS\usbprint.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\USBSTOR]

"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbuhci]

"ImagePath"="\SystemRoot\system32\drivers\usbuhci.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbvideo]

"ImagePath"="\SystemRoot\System32\Drivers\usbvideo.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UxSms]

"ServiceDll"="%SystemRoot%\System32\uxsms.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VaultSvc]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vdrvroot]

"ImagePath"="system32\drivers\vdrvroot.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vds]

"ImagePath"="%SystemRoot%\System32\vds.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vga]

"ImagePath"="system32\DRIVERS\vgapnp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VgaSave]

"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vhdmp]

"ImagePath"="\SystemRoot\system32\drivers\vhdmp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\viaide]

"ImagePath"="\SystemRoot\system32\drivers\viaide.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\volmgr]

"ImagePath"="system32\drivers\volmgr.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\volmgrx]

"ImagePath"="System32\drivers\volmgrx.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\volsnap]

"ImagePath"="system32\drivers\volsnap.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vsmraid]

"ImagePath"="\SystemRoot\system32\DRIVERS\vsmraid.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VSS]

"ImagePath"="%systemroot%\system32\vssvc.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vwifibus]

"ImagePath"="system32\DRIVERS\vwifibus.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vwififlt]

"ImagePath"="system32\DRIVERS\vwififlt.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\W32Time]

"ServiceDll"="%systemroot%\system32\w32time.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\W3SVC]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WacomPen]

"ImagePath"="\SystemRoot\system32\DRIVERS\wacompen.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WANARP]

"ImagePath"="system32\DRIVERS\wanarp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wanarpv6]

"ImagePath"="system32\DRIVERS\wanarp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WatAdminSvc]

"ImagePath"="%SystemRoot%\system32\Wat\WatAdminSvc.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wbengine]

"ImagePath"="\"%systemroot%\system32\wbengine.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WbioSrvc]

"ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wcncsvc]

"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WcsPlugInService]

"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wd]

"ImagePath"="\SystemRoot\system32\DRIVERS\wd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wdf01000]

"ImagePath"="system32\drivers\Wdf01000.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiServiceHost]

"ServiceDll"="%SystemRoot%\system32\wdi.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiSystemHost]

"ServiceDll"="%SystemRoot%\system32\wdi.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WebClient]

"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wecsvc]

"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wercplsupport]

"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WerSvc]

"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WfpLwf]

"ImagePath"="system32\DRIVERS\wfplwf.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WIMMount]

"ImagePath"="system32\drivers\wimmount.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinDefend]

"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Windows Workflow Foundation 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinHttpAutoProxySvc]

"ServiceDll"="winhttp.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winmgmt]

"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRM]

"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winsock]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinSock2]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinUsb]

"ImagePath"="system32\DRIVERS\WinUsb.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wlansvc]

"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wlidsvc]

"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmiAcpi]

"ImagePath"="\SystemRoot\system32\drivers\wmiacpi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmiApRpl]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wmiApSrv]

"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WMPNetworkSvc]

"ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WPCSvc]

"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WPDBusEnum]

"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ws2ifsl]

"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WSearch]

"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WSearchIdxPi]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wuauserv]

"ServiceDll"="%systemroot%\system32\wuaueng.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WudfPf]

"ImagePath"="system32\drivers\WudfPf.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WUDFRd]

"ImagePath"="system32\DRIVERS\WUDFRd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wudfsvc]

"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WwanSvc]

"ServiceDll"="%SystemRoot%\System32\wwansvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xmlprov]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\yukonw7]

"ImagePath"="system32\DRIVERS\yk62x64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{0D04A0FC-3742-4DD7-99AD-8C633B5A0934}]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{CDDF71EF-4778-448D-BC06-80DF65B3A25E}]

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

.

**************************************************************************

.

Completion time: 2012-11-22 13:20:26 - machine was rebooted

ComboFix-quarantined-files.txt 2012-11-22 19:20

ComboFix2.txt 2012-11-20 12:19

.

Pre-Run: 245,407,170,560 bytes free

Post-Run: 245,208,252,416 bytes free

.

- - End Of File - - DC7BCB558AAE95073B8BF01CA9C0F16D

Link to post
Share on other sites

Good morning Osborne,

OK. Please try this tool below.

Please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Link to post
Share on other sites

OTL logfile created on: 11/22/2012 9:28:53 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tori\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 56.61% Memory free

5.49 Gb Paging File | 3.96 Gb Available in Paging File | 72.07% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 281.57 Gb Total Space | 225.15 Gb Free Space | 79.96% Space Free | Partition Type: NTFS

Drive D: | 16.23 Gb Total Space | 2.34 Gb Free Space | 14.43% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Drive F: | 1.92 Gb Total Space | 1.21 Gb Free Space | 63.19% Space Free | Partition Type: FAT

Computer Name: TORI-HP | User Name: Tori | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/22 21:26:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tori\Desktop\OTL.exe

PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe

PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2010/11/09 14:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

PRC - [2010/11/09 14:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

PRC - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe

PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (No Company Name) ==========

MOD - [2010/05/19 11:05:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll

MOD - [2010/05/19 11:05:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll

MOD - [2010/05/19 11:05:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

========== Services (SafeList) ==========

SRV:64bit: - [2010/06/18 17:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)

SRV:64bit: - [2010/06/17 10:59:38 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/04/19 19:55:18 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)

SRV:64bit: - [2009/11/17 20:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)

SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2012/10/22 18:42:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)

SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2010/11/09 14:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)

DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)

DRV:64bit: - [2012/10/05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2012/10/02 02:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2012/09/21 02:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2012/09/21 02:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)

DRV:64bit: - [2012/09/14 02:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/01/29 15:09:13 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2011/04/26 17:10:41 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/06/17 11:07:42 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/06/17 10:10:34 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/03/22 19:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/12/22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2009/10/07 20:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/10/07 20:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/08/23 19:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)

DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 14:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)

DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{27DE9F63-90CD-4BF7-B1F3-05DCC587CA00}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE:64bit: - HKLM\..\SearchScopes\{A8B0415E-8C0A-42D5-97C9-FCD94BF2E779}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{DA70C85E-04DA-4636-8B11-8FCF248E78BA}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{FAA5CC0F-6B12-485F-945A-F4FB9ECD570B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{27DE9F63-90CD-4BF7-B1F3-05DCC587CA00}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE - HKLM\..\SearchScopes\{A8B0415E-8C0A-42D5-97C9-FCD94BF2E779}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{DA70C85E-04DA-4636-8B11-8FCF248E78BA}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKLM\..\SearchScopes\{FAA5CC0F-6B12-485F-945A-F4FB9ECD570B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\SearchScopes,DefaultScope = {C3B83978-82ED-403B-82FB-6BEC1FB8D718}

IE - HKCU\..\SearchScopes\{27DE9F63-90CD-4BF7-B1F3-05DCC587CA00}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE - HKCU\..\SearchScopes\{C3B83978-82ED-403B-82FB-6BEC1FB8D718}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKCU\..\SearchScopes\{DA70C85E-04DA-4636-8B11-8FCF248E78BA}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKCU\..\SearchScopes\{FAA5CC0F-6B12-485F-945A-F4FB9ECD570B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

[2012/06/23 17:50:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/04/28 15:45:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012/05/05 20:06:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}

O1 HOSTS File: ([2012/11/22 13:15:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (PopCapLoader Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D04A0FC-3742-4DD7-99AD-8C633B5A0934}: DhcpNameServer = 10.107.128.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDDF71EF-4778-448D-BC06-80DF65B3A25E}: DhcpNameServer = 75.75.75.75 75.75.76.76

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/22 21:26:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tori\Desktop\OTL.exe

[2012/11/22 13:36:40 | 019,637,880 | ---- | C] (Mozilla) -- C:\Users\Tori\Desktop\Firefox Setup 17.0.exe

[2012/11/22 13:20:28 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/11/22 13:15:55 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2012/11/20 06:30:35 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\04695815.sys

[2012/11/20 06:30:17 | 000,000,000 | ---D | C] -- C:\Users\Tori\Desktop\tdsskiller

[2012/11/20 06:08:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/11/20 06:08:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/11/20 06:08:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/11/20 06:08:26 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/11/20 06:08:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/11/20 06:06:15 | 005,004,421 | R--- | C] (Swearware) -- C:\Users\Tori\Desktop\ComboFix.exe

[2012/11/19 22:16:32 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Tori\Desktop\dds.scr

[2012/11/19 22:15:43 | 000,000,000 | ---D | C] -- C:\Users\Tori\AppData\Roaming\Malwarebytes

[2012/11/19 22:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/11/19 22:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/11/19 22:15:29 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/11/19 22:15:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/11/19 21:53:48 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2012/11/19 21:13:26 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\32836484.sys

[2012/11/19 20:44:34 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/11/19 18:53:12 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll

[2012/11/19 18:53:12 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll

[2012/11/08 20:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2012/11/08 20:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012/11/08 20:02:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2012/11/08 19:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InternetHelper1.5

[2012/11/08 18:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

[2012/10/29 12:11:33 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2012/10/29 12:00:01 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2012/10/24 17:04:23 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2012/10/24 17:04:12 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2012/10/24 17:04:11 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2012/10/24 17:04:11 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2012/10/24 17:02:10 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2012/10/24 17:02:09 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

========== Files - Modified Within 30 Days ==========

[2012/11/22 21:26:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tori\Desktop\OTL.exe

[2012/11/22 21:25:20 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTori.job

[2012/11/22 21:25:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/11/22 21:25:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/11/22 15:13:25 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/11/22 15:13:25 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/11/22 13:37:55 | 2210,582,528 | -HS- | M] () -- C:\hiberfil.sys

[2012/11/22 13:35:14 | 019,637,880 | ---- | M] (Mozilla) -- C:\Users\Tori\Desktop\Firefox Setup 17.0.exe

[2012/11/22 13:33:58 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/11/22 13:33:58 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/11/22 13:33:58 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/11/22 13:15:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/11/20 06:37:53 | 000,059,147 | ---- | M] () -- C:\Users\Tori\Desktop\tdsskillerlog.zip

[2012/11/20 06:30:35 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\04695815.sys

[2012/11/20 06:22:22 | 000,543,531 | ---- | M] () -- C:\Users\Tori\Desktop\adwcleaner.exe

[2012/11/20 06:06:19 | 005,004,421 | R--- | M] (Swearware) -- C:\Users\Tori\Desktop\ComboFix.exe

[2012/11/19 22:26:25 | 000,425,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/11/19 22:16:38 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Tori\Desktop\dds.scr

[2012/11/19 22:15:31 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/19 21:13:26 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\32836484.sys

[2012/11/19 20:27:56 | 002,195,061 | ---- | M] () -- C:\Users\Tori\Desktop\tdsskiller.zip

[2012/11/19 19:13:00 | 245,366,635 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/11/19 19:02:47 | 000,000,133 | ---- | M] () -- C:\Windows\wininit.ini

[2012/11/08 20:02:39 | 000,001,242 | ---- | M] () -- C:\Users\Tori\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2012/11/08 20:02:39 | 000,001,218 | ---- | M] () -- C:\Users\Tori\Desktop\Spybot - Search & Destroy.lnk

[2012/11/08 19:56:32 | 000,000,009 | ---- | M] () -- C:\END

[2012/11/08 18:49:28 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk

========== Files Created - No Company Name ==========

[2012/11/20 06:37:53 | 000,059,147 | ---- | C] () -- C:\Users\Tori\Desktop\tdsskillerlog.zip

[2012/11/20 06:29:59 | 002,195,061 | ---- | C] () -- C:\Users\Tori\Desktop\tdsskiller.zip

[2012/11/20 06:22:22 | 000,543,531 | ---- | C] () -- C:\Users\Tori\Desktop\adwcleaner.exe

[2012/11/20 06:08:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/11/20 06:08:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/11/20 06:08:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/11/20 06:08:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/11/20 06:08:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/11/19 22:15:31 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/19 18:26:14 | 000,000,133 | ---- | C] () -- C:\Windows\wininit.ini

[2012/11/08 20:02:39 | 000,001,242 | ---- | C] () -- C:\Users\Tori\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2012/11/08 20:02:39 | 000,001,218 | ---- | C] () -- C:\Users\Tori\Desktop\Spybot - Search & Destroy.lnk

[2012/11/08 19:56:32 | 000,000,009 | ---- | C] () -- C:\END

[2012/11/05 18:57:06 | 245,366,635 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2011/10/02 17:49:23 | 000,001,854 | ---- | C] () -- C:\Users\Tori\AppData\Roaming\GhostObjGAFix.xml

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2012/11/20 06:22:45 | 000,006,263 | ---- | M] () -- C:\AdwCleaner[R1].txt

[2012/11/21 06:33:34 | 000,003,174 | ---- | M] () -- C:\AdwCleaner[s1].txt

[2009/07/13 19:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr

[2012/11/22 13:20:26 | 000,066,730 | ---- | M] () -- C:\ComboFix.txt

[2012/11/08 19:56:32 | 000,000,009 | ---- | M] () -- C:\END

[2012/11/22 13:37:55 | 2210,582,528 | -HS- | M] () -- C:\hiberfil.sys

[2012/11/22 13:37:55 | 2947,444,736 | -HS- | M] () -- C:\pagefile.sys

[2012/01/29 15:10:04 | 000,000,085 | ---- | M] () -- C:\SYNTPAD.LOG

[2012/11/19 20:39:50 | 000,007,102 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_19.11.2012_20.39.05_log.txt

[2012/11/19 20:44:41 | 000,393,726 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_19.11.2012_20.41.39_log.txt

[2012/11/19 20:46:42 | 000,005,028 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_19.11.2012_20.46.27_log.txt

[2012/11/19 21:13:51 | 000,004,966 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_19.11.2012_21.13.25_log.txt

[2012/11/19 21:18:05 | 000,398,404 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_19.11.2012_21.15.22_log.txt

[2012/11/20 06:24:45 | 000,004,966 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_20.11.2012_06.24.31_log.txt

[2012/11/20 06:30:04 | 000,395,336 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_20.11.2012_06.26.36_log.txt

[2012/11/20 06:32:14 | 000,456,196 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_20.11.2012_06.30.34_log.txt

[2012/11/20 06:48:05 | 000,005,028 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_20.11.2012_06.35.05_log.txt

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

< >

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 11/22/2012 9:28:53 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tori\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 56.61% Memory free

5.49 Gb Paging File | 3.96 Gb Available in Paging File | 72.07% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 281.57 Gb Total Space | 225.15 Gb Free Space | 79.96% Space Free | Partition Type: NTFS

Drive D: | 16.23 Gb Total Space | 2.34 Gb Free Space | 14.43% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Drive F: | 1.92 Gb Total Space | 1.21 Gb Free Space | 63.19% Space Free | Partition Type: FAT

Computer Name: TORI-HP | User Name: Tori | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0405261C-D4F2-4233-A20F-F78842AEB7BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{465E45A9-78B2-440B-AB01-64A16017C52A}" = lport=2869 | protocol=6 | dir=in | app=system |

"{4DA4FEA8-89D1-4FA7-B5D1-A7D793683367}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{09804204-2350-455E-86DC-2FAA82565AA0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{0D1D17AF-A0BD-41DE-A747-B47D143132BA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{10E64BF6-71FE-4B92-BFF4-128D348F8903}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |

"{29D7BF1B-6E51-452C-B760-2F529145FCFA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |

"{3622B9D8-8BE5-4CEA-B5A8-70DF4CA3C71A}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |

"{36566958-5B85-4E0F-A545-EDD7D13D7B36}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |

"{3960F17E-4C32-4587-94E9-F7BBB885237E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |

"{3ACD984F-FF22-4A55-83BF-D55CBF8E37CE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{3B2B585F-746C-4F32-A938-1EC841F40276}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{62AFAE04-0262-417D-BE45-436B8B57D8A3}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |

"{66BDCFEF-B14F-40AD-B98D-F3A79712D708}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |

"{74220436-65C2-4CB8-A07E-FB15FA235E41}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |

"{777BD7A2-107F-4D48-AF0F-67F8280C605D}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |

"{80391900-E59E-4645-8428-36B7FA4F9EA0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |

"{82A12316-05E6-4075-9DAD-62E741E346A1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |

"{A6D8843F-8BC7-43BA-B373-7BC80949A258}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |

"{B44A67AB-1BDB-4520-AB43-326887598381}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |

"{B57D7162-888C-473E-A8CB-99388F02B878}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |

"{CBAF7CD0-30AE-4578-98BF-27B55BF377EF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |

"{CF60C60C-A593-438A-AB5D-CD1C03E59910}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

"{D649C596-E7E7-4BC0-83AC-9C44BBECCA75}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |

"{E6534443-29CF-4DAE-8DAC-94CF5F16A975}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{F22F0AE4-879F-4B1F-92F7-2FE8A5CA706D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |

"{FC9B6BDA-0138-45F3-A938-A7F6C13A0D50}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables

"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java 6 Update 20 (64-bit)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B305FB9-297D-4F86-BC8B-740E7A1EF200}" = AVG 2013

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant

"{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant

"{BB0CAB96-2EDE-4DDF-B6F3-AEE02C0F1CA4}" = AVG 2013

"{C01AE65A-8874-3A33-BE03-23F8516A0350}" = ccc-utility64

"{ECD0D4B5-FFA9-6E1B-A08D-58E82EA5EEB9}" = ATI Catalyst Install Manager

"{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}" = RtVOsd

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"AVG" = AVG 2013

"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0190D9DE-6D57-7727-861E-D4BEA111D86B}" = Catalyst Control Center Core Implementation

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0A785656-433A-0575-8C5D-A8EAE05329CA}" = CCC Help Thai

"{0AD77FFC-874E-9AAE-6A76-549DFEB17849}" = CCC Help Polish

"{0CD58F4F-B339-4B81-FAD4-2BF9E3590F60}" = CCC Help Czech

"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{1A47631D-8875-7993-476D-130C5D41D101}" = CCC Help Spanish

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java 6 Update 32

"{28749552-9DBD-1D10-A894-6079282C941F}" = CCC Help German

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{30F4D459-824A-498C-826C-7721B777207F}" = Catalyst Control Center - Branding

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{32BA2A6E-6C61-0347-8958-7B2113982A55}" = CCC Help Portuguese

"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7

"{3C66EECF-8143-55D4-774A-309A59230A92}" = Catalyst Control Center Graphics Full Existing

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager

"{54372041-9715-DE87-F84E-B0995D7567C6}" = CCC Help Chinese Traditional

"{5D6A4F95-49B5-0FC4-81CF-18176000B235}" = Catalyst Control Center Graphics Full New

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager

"{6D3650CA-7104-5DF0-E7EC-290CEC529AF8}" = CCC Help Korean

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0

"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup

"{76B344A5-F756-0107-3559-1D97F9B316DC}" = CCC Help Norwegian

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7C36414C-DC87-4943-A525-BC1717BA17C9}" = HP Documentation

"{7CA09975-C4BE-469D-E45F-E47E9391106B}" = CCC Help Dutch

"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"{81ADC365-6BA4-E757-81DA-BC9DC12DD291}" = Catalyst Control Center InstallProxy

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{8FA97A48-D942-AE67-D901-7C4136CC9DFD}" = CCC Help Danish

"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{920E9471-FF68-680F-537C-F21777E53D31}" = CCC Help Turkish

"{97174E88-52F9-445A-A28E-704A45332D19}" = HP Software Framework

"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5

"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A4E828B6-FE61-E279-A174-F5323931400B}" = CCC Help Finnish

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{B6BEB695-166D-E268-8AA2-A243F615D0BA}" = CCC Help Japanese

"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo

"{C21A705D-D992-204F-8A2A-C31F490F502F}" = CCC Help Greek

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{CAA10DB8-E20C-9192-38F9-1F5399EA2DB7}" = CCC Help Italian

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CD184A27-1174-E497-189A-0CA5DB56BC97}" = CCC Help Chinese Standard

"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!

"{D3A451EE-219D-F373-5152-8C4760278628}" = Catalyst Control Center Graphics Light

"{D5959B62-9515-8DC9-ED0B-1680210AAC3E}" = CCC Help English

"{DA9481F2-D8A1-CC1D-4A8E-22854E60C6EB}" = Catalyst Control Center Localization All

"{DE2B9A3D-976F-BE70-7557-52EE82BAB1C6}" = CCC Help French

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{E9F950D9-A469-644E-3977-31F2963AEE23}" = CCC Help Swedish

"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch

"{ED6CEC68-1D49-5BCB-57B4-CD128E242356}" = CCC Help Hungarian

"{EDE97402-4A1F-2D15-FDB4-5620C57A9BA5}" = Catalyst Control Center Graphics Previews Common

"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F08A7C44-17FC-ED74-831E-5BCA9D5B77AD}" = ccc-core-static

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F1224610-A17E-4E65-560A-D56B963D650D}" = CCC Help Russian

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F7C81FF0-8624-8C6E-D28D-CF68DFE7AE8C}" = Catalyst Control Center Graphics Previews Vista

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"HP Photo Creations" = HP Photo Creations

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 10/29/2012 6:30:57 PM | Computer Name = Tori-HP | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000420 Fault offset: 0x00013ce2 Faulting process id: 0xa84 Faulting application

start time: 0x01cdb601acc85b05 Faulting application path: \\.\globalroot\systemroot\svchost.exe

Faulting

module path: unknown Report Id: 4e98d8d5-2218-11e2-8342-60eb695e33d6

Error - 10/29/2012 8:12:57 PM | Computer Name = Tori-HP | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 8.0.7601.17514 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 384 Start

Time: 01cdb632c67758e9 Termination Time: 47 Application Path: C:\Program Files (x86)\Internet

Explorer\iexplore.exe Report Id: 86e04ccd-2226-11e2-a2d0-60eb695e33d6

Error - 10/29/2012 8:21:29 PM | Computer Name = Tori-HP | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bc3c5 Faulting module name: mshtml.dll, version: 8.0.7601.17940, time

stamp: 0x5037b0d7 Exception code: 0xc0000005 Fault offset: 0x001faf9c Faulting process

id: 0x6a0 Faulting application start time: 0x01cdb626d2dbf875 Faulting application

path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\mshtml.dll

Report

Id: bf832081-2227-11e2-a2d0-60eb695e33d6

Error - 10/30/2012 8:23:34 PM | Computer Name = Tori-HP | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bc3c5 Faulting module name: mshtml.dll, version: 8.0.7601.17940, time

stamp: 0x5037b0d7 Exception code: 0xc0000005 Fault offset: 0x00209661 Faulting process

id: 0xfb4 Faulting application start time: 0x01cdb6fc39cbc239 Faulting application

path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\mshtml.dll

Report

Id: 3480163a-22f1-11e2-a80f-60eb695e33d6

Error - 10/30/2012 8:30:31 PM | Computer Name = Tori-HP | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bc3c5 Faulting module name: mshtml.dll, version: 8.0.7601.17940, time

stamp: 0x5037b0d7 Exception code: 0xc0000005 Fault offset: 0x001faf9c Faulting process

id: 0x83c Faulting application start time: 0x01cdb6fe3169f72a Faulting application

path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\mshtml.dll

Report

Id: 2cf99031-22f2-11e2-a80f-60eb695e33d6

Error - 10/30/2012 8:42:58 PM | Computer Name = Tori-HP | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time

stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002e3be Faulting process

id: 0x16f4 Faulting application start time: 0x01cdb6ff09d8c6b9 Faulting application

path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll

Report

Id: e9fce34c-22f3-11e2-a80f-60eb695e33d6

Error - 10/30/2012 8:57:47 PM | Computer Name = Tori-HP | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time

stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x00032949 Faulting process

id: 0x48c Faulting application start time: 0x01cdb700e12127d8 Faulting application

path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll

Report

Id: fc294f22-22f5-11e2-a80f-60eb695e33d6

Error - 10/30/2012 9:09:11 PM | Computer Name = Tori-HP | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bc3c5 Faulting module name: mshtml.dll, version: 8.0.7601.17940, time

stamp: 0x5037b0d7 Exception code: 0xc0000005 Fault offset: 0x001faf9c Faulting process

id: 0xf10 Faulting application start time: 0x01cdb702cfb941f8 Faulting application

path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\mshtml.dll

Report

Id: 93df9ab4-22f7-11e2-a80f-60eb695e33d6

Error - 10/30/2012 9:54:37 PM | Computer Name = Tori-HP | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,

time stamp: 0x4ce79912 Faulting module name: mshtml.dll, version: 8.0.7601.17940,

time stamp: 0x5037b0d7 Exception code: 0xc0000005 Fault offset: 0x001d4226 Faulting

process id: 0xd38 Faulting application start time: 0x01cdb6fc242bb11c Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

C:\Windows\SysWOW64\mshtml.dll Report Id: ecb38817-22fd-11e2-a80f-60eb695e33d6

Error - 10/31/2012 7:19:26 PM | Computer Name = Tori-HP | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,

time stamp: 0x4ce79912 Faulting module name: mshtml.dll, version: 8.0.7601.17940,

time stamp: 0x5037b0d7 Exception code: 0xc0000005 Fault offset: 0x001d4226 Faulting

process id: 0xeb4 Faulting application start time: 0x01cdb7bd7fcff57d Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

C:\Windows\SysWOW64\mshtml.dll Report Id: 69526a34-23b1-11e2-8166-60eb695e33d6

[ Hewlett-Packard Events ]

Error - 9/16/2012 4:46:11 PM | Computer Name = Tori-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 9/16/2012 4:46:26 PM | Computer Name = Tori-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 9/16/2012 4:46:37 PM | Computer Name = Tori-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 9/30/2012 6:01:55 PM | Computer Name = Tori-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 10/14/2012 6:56:04 PM | Computer Name = Tori-HP | Source = HPSF.exe | ID = 4000

Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage

methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage

message) Exception rethrown at [0] Message: The server did not provide a meaningful

reply; this might be caused by a contract mismatch, a premature session shutdown

or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage

methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage

message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage

reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&

msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support

Framework\HPSF.exe Format: en-US RAM: 2810 Ram Utilization: 40 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,

System.Runtime.Remoting.Messaging.IMessage)

Error - 10/14/2012 6:56:07 PM | Computer Name = Tori-HP | Source = hpsa_service.exe | ID = 2000

Description =

Error - 10/28/2012 5:15:57 PM | Computer Name = Tori-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 10/28/2012 5:24:40 PM | Computer Name = Tori-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 11/11/2012 7:47:18 PM | Computer Name = Tori-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:

at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe

Version:

06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

en-US RAM: 2810 Ram Utilization: 30 TargetSite: Void UpdateAndDetect()

Error - 11/13/2012 7:43:09 PM | Computer Name = Tori-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:

at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe

Version:

06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

en-US RAM: 2810 Ram Utilization: TargetSite: Void UpdateAndDetect()

[ HP Wireless Assistant Events ]

Error - 12/20/2010 6:40:23 PM | Computer Name = Tori-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.

(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean

getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String

propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/20/2010 6:40:29 PM | Computer Name = Tori-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.

(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean

getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String

propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/20/2010 6:40:34 PM | Computer Name = Tori-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.

(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean

getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String

propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/20/2010 6:40:39 PM | Computer Name = Tori-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.

(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean

getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String

propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 9/11/2011 7:25:04 PM | Computer Name = Tori-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Call was canceled by the

message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at

System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,

IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String

hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware

radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ApplyFriendlyNames() at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 1/15/2012 3:44:30 PM | Computer Name = Tori-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Call was canceled by the

message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at

System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,

IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String

hostPath, String portName) at HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1

radios) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 6/24/2012 12:52:36 PM | Computer Name = Tori-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Call was canceled by the

message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at

System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,

IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String

hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware

radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ApplyFriendlyNames() at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 10/3/2012 7:02:24 PM | Computer Name = Tori-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Call was canceled by the

message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at

System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,

IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String

hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware

radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ApplyFriendlyNames() at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 11/5/2012 8:46:34 PM | Computer Name = Tori-HP | Source = HP WA Application | ID = 0

Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;

failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher

dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher

dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object

sender, StartupEventArgs args)

Error - 11/5/2012 8:46:38 PM | Computer Name = Tori-HP | Source = HP WA Application | ID = 0

Description = MainWindow.ShowImpl; not initialized, closing application...

[ System Events ]

Error - 11/22/2012 3:14:19 PM | Computer Name = Tori-HP | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 11/22/2012 3:15:27 PM | Computer Name = Tori-HP | Source = Service Control Manager | ID = 7006

Description = The ScRegSetValueExW call failed for FailureActions with the following

error: %%5

Error - 11/22/2012 3:15:36 PM | Computer Name = Tori-HP | Source = Service Control Manager | ID = 7006

Description = The ScRegSetValueExW call failed for FailureActions with the following

error: %%5

Error - 11/22/2012 3:17:37 PM | Computer Name = Tori-HP | Source = Service Control Manager | ID = 7000

Description = The HP Support Assistant Service service failed to start due to the

following error: %%31

Error - 11/22/2012 3:17:37 PM | Computer Name = Tori-HP | Source = Service Control Manager | ID = 7000

Description = The HP Wireless Assistant Service service failed to start due to the

following error: %%31

Error - 11/22/2012 3:17:37 PM | Computer Name = Tori-HP | Source = Service Control Manager | ID = 7000

Description = The RtVOsdService Installer service failed to start due to the following

error: %%31

Error - 11/22/2012 3:37:02 PM | Computer Name = Tori-HP | Source = Service Control Manager | ID = 7006

Description = The ScRegSetValueExW call failed for FailureActions with the following

error: %%5

Error - 11/22/2012 3:38:04 PM | Computer Name = Tori-HP | Source = Service Control Manager | ID = 7006

Description = The ScRegSetValueExW call failed for FailureActions with the following

error: %%5

Error - 11/22/2012 3:38:13 PM | Computer Name = Tori-HP | Source = Service Control Manager | ID = 7006

Description = The ScRegSetValueExW call failed for FailureActions with the following

error: %%5

Error - 11/22/2012 11:25:00 PM | Computer Name = Tori-HP | Source = Service Control Manager | ID = 7001

Description = The TCP/IP NetBIOS Helper service depends on the Ancillary Function

Driver for Winsock service which failed to start because of the following error:

%%1058

< End of report >

Link to post
Share on other sites

Hello Osborne,

I see you the Ask Toolbar (AskBarDis) installed. I strongly recommend you remove the Ask Toolbar from your computer because:

It promotes its toolbars on sites targeted at kids.

It promotes its toolbars through ads that appear to be part of other companies' sites.

It promotes its toolbars through other companies' spyware.

It is installed without any disclosure whatsoever and without any consent from the user whatsoever.

It solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

Please go to Start>Control Panel> Programs>Programs and Features and uninstall the following program (if present):

  • AskBarDis

Please restart your computer after this program removal.
==========
Next, please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :OTL
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    :Commands
    [EmptyTemp]
  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

=====

Finally, please re-run ComboFix.

=====

In your post please provide the following:

  • OTL fix log.
  • ComboFix.txt.

How is your internet at the moment?

Link to post
Share on other sites

Hey Osborne,

Please see the below link to run System Restore:

http://windows.microsoft.com/en-AU/windows7/products/features/system-restore

Please choose a point before you ran ComboFix the first time. Let me know if the internet is still an issue.

Link to post
Share on other sites

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.

Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 402 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

User: Tori

->Temp folder emptied: 16027337 bytes

->Temporary Internet Files folder emptied: 159191783 bytes

->Java cache emptied: 121453223 bytes

->Flash cache emptied: 506 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 14873308 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 297.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11242012_091852

Files\Folders moved on Reboot...

C:\Users\Tori\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Users\Tori\AppData\Local\Temp\~DF3CB14A816DE59A05.TMP not found!

File\Folder C:\Users\Tori\AppData\Local\Temp\~DF609B28502E5FC1E7.TMP not found!

File\Folder C:\Users\Tori\AppData\Local\Temp\~DF8B97EB5F5D57F59C.TMP not found!

File\Folder C:\Users\Tori\AppData\Local\Temp\~DF9870E9BBBF0E8CDB.TMP not found!

File\Folder C:\Users\Tori\AppData\Local\Temp\~DFB10E5A5979265E93.TMP not found!

File\Folder C:\Users\Tori\AppData\Local\Temp\~DFDF0CD20025D01F69.TMP not found!

C:\Users\Tori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CVQDQYSV\index[2].htm moved successfully.

C:\Users\Tori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CVQDQYSV\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.

C:\Users\Tori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\99R4INPC\fastbutton[2].htm moved successfully.

C:\Users\Tori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

C:\Users\Tori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Not sure I ran this correctly. Internet is working properly from what I can tell and this thing seems to be in working order in other area's too.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.