cushdaddy Posted July 24, 2013 ID:706833 Share Posted July 24, 2013 Hello, This is the first time I have ever used a forum to resolve a problem so I appreciate any help you can provide. I use Chrome and when directing the browser to facebook I notice a little bar in the bottom left hand corner that says...waiting for install.adurr.com. The screen then freezes up and eventually allows me to log into facebook. I also have a pop up called lnksr, as well as a video advertisement that pops up in the bottom right corner of the screen that has the words arcadecandy advertisement on it. So has you can see, I have several malware/spyware issues to deal with. The only program I run to protect my computer is Avast anti virus which obviously isn't enough. My operating system is Windows Vista.One other note is just recently, while viewing pictures on FB I have clicked on from friends, a warning shows up to the right of the picture in the area where the names and thread show up and says your computer is infected. Of course I am not going to click on it, but I don't know what malicious software is causing that issue. So please, any help you can provide is very much appreciated. I did see the thread on the lnksr malware and intend on following the instructions you provided to that forum member. Thanks againBob Link to post Share on other sites More sharing options...
Staff CatByte Posted July 24, 2013 Staff ID:706840 Share Posted July 24, 2013 Please run the following: Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 27, 2013 Root Admin ID:707670 Share Posted July 27, 2013 Are you still with us? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 30, 2013 Root Admin ID:708754 Share Posted July 30, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 2, 2013 Root Admin ID:710310 Share Posted August 2, 2013 Topic reopened per user request Link to post Share on other sites More sharing options...
cushdaddy Posted August 2, 2013 Author ID:710329 Share Posted August 2, 2013 Thank you. I have sent a PM to the moderator concerning some steps before I install the farbar recovery tool. Just making sure the file I am about to click on is the right one. After I go to the redirected website http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ and click on download I get the setup.exe file which once I click on that the next file showing is setA9B5.tmp from Ironinstall. Is that the correct file? I am so suspicious any more about downloading so just want to make sure. ThanksBob "Cushdaddy" Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 3, 2013 Root Admin ID:710376 Share Posted August 3, 2013 There is no setup.exe file so whatever you downloaded is not the correct file, please do not run it. There should be a blue button for the FRST download. For the 32-bit version it is named: FRST.exe For the 64-bit version it is named: FRST64.exe Link to post Share on other sites More sharing options...
Staff CatByte Posted August 3, 2013 Staff ID:710437 Share Posted August 3, 2013 Hello cushdaddy I have responded to your PM with the correct information. please delete the file that you have downloaded and download either FRST.exe or FRST64.exe depending on your system as Advanced Setup has said, there is no setup.exe file in FRST Link to post Share on other sites More sharing options...
cushdaddy Posted August 3, 2013 Author ID:710658 Share Posted August 3, 2013 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-08-2013 01Ran by Nerissa Fox (administrator) on 03-08-2013 12:27:22Running from C:\Users\Nerissa Fox\DownloadsMicrosoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)Internet Explorer Version 9Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe(Microsoft Corporation) C:\Windows\system32\SLsvc.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe(Google Inc.) C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe( ) C:\Windows\system32\dlbucoms.exe(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe(MyWebSearch.com) C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe(MyWebSearch.com) C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE(MyWebSearch.com) C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe() C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe(Ask) C:\Program Files\Ask.com\Updater\Updater.exe() C:\Program Files\AVG Secure Search\vprot.exe(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(Plaxo, Inc.) C:\Users\Nerissa Fox\AppData\Local\Plaxo\3.34.0.3\PlaxoHelper_en.exe(Microsoft Corporation) C:\Windows\ehome\ehtray.exe(Google) C:\Program Files\Google\Drive\googledrivesync.exe(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe() C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe(OTi) C:\Windows\system32\UStorSrv.exe(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe(Google Inc.) C:\Users\Nerissa Fox\AppData\Local\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe() C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe(Google Inc.) C:\Users\Nerissa Fox\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Nerissa Fox\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Nerissa Fox\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Nerissa Fox\AppData\Local\Google\Chrome\Application\chrome.exe(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe(Google) C:\Program Files\Google\Drive\googledrivesync.exe(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe(Microsoft Corporation) C:\Windows\system32\wuauclt.exe(Google Inc.) C:\Users\Nerissa Fox\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Nerissa Fox\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Nerissa Fox\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-14] (Synaptics, Inc.)HKLM\...\Run: [QlbCtrl] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [159744 2006-11-06] ( Hewlett-Packard Development Company, L.P.)HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [215552 2006-11-02] (Microsoft Corporation)HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)HKLM\...\Run: [HP Health Check Scheduler] - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)HKLM\...\Run: [MyWebSearch Plugin] - rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF [x]HKLM\...\Run: [My Web Search Bar Search Scope Monitor] - C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe [24688 2009-09-10] (MyWebSearch.com)HKLM\...\Run: [MyWebSearch Email Plugin] - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [32838 2009-09-10] (MyWebSearch.com)HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-10-03] (Hewlett-Packard Development Company, L.P.)HKLM\...\Run: [startNowToolbarHelper] - "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" [x]HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)HKLM\...\Run: [] - [x]HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask)HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2285232 2013-07-29] ()HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [296096 2012-09-27] (RealNetworks, Inc.)HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)HKCU\...\Run: [PlaxoUpdate] - C:\Users\Nerissa Fox\AppData\Local\Plaxo\3.34.0.3\PlaxoHelper_en.exe [2074512 2012-03-21] (Plaxo, Inc.)HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)HKCU\...\Run: [Google Update] - C:\Users\Nerissa Fox\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2009-01-06] (Google Inc.)HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-07-14] (Google Inc.)HKCU\...\Run: [PlaxoSysTray] - C:\Users\Nerissa Fox\AppData\Local\Plaxo\3.34.0.3\PlaxoSysTray.exe [16272 2012-03-21] (Plaxo, Inc.)HKCU\...\Run: [YouSendIt.exe] - C:\Program Files\YouSendIt\Express\YouSendIt.exe -ui none [x]HKCU\...\Run: [GoogleDriveSync] - C:\Program Files\Google\Drive\googledrivesync.exe [19676256 2013-06-06] (Google)HKCU\...\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1840424 2008-06-24] (Nero AG)HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2387968 2009-02-25] (Hewlett-Packard Company)HKCU\...\Run: [DW6] - "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [x]HKCU\...\Run: [DW7] - "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" [x]HKCU\...\Run: [startNow Search Protect] - C:\Program Files\StartNow Toolbar\search_protect.exe [1352048 2012-09-06] ()HKCU\...\Run: [GoogleChromeAutoLaunch_EA34B6748793C437CD41AF98000B70F2] - C:\Users\Nerissa Fox\AppData\Local\Google\Chrome\Application\chrome.exe [846288 2013-07-24] (Google Inc.)MountPoints2: {bcea9d67-59cf-11de-a006-001636e02bca} - uxkl0apt.batHKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)Startup: C:\Users\Nerissa Fox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=APN10703&gct=hp&apn_ptnrs=^ASF&apn_dtid=^YYYYYY^YY^US&p2=^ASF^YYYYYY^YY^US&tpid=ASI-SAT&apn_dbr=cr_24.0.1312.56HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ieHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/?fr=fp-yie9HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ieHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={7E1A47AE-EFFA-11E2-933B-001636E02BCA}HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptopHKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.comHKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.comHKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.htmlHKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60468HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60468URLSearchHook: (No Name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)SearchScopes: HKLM - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={7E1A47AE-EFFA-11E2-933B-001636E02BCA}SearchScopes: HKLM - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=RGxdm023VRUS&fl=0&ptb=0lI8WglNW0frrIGjSoNqnA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms}&si=42763SearchScopes: HKLM - {6A263946-6A77-41FF-BB84-60B5D1E14914} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=ushplSearchScopes: HKLM - {93C55396-0D8E-4C41-A983-22835AF7BE18} URL = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVNUS7SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={7E1A47AE-EFFA-11E2-933B-001636E02BCA}SearchScopes: HKCU - DefaultScope {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=RGxdm023VRUS&fl=0&ptb=0lI8WglNW0frrIGjSoNqnA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms}&si=42763SearchScopes: HKCU - {0F68589B-6781-4A35-975D-BEC950387439} URL = http://websearch.ask.com/redirect?client=ie&tb=PSI&o=15116&src=kw&q={searchTerms}&locale=&apn_ptnrs=L6&apn_dtid=YYYYYYUXUS&apn_uid=7d904b3a-eabd-45f2-80b8-f02c9f38c74c&apn_sauid=3BFA2D7C-03AD-4272-8527-6181362D8F48SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60468SearchScopes: HKCU - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=RGxdm023VRUS&fl=0&ptb=0lI8WglNW0frrIGjSoNqnA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms}&si=42763SearchScopes: HKCU - {6294E6E6-04B2-4E27-8CD6-65433324A509} URL = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}SearchScopes: HKCU - {6A263946-6A77-41FF-BB84-60B5D1E14914} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=ushplSearchScopes: HKCU - {8BBA2394-9677-42F8-9DCC-F6B2A3504311} URL = http://www.flickr.com/search/?q={searchTerms}SearchScopes: HKCU - {93C55396-0D8E-4C41-A983-22835AF7BE18} URL = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVNUS7SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={37BA374C-A140-44EB-BC6E-8751C2FB9FB3}&mid=626021200fcc47d6b4f4d15f7004c239-468d96e1cdef74691a11d8cb5d424d5dc7591a60〈=en&ds=AVG&pr=fr&d=2012-10-15 13:17:03&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}SearchScopes: HKCU - {ABD93EAF-D775-BC54-E63B-2804F22FD156} URL = http://search.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20130308&user_guid=4B0B74820C33424C96460834FE46F6D5&machine_id=1093c67c477559e694c6daea3ebd8726&browser=IE&os=win&os_version=6.0-x86-SP2&iesrc={referrer:source}SearchScopes: HKCU - {B0D577F3-B056-4564-8EE6-2CDD68575B96} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9SearchScopes: HKCU - {C0CF4946-3B2C-4710-B67E-E992C2E9967A} URL = http://www.godaddy.com/gdshop/registrar/search.asp?isc=iesearch7&checkavail=1&domaintocheck={searchTerms}SearchScopes: HKCU - {CE2E36EF-A2C6-4E33-8C7C-4F902720C750} URL = http://www.bing.com/search?FORM=BSRTDF&PC=BBSR&q={searchTerms}&src=IE-SearchBoxSearchScopes: HKCU - {D92FE817-98C6-42F1-819E-200E0AD89E39} URL = http://delicious.com/search?p={searchTerms}SearchScopes: HKCU - {E163AE6E-254C-5FF4-BE33-4CBD31D63F5C} URL = http://www.bing.com/search?q={searchTerms}&pc=Z125&form=ZGAIDF&install_date=20110913&iesrc={referrer:source}SearchScopes: HKCU - {E98B545E-2F51-450C-8796-84EF316F9CA5} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnbSearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com?src=6&q={searchTerms}&barid={7E1A47AE-EFFA-11E2-933B-001636E02BCA}&crg=3.5000006.10045&st=23BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)BHO: No Name - {2BE2A0D3-38C9-4D5A-81A4-6EC75AEEDC30} - No FileBHO: No Name - {2DAF6EF2-10C0-4F08-B074-BD67B1A0F724} - No FileBHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll No FileBHO: SelectionLinks - {6B5B6E59-9610-49BF-B848-737E318DF26E} - C:\Program Files\OApps\SelectionLinks.dll (SelectionLinks)BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: No Name - {8B57CAC2-640F-4FBC-B8E4-589DEBD45F18} - No FileBHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO: ArcadeCandy Games - {AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} - C:\Users\Nerissa Fox\AppData\Local\ArcadeCandy\candyEX.dll (ArcadeCandy LLC)BHO: Arcadesafari BHO - {adff4c9a-4f49-4a1f-8885-360e107b7938} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)BHO: Dogpile Bundle Toolbar BHO - {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll ()BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)BHO: No Name - {DB058A19-2CB5-4212-BAFF-28C4EB1CDB22} - No FileBHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO: No Name - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - No FileBHO: No Name - {E73A2FFC-52CD-4298-B3D0-98B4A1D65C94} - No FileBHO: No Name - {ECF39770-ABCF-4A51-BF9A-8E995DCD54F3} - No FileBHO: No Name - {F853754E-EB1B-440E-8EF5-44E5C3E68797} - No FileBHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)Toolbar: HKLM - My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileToolbar: HKLM - StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)Toolbar: HKLM - Dogpile Bundle Toolbar - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll ()Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU -No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No FileToolbar: HKCU -No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No FileToolbar: HKCU -My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)Toolbar: HKCU -No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No FileToolbar: HKCU -No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileToolbar: HKCU -Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)Toolbar: HKCU -Dogpile Bundle Toolbar - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll ()Toolbar: HKCU -No Name - {4153492D-5341-5400-76A7-7A786E7484D7} - No FileDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No FileHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search)ShellExecuteHooks: - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - No File [ ]Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Chrome: =======CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}CHR Plugin: (Shockwave Flash) - C:\Users\Nerissa Fox\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\Nerissa Fox\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\Nerissa Fox\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll ()CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)CHR Plugin: (PalmSource Package Installer) - C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll No FileCHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll (AVG Technologies)CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No FileCHR Plugin: (Java Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Nerissa Fox\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)CHR Extension: (Google Drive) - C:\Users\NERISS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0CHR Extension: () - C:\Users\NERISS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmeemomfelpigklppifflheakfpkfjjg\background.htmlCHR Extension: (StartNow) - C:\Users\NERISS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\incfcgceegpikennjoplhfghaaikdgei\2.5.0_0CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\NERISS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0CHR Extension: (Select Links App) - C:\Users\NERISS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccomdojgkmckbmecenojfkiedfkfdob\4.3_0CHR Extension: (AVG Secure Search) - C:\Users\NERISS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.4.0.5_0CHR Extension: (Ziftr Alerts - formerly FreePriceAlerts.com) - C:\Users\NERISS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoiabglmnijabkfknliolcbjfcmbmdl\3.1_0CHR Extension: (ArcadeCandy Games) - C:\Users\NERISS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac\1.30.455_0CHR Extension: (Gmail) - C:\Users\NERISS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0CHR HKLM\...\Chrome\Extension: [aaaaonkdgfnbiijefodhhpdilffkbbmg] - C:\Users\Nerissa Fox\AppData\Local\APN\GoogleCRXs\aaaaonkdgfnbiijefodhhpdilffkbbmg_7.15.4.0.crxCHR HKLM\...\Chrome\Extension: [eajkbpchnjjpgpgpmmpadhknfkfcodnh] - C:\Program Files\GamingWonderland Chrome Extension\bar\GamingWonderland@mindspark.comCHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crxCHR HKLM\...\Chrome\Extension: [lccomdojgkmckbmecenojfkiedfkfdob] - C:\Program Files\OApps\chrome-sl.crxCHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.4.0.5\avg.crxCHR HKLM\...\Chrome\Extension: [ngoiabglmnijabkfknliolcbjfcmbmdl] - C:\ProgramData\FreePriceAlerts\Chrome\FreePriceAlerts.crxCHR StartMenuInternet: Google Chrome - C:\Users\Nerissa Fox\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= S3 AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [126976 2006-06-26] (Hewlett-Packard Development Company, L.P.)R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)R2 dlbu_device; C:\Windows\system32\dlbucoms.exe [538096 2007-02-28] ( )R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)R2 MSSQL$ACT7; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)R2 MyWebSearchService; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [28762 2009-09-10] (MyWebSearch.com)R2 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [271760 2007-12-19] ()R2 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [112016 2007-12-19] ()R2 Updater Service for StartNow Toolbar; C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe [265952 2012-06-22] ()R2 UStorage Server Service; C:\Windows\system32\UStorSrv.exe [139264 2004-12-01] (OTi)R2 vToolbarUpdater15.4.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [1616048 2013-07-29] (AVG Secure Search)S2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x] ==================== Drivers (Whitelisted) ==================== R0 AFS; C:\Windows\System32\Drivers\AFS.sys [79052 2007-05-31] (Oak Technology Inc.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-07-20] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.)R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-07-10] (AVG Technologies CZ, s.r.o.)R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-07-29] (AVG Technologies)S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2008-01-18] (Microsoft Corporation)R1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-06-28] (Hewlett-Packard Development Company, L.P.)S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [148992 2006-12-12] (Conexant Systems Inc.)S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]S3 catchme; \??\C:\Users\NERISS~1\AppData\Local\Temp\catchme.sys [x]S3 IpInIp; system32\DRIVERS\ipinip.sys [x]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]S3 PalmUSBD; system32\drivers\PalmUSBD.sys [x]S1 SABKUTIL; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [x]S3 SABProcEnum; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys [x]S3 UIUSys; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-03 12:27 - 2013-08-03 12:27 - 00000000 ___DC C:\FRST2013-08-03 12:23 - 2013-08-03 12:23 - 01222124 _____ (Farbar) C:\Users\Nerissa Fox\Downloads\FRST.exe2013-08-02 15:16 - 2013-08-02 15:16 - 00000906 _____ C:\Users\Nerissa Fox\Desktop\Continue Download Helper Installation.lnk2013-07-24 21:16 - 2013-07-26 13:12 - 00000346 _____ C:\Windows\Tasks\HPCeeScheduleForNerissa Fox.job2013-07-20 01:51 - 2013-07-20 01:51 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys2013-07-20 01:50 - 2013-07-20 01:50 - 00208184 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys2013-07-20 01:50 - 2013-07-20 01:50 - 00171320 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys2013-07-20 01:50 - 2013-07-20 01:50 - 00060216 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys2013-07-19 13:36 - 2013-07-19 13:35 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe2013-07-19 13:36 - 2013-07-19 13:35 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe2013-07-19 13:36 - 2013-07-19 13:35 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll2013-07-18 16:08 - 2013-07-18 16:08 - 00000094 _____ C:\Windows\family.ini2013-07-18 16:08 - 2013-07-18 16:08 - 00000000 ____D C:\Users\Nerissa Fox\AppData\Roaming\HotSync2013-07-18 15:41 - 2013-07-18 15:41 - 00000000 ____D C:\Users\Nerissa Fox\AppData\Roaming\SuperAdBlocker.com2013-07-18 15:37 - 2011-05-13 16:17 - 00632656 _____ (Microsoft Corporation) C:\Windows\system32\msvcr80.dll2013-07-18 15:37 - 2011-05-13 16:17 - 00554832 _____ (Microsoft Corporation) C:\Windows\system32\msvcp80.dll2013-07-18 15:37 - 2011-05-13 16:17 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\msvcm80.dll2013-07-18 15:37 - 2011-05-13 07:59 - 00001870 _____ C:\Windows\system32\Microsoft.VC80.CRT.manifest2013-07-16 18:56 - 2013-07-16 18:56 - 00000871 _____ C:\Users\Nerissa Fox\Desktop\Picture Resize.lnk2013-07-16 18:56 - 2013-07-16 18:56 - 00000000 ____D C:\Users\Nerissa Fox\AppData\Roaming\Bidgood Svcs2013-07-16 18:56 - 2013-07-16 18:56 - 00000000 ____D C:\Program Files\Picture Resize2013-07-16 18:56 - 2004-03-09 00:00 - 00212240 _____ (Microsoft Corporation) C:\Windows\system32\richtx32.ocx2013-07-16 18:56 - 1998-06-24 03:00 - 00137000 _____ (Microsoft Corporation) C:\Windows\system32\msmapi32.ocx2013-07-10 01:32 - 2013-07-10 01:32 - 00039224 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys ==================== One Month Modified Files and Folders ======= 2013-08-03 12:27 - 2013-08-03 12:27 - 00000000 ___DC C:\FRST2013-08-03 12:23 - 2013-08-03 12:23 - 01222124 _____ (Farbar) C:\Users\Nerissa Fox\Downloads\FRST.exe2013-08-03 12:17 - 2012-03-29 10:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-08-03 12:14 - 2007-03-17 13:25 - 01573760 _____ C:\Windows\WindowsUpdate.log2013-08-03 12:10 - 2011-01-06 09:26 - 00000000 ____D C:\ProgramData\MFAData2013-08-03 12:08 - 2012-04-26 08:00 - 00000000 ___SD C:\Users\Nerissa Fox\Google Drive2013-08-03 12:05 - 2007-04-05 17:13 - 00000000 ____D C:\Users\NERISS~1\AppData\Local\Plaxo2013-08-03 12:03 - 2013-06-07 13:57 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job2013-08-03 12:03 - 2013-06-02 18:43 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job2013-08-03 12:03 - 2010-01-29 12:08 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-08-03 12:03 - 2006-11-02 06:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-08-03 12:03 - 2006-11-02 05:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02013-08-03 12:03 - 2006-11-02 05:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02013-08-02 22:54 - 2006-12-17 21:05 - 00000012 _____ C:\Windows\bthservsdp.dat2013-08-02 22:54 - 2006-11-02 06:01 - 00032570 _____ C:\Windows\Tasks\SCHEDLGU.TXT2013-08-02 22:25 - 2012-12-08 22:28 - 00000294 _____ C:\Windows\Tasks\CandyUpdater.job2013-08-02 21:57 - 2010-01-29 12:08 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-08-02 21:57 - 2009-07-01 01:02 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3644431488-1808320650-4190770662-1000UA.job2013-08-02 20:49 - 2013-01-30 21:08 - 00000500 _____ C:\Windows\Tasks\Arcadesafari.job2013-08-02 15:16 - 2013-08-02 15:16 - 00000906 _____ C:\Users\Nerissa Fox\Desktop\Continue Download Helper Installation.lnk2013-08-02 14:59 - 2011-01-04 10:35 - 00000820 _____ C:\Windows\Tasks\Google Software Updater.job2013-08-02 13:45 - 2007-03-22 16:22 - 00003766 ___SH C:\Windows\system32\KGyGaAvL.sys2013-08-02 12:57 - 2009-07-01 01:02 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3644431488-1808320650-4190770662-1000Core.job2013-08-01 21:40 - 2009-01-06 11:53 - 00002072 _____ C:\Users\Nerissa Fox\Desktop\Google Chrome.lnk2013-08-01 14:04 - 2007-03-21 17:17 - 00002627 _____ C:\Users\Nerissa Fox\Desktop\Microsoft Office Word 2007.lnk2013-07-31 19:52 - 2009-01-13 13:03 - 00000052 _____ C:\Windows\system32\DOErrors.log2013-07-31 15:05 - 2011-11-17 21:19 - 00002555 _____ C:\Users\Nerissa Fox\Desktop\Microsoft Office Publisher.lnk2013-07-30 12:48 - 2012-10-15 13:17 - 00000798 _____ C:\Users\Public\Desktop\AVG 2013.lnk2013-07-29 12:35 - 2011-11-09 11:25 - 00000000 ____D C:\Windows\system32\cache2013-07-29 12:34 - 2012-10-15 13:16 - 00000000 ____D C:\Program Files\AVG Secure Search2013-07-29 12:34 - 2012-07-21 10:19 - 00037664 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys2013-07-26 13:12 - 2013-07-24 21:16 - 00000346 _____ C:\Windows\Tasks\HPCeeScheduleForNerissa Fox.job2013-07-24 21:46 - 2007-03-17 21:39 - 00000000 ____D C:\Users\Nerissa Fox2013-07-20 01:51 - 2013-07-20 01:51 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys2013-07-20 01:50 - 2013-07-20 01:50 - 00208184 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys2013-07-20 01:50 - 2013-07-20 01:50 - 00171320 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys2013-07-20 01:50 - 2013-07-20 01:50 - 00060216 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys2013-07-19 14:19 - 2007-04-02 05:53 - 00000000 ____D C:\Users\NERISS~1\AppData\Local\Google2013-07-19 13:35 - 2013-07-19 13:36 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe2013-07-19 13:35 - 2013-07-19 13:36 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe2013-07-19 13:35 - 2013-07-19 13:36 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll2013-07-19 13:35 - 2012-06-27 11:36 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll2013-07-19 13:35 - 2010-04-16 11:48 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll2013-07-19 13:35 - 2006-12-17 22:26 - 00000000 ____D C:\Program Files\Java2013-07-18 16:10 - 2008-11-21 15:42 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard2013-07-18 16:08 - 2013-07-18 16:08 - 00000094 _____ C:\Windows\family.ini2013-07-18 16:08 - 2013-07-18 16:08 - 00000000 ____D C:\Users\Nerissa Fox\AppData\Roaming\HotSync2013-07-18 15:41 - 2013-07-18 15:41 - 00000000 ____D C:\Users\Nerissa Fox\AppData\Roaming\SuperAdBlocker.com2013-07-18 15:33 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\Resources2013-07-16 18:56 - 2013-07-16 18:56 - 00000871 _____ C:\Users\Nerissa Fox\Desktop\Picture Resize.lnk2013-07-16 18:56 - 2013-07-16 18:56 - 00000000 ____D C:\Users\Nerissa Fox\AppData\Roaming\Bidgood Svcs2013-07-16 18:56 - 2013-07-16 18:56 - 00000000 ____D C:\Program Files\Picture Resize2013-07-11 16:32 - 2007-03-21 17:17 - 00002585 _____ C:\Users\Nerissa Fox\Desktop\Microsoft Office Excel 2007.lnk2013-07-10 01:32 - 2013-07-10 01:32 - 00039224 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys2013-07-09 13:42 - 2012-07-19 20:19 - 00000000 ____D C:\Users\NERISS~1\AppData\Local\ArcadeCandy2013-07-04 10:00 - 2007-09-19 20:22 - 00000000 ____D C:\Users\Nerissa Fox\Documents\Personal ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-03 12:16 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
cushdaddy Posted August 3, 2013 Author ID:710659 Share Posted August 3, 2013 Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-08-2013 01Ran by Nerissa Fox at 2013-08-03 12:33:51Running from C:\Users\Nerissa Fox\DownloadsBoot Mode: Normal========================================================== ==================== Installed Programs ======================= Update for Microsoft Office 2007 (KB2508958)32 Bit HP CIO Components Installer (Version: 7.1.8)ACT! (Version: 9.1.0.0000)ACT! by Sage (Version: 9.1.0.0000)Activation Assistant for the 2007 Microsoft Office suitesActivation Assistant for the 2007 Microsoft Office suites (Version: 1.0)ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)Adobe AIR (Version: 2.0.3.13070)Adobe Flash Player 10 Plugin (Version: 10.0.32.18)Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)Adobe Reader X (10.1.7) (Version: 10.1.7)Apple Application Support (Version: 1.5.1)Apple Mobile Device Support (Version: 3.4.0.25)Apple Software Update (Version: 2.1.3.127)ArcadeCandy (HKCU Version: ac 1.24.366)ArcadesafariAsk Toolbar (Version: 1.15.4.0)Ask Toolbar Updater (HKCU Version: 1.2.2.23821)ASL_HS_Installer32 (Version: 1.0.9)Avery Template (Version: 2.0.0.0)Avery Wizard 4.0 (Version: 4.0.103)AVG 2013 (Version: 13.0.3209)AVG 2013 (Version: 13.0.3392)AVG 2013 (Version: 2013.0.3392)AVG Security Toolbar (Version: 15.4.0.5)Azureus VuzeBejeweled 2 Deluxe (remove only)Bejeweled 2 Deluxe 1.1Bejeweled 3Bonjour (Version: 2.0.5.0)Bookworm Adventures Deluxe 1.0Bricks Of Egypt (remove only)Broadcom 802.11 Wireless LAN Adapter (Version: 4.102.15.61)Byki (Version: 4.0)Byki ExpressConexant HD AudioCoupon Printer for Windows (Version: 4.0)Dogpile Bundle Toolbar (Version: 1.514)Dropbox (HKCU Version: 1.2.49)ebgcInfra (Version: 1.1.0)ebgcRes (Version: 1.0.0)ebgcSDK (Version: 1.0.0)Free Picture Resize Starter 4.5 (Version: 5.5.18)FreePriceAlerts 2.3.5 (Version: 2.3.5)GamingWonderland Toolbar Chrome ExtensionGIMP 2.6.7Google Chrome (HKCU Version: 28.0.1500.95)Google Drive (Version: 1.10.4769.632)Google Earth (Version: 4.3.7284.3916)Google Earth Plug-in (Version: 5.2.0.5932)Google Earth Plug-in (Version: 7.0.3.8542)Google Toolbar for Internet Explorer (Version: 1.0.0)Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)Google Update Helper (Version: 1.3.21.153)Google Updater (Version: 2.4.2432.1652)GoToMeeting 5.1.0.880 (HKCU Version: 5.1.0.880)GoView (Version: 1.0.71)HDAUDIO Soft Data Fax Modem with SmartCPHP Active Support Library (Version: 3.1.9.1)HP Active Support Library 32 bit components (Version: 2.1.0)HP Connections (remove only)HP Customer Experience Enhancements (Version: 1.00.0000)HP Easy Setup - Core (Version: 1.00.0000)HP Easy Setup - Frontend (Version: 5.00.0000)HP Help and Support (Version: 1.0.0)HP Quick Launch Buttons 6.10 B9 (Version: 6.10 B9)HP QuickPlay 3.6HP Total Care Advisor (Version: 1.0.94)HP Update (Version: 5.003.001.001)HP User Guide 0048 (Version: 1.02.0001)HP Wireless Assistant (Version: 3.00 H3)HPAsset component for HP Active Support Library (Version: 3.0.2.2)HPNetworkAssistant (Version: 1.1.70)Image Resizer for Windows (Version: 3.0.4442.6002)Imation Disk Manager II ServiceIntel® Graphics Media Accelerator DriveriTunes (Version: 10.2.2.14)Java 7 Update 25 (Version: 7.0.250)Java Auto Updater (Version: 2.1.9.5)Java 6 Update 3 (Version: 1.6.0.30)Java 6 Update 33 (Version: 6.0.330)Java 6 Update 5 (Version: 1.6.0.50)Java 6 Update 7 (Version: 1.6.0.70)Java SE Runtime Environment 6 (Version: 1.6.0.0)Jewel Quest Mysteries - Curse of the Emerald Tear (remove only)LightScribe System Software (Version: 1.18.2.1)Microsoft .NET Framework 1.1 (Version: 1.1.4322)Microsoft .NET Framework 1.1 Security Update (KB953297)Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)Microsoft .NET Framework 4 Extended (Version: 4.0.30319)Microsoft Office 2007 Service Pack 2 (SP2)Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)Microsoft Office Live Meeting 2007 (Version: 8.0.6362.128)Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)Microsoft Silverlight (Version: 5.1.10411.0)Microsoft SQL Server 2005Microsoft SQL Server 2005 Express Edition (ACT7) (Version: 9.4.5000.00)Microsoft SQL Server Native Client (Version: 9.00.5000.00)Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)Microsoft UI Engine (Version: 4.0.0318.1)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)Microsoft Web Publishing Wizard 1.52Move Networks Media Player for Internet ExplorerMSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)muvee autoProducer 5.0 (Version: 5.00.050)My HP Games (Version: HPLAP0304)My Web Search (Retrogamer)Nero 8 Essentials (Version: 8.3.569)neroxml (Version: 1.0.0)Next Generation Visualisations (Version: 1.0.0)OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)Palm Outlook Conduits Updater (Version: 1.00.0000)Picasa 3 (Version: 3.9)Plaxo Toolbar for WindowsQuickPlay SlingPlayer 0.4.6 (Version: 0.4.6)QuickTime (Version: 7.69.80.9)RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)RealPlayer (Version: 15.0.6)RealUpgrade 1.1 (Version: 1.1.0)Rhapsody Player Engine (Version: 1.1.0)Roxio Creator Audio (Version: 3.3.0)Roxio Creator Basic v9 (Version: 3.3.0)Roxio Creator Copy (Version: 3.3.0)Roxio Creator Data (Version: 3.3.0)Roxio Creator EasyArchive (Version: 3.3.0)Roxio Creator Tools (Version: 3.3.0)Roxio Express Labeler 3 (Version: 2.1.0)Roxio MyDVD Basic v9 (Version: 9.0.114)Scrabble (remove only)SelectionLinks (Version: 1.0)SkillRide Game Client (Version: 1.2.26)Skype™ 3.5 (Version: 3.5.214)Sonic Activation Module (Version: 1.0)Sprint Digital LoungeStartNow Toolbar (Version: 2.5.0)Synaptics Pointing Device Driver (Version: 9.0.1.5)The Weather Channel AppTimes Reader (Version: 2.054)Update for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 System (KB2539530)Update for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Infopath 2007 Help (KB963662)Update for Microsoft Office OneNote 2007 (KB980729)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Outlook 2007 (KB2583910)Update for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Update for Outlook 2007 Junk Email Filter (KB2596560)WebExWindows Live ID Sign-in Assistant (Version: 6.500.3165.0)Windows Media Player Firefox Plugin (Version: 1.0.0.8)WinRAR archiverWriteExpress 4,001 Business, Sales & Personal Letters (Version: 6.3)Xvid 1.2.2 final uninstall (Version: 1.2)Yahoo! BrowserPlus 2.9.8Yahoo! Install ManagerYahoo! Search ProtectionYahoo! Software UpdateYahoo! ToolbarZuma Deluxe 1.0Zuma's Revenge! ==================== Restore Points ========================= 01-08-2013 00:26:19 Scheduled Checkpoint01-08-2013 21:43:14 Scheduled Checkpoint ==================== Hosts content: ========================== 2006-11-02 03:23 - 2006-09-18 14:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {107FEA1A-8285-4BDE-8981-73AC78644511} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UITask: {130D7BF8-D33F-4A95-AB6A-54ADF2F2F979} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3644431488-1808320650-4190770662-1000Core => C:\Users\Nerissa Fox\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-06] (Google Inc.)Task: {196DF905-5D03-4153-A369-81BC4AD0CA08} - System32\Tasks\User_Feed_Synchronization-{F6C9AEA3-719C-491D-980D-841B4110F875} => C:\Windows\system32\msfeedssync.exe [2011-04-03] (Microsoft Corporation)Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {309654BD-93F1-4AC0-BE6F-E0C08AEDB06E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPagesTask: {3C1D028D-106F-464B-9DFC-702EA2DED2C7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3644431488-1808320650-4190770662-1000UA => C:\Users\Nerissa Fox\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-06] (Google Inc.)Task: {3E77BD0B-096F-4821-8D85-11931C520FDD} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3644431488-1808320650-4190770662-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)Task: {413A0041-1C70-4B4B-885F-03F05E68D9A5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-29] (Google Inc.)Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)Task: {4EBD0E8F-BC11-48D9-95DC-F71899430C86} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation)Task: {54448215-5EF4-4AEE-9941-069BEBC6CA9C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {658A1CE7-DF7E-4E1C-B7A8-7651AC39C71F} - System32\Tasks\HPCeeScheduleForNerissa Fox => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2006-10-30] (Hewlett-Packard)Task: {67B28DAF-A881-4E79-94F0-E59CDA48E40A} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{31577E00-60B6-4877-98B4-C346BF6DEE0E}.exe No FileTask: {7BDE5A26-C42C-437F-A836-6F378AA72E73} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)Task: {8C0A61D9-4C32-42EB-928A-F9FA8E8839A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-29] (Google Inc.)Task: {8E8C8FBC-4D45-4F94-85E0-9B7A6F234E90} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-19] (Microsoft Corp.)Task: {98374749-F3F0-4BDE-AA0F-E287AA72E807} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{F67E94B6-283A-4239-B0AD-9DCD3F557C46}.exe No FileTask: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation)Task: {B1425201-75A1-4B06-AA41-75790834E9BD} - System32\Tasks\CandyUpdater => C:\Users\Nerissa Fox\AppData\Local\ArcadeCandy\candyUpdater.exe [2013-07-09] ()Task: {C3D86492-D2AE-4D22-940D-D69F47BD9BB0} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)Task: {CAFA2A27-E2D8-463D-88B0-2F39FBA03902} - System32\Tasks\Arcadesafari => C:\Users\Nerissa Fox\AppData\Local\Arcadesafari\ArcadesafariUpdater.exe No FileTask: {D3751BDF-1D1E-4BBB-827B-7D88980DF822} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3644431488-1808320650-4190770662-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)Task: {DE679406-D8F2-4756-B2E2-A78B700D38F9} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation)Task: {E1B35E0C-5826-4F4A-9234-91939C7038D2} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2012-06-06] ()Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()Task: {F421395F-7FF9-4339-8EA1-63DA2603B435} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-10] (Google)Task: {F95FBD79-7993-46C1-BCFD-5F37E7B19BA8} - System32\Tasks\Microsoft\Windows\WindowsBackup\CheckFull => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\Arcadesafari.job => C:\Users\Nerissa Fox\AppData\Local\Arcadesafari\ArcadesafariUpdater.exeTask: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{31577E00-60B6-4877-98B4-C346BF6DEE0E}.exeTask: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{F67E94B6-283A-4239-B0AD-9DCD3F557C46}.exeTask: C:\Windows\Tasks\CandyUpdater.job => C:\Users\Nerissa Fox\AppData\Local\ArcadeCandy\candyUpdater.exeTask: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3644431488-1808320650-4190770662-1000Core.job => C:\Users\Nerissa Fox\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3644431488-1808320650-4190770662-1000UA.job => C:\Users\Nerissa Fox\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\HPCeeScheduleForNerissa Fox.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe ==================== Faulty Device Manager Devices ============= Name: Optiarc DVD RW AD-7530A ATA DeviceDescription: CD-ROM DriveClass Guid: {4d36e965-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard CD-ROM drives)Service: cdromProblem: : This device cannot start. (Code10)Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors:==================Error: (08/03/2013 00:06:08 PM) (Source: Application Error) (User: )Description: Faulting application NMIndexStoreSvr.exe, version 3.3.8.0, time stamp 0x4860cce5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000096, fault offset 0x02020202,process id 0xdd4, application start time 0xNMIndexStoreSvr.exe0. Error: (08/01/2013 00:40:43 PM) (Source: Application Error) (User: )Description: Faulting application NMIndexStoreSvr.exe, version 3.3.8.0, time stamp 0x4860cce5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x02020202,process id 0xdc0, application start time 0xNMIndexStoreSvr.exe0. Error: (07/31/2013 00:22:04 PM) (Source: Application Error) (User: )Description: Faulting application NMIndexStoreSvr.exe, version 3.3.8.0, time stamp 0x4860cce5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x07070707,process id 0x9fc, application start time 0xNMIndexStoreSvr.exe0. Error: (07/29/2013 10:29:39 PM) (Source: Application Error) (User: )Description: Faulting application NMIndexStoreSvr.exe, version 3.3.8.0, time stamp 0x4860cce5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x02020202,process id 0xd20, application start time 0xNMIndexStoreSvr.exe0. Error: (07/29/2013 00:32:28 PM) (Source: Application Error) (User: )Description: Faulting application NMIndexStoreSvr.exe, version 3.3.8.0, time stamp 0x4860cce5, faulting module NMIndexStoreSvr.exe, version 3.3.8.0, time stamp 0x4860cce5, exception code 0xc0000409, fault offset 0x001100a2,process id 0xe84, application start time 0xNMIndexStoreSvr.exe0. Error: (07/27/2013 04:19:21 AM) (Source: Application Error) (User: )Description: Faulting application NMIndexStoreSvr.exe, version 3.3.8.0, time stamp 0x4860cce5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x07070707,process id 0xd54, application start time 0xNMIndexStoreSvr.exe0. Error: (07/25/2013 03:34:54 PM) (Source: Application Hang) (User: )Description: The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.Process ID: 804Start Time: 01ce882e5bd00c4fTermination Time: 0 Error: (07/22/2013 09:23:58 AM) (Source: Application Error) (User: )Description: Faulting application regsvr32.exe, version 6.0.6000.16386, time stamp 0x4549b3c7, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000005, fault offset 0x00048762,process id 0xc04, application start time 0xregsvr32.exe0. Error: (07/19/2013 02:32:31 PM) (Source: Application Error) (User: )Description: Faulting application NMIndexStoreSvr.exe, version 3.3.8.0, time stamp 0x4860cce5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x02020202,process id 0xedc, application start time 0xNMIndexStoreSvr.exe0. Error: (07/19/2013 02:01:20 PM) (Source: MsiInstaller) (User: Foxy)Description: Product: Ask Shopping Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: Google Chrome System errors:=============Error: (08/03/2013 00:04:39 PM) (Source: Service Control Manager) (User: )Description: SABKUTIL Error: (08/03/2013 00:04:39 PM) (Source: Service Control Manager) (User: )Description: Parallel port driver%%1058 Error: (08/02/2013 10:54:14 PM) (Source: Service Control Manager) (User: )Description: ScRegSetValueExWFailureActions%%5 Error: (08/01/2013 00:38:54 PM) (Source: Service Control Manager) (User: )Description: SABKUTIL Error: (08/01/2013 00:38:54 PM) (Source: Service Control Manager) (User: )Description: Parallel port driver%%1058 Error: (07/31/2013 10:57:46 PM) (Source: Service Control Manager) (User: )Description: ScRegSetValueExWFailureActions%%5 Error: (07/31/2013 00:23:08 PM) (Source: Service Control Manager) (User: )Description: SABKUTIL Error: (07/31/2013 00:23:08 PM) (Source: Service Control Manager) (User: )Description: QuickPlay Task Scheduler (QTS)QuickPlay Background Capture Service (QBCS)%%1070 Error: (07/31/2013 00:23:08 PM) (Source: Service Control Manager) (User: )Description: QuickPlay Background Capture Service (QBCS) Error: (07/31/2013 00:20:53 PM) (Source: Service Control Manager) (User: )Description: Parallel port driver%%1058 Microsoft Office Sessions:=========================Error: (11/23/2011 03:40:49 PM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6546.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4226 seconds with 420 seconds of active time. This session ended with a crash. Error: (01/11/2011 02:02:02 PM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 136 seconds with 60 seconds of active time. This session ended with a crash. Error: (08/13/2010 10:46:53 AM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 282 seconds with 240 seconds of active time. This session ended with a crash. Error: (07/30/2010 02:14:12 PM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 145 seconds with 120 seconds of active time. This session ended with a crash. Error: (07/28/2010 00:44:35 PM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 533 seconds with 0 seconds of active time. This session ended with a crash. Error: (07/19/2010 11:51:54 AM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 65 seconds with 60 seconds of active time. This session ended with a crash. Error: (07/13/2010 10:19:34 AM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 37 seconds with 0 seconds of active time. This session ended with a crash. Error: (04/03/2010 06:31:22 AM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash. Error: (01/21/2010 04:34:54 PM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 277 seconds with 180 seconds of active time. This session ended with a crash. Error: (01/15/2010 04:19:16 PM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1629 seconds with 540 seconds of active time. This session ended with a crash. CodeIntegrity Errors:=================================== Date: 2013-08-03 12:29:58.939 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-03 12:29:58.652 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-03 12:29:58.361 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-03 12:29:58.071 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-03 12:29:57.784 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-03 12:29:57.497 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-03 12:29:57.205 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-03 12:29:56.916 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-03 12:29:56.599 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-03 12:29:56.308 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 81%Total physical RAM: 1525.31 MBAvailable physical RAM: 278.32 MBTotal Pagefile: 3314.43 MBAvailable Pagefile: 1627.36 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1892.24 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:105.23 GB) (Free:2.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (HP_RECOVERY) (Fixed) (Total:6.56 GB) (Free:6.49 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 112 GB) (Disk ID: 6125DB67)Partition 1: (Active) - (Size=105 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=7 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Staff CatByte Posted August 3, 2013 Staff ID:710719 Share Posted August 3, 2013 Hello Please do the following: Download the attached fixlist.txt file and save it to C:\Users\Nerissa Fox\Downloads NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply. FixList.txt NEXT Refer to the ComboFix User's GuideDownload ComboFix from the following location: Link * IMPORTANT !!! Place ComboFix.exe on your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix. You can get help on disabling your protection programs hereDouble click on ComboFix.exe & follow the prompts.Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. ---------------------------------------------------------------------------------------------Ensure your AntiVirus and AntiSpyware applications are re-enabled. ---------------------------------------------------------------------------------------------NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error. Link to post Share on other sites More sharing options...
cushdaddy Posted August 5, 2013 Author ID:711319 Share Posted August 5, 2013 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-08-2013 01Ran by Nerissa Fox at 2013-08-05 13:56:51 Run:1Running from C:\Users\Nerissa Fox\DownloadsBoot Mode: Normal ============================================== [3264] C:\Program Files\Ask.com\Updater\Updater.exe => Process closed successfully.HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Plugin => Value deleted successfully.HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor => Value deleted successfully.HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin => Value deleted successfully.HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\StartNowToolbarHelper => Value deleted successfully.HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => Value deleted successfully.HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\StartNow Search Protect => Value deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bcea9d67-59cf-11de-a006-001636e02bca} => Key deleted successfully.HKCR\CLSID\{bcea9d67-59cf-11de-a006-001636e02bca} => Key not found.HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D} => Value deleted successfully.HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0} => Key not found.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A263946-6A77-41FF-BB84-60B5D1E14914} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{6A263946-6A77-41FF-BB84-60B5D1E14914} => Key not found.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0F68589B-6781-4A35-975D-BEC950387439} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{0F68589B-6781-4A35-975D-BEC950387439} => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0} => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A263946-6A77-41FF-BB84-60B5D1E14914} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{6A263946-6A77-41FF-BB84-60B5D1E14914} => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ABD93EAF-D775-BC54-E63B-2804F22FD156} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{ABD93EAF-D775-BC54-E63B-2804F22FD156} => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D} => Key deleted successfully.HKCR\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} => Key deleted successfully.HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2BE2A0D3-38C9-4D5A-81A4-6EC75AEEDC30} => Key deleted successfully.HKCR\CLSID\{2BE2A0D3-38C9-4D5A-81A4-6EC75AEEDC30} => Key not found.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DAF6EF2-10C0-4F08-B074-BD67B1A0F724} => Key deleted successfully.HKCR\CLSID\{2DAF6EF2-10C0-4F08-B074-BD67B1A0F724} => Key not found.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5B6E59-9610-49BF-B848-737E318DF26E} => Key deleted successfully.HKCR\CLSID\{6B5B6E59-9610-49BF-B848-737E318DF26E} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F} => Key deleted successfully.HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8B57CAC2-640F-4FBC-B8E4-589DEBD45F18} => Key deleted successfully.HKCR\CLSID\{8B57CAC2-640F-4FBC-B8E4-589DEBD45F18} => Key not found.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB058A19-2CB5-4212-BAFF-28C4EB1CDB22} => Key deleted successfully.HKCR\CLSID\{DB058A19-2CB5-4212-BAFF-28C4EB1CDB22} => Key not found.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E180F496-8A4B-44E2-9FE0-0364E345DB7F} => Key deleted successfully.HKCR\CLSID\{E180F496-8A4B-44E2-9FE0-0364E345DB7F} => Key not found.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E73A2FFC-52CD-4298-B3D0-98B4A1D65C94} => Key deleted successfully.HKCR\CLSID\{E73A2FFC-52CD-4298-B3D0-98B4A1D65C94} => Key not found.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ECF39770-ABCF-4A51-BF9A-8E995DCD54F3} => Key deleted successfully.HKCR\CLSID\{ECF39770-ABCF-4A51-BF9A-8E995DCD54F3} => Key not found.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F853754E-EB1B-440E-8EF5-44E5C3E68797} => Key deleted successfully.HKCR\CLSID\{F853754E-EB1B-440E-8EF5-44E5C3E68797} => Key not found.HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} => Value deleted successfully.HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Value deleted successfully.HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{5911488E-9D1E-40ec-8CBB-06B231CC153F} => Value deleted successfully.HKCR\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} => Value deleted successfully.HKCR\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} => Key not found.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Value deleted successfully.HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} => Value deleted successfully.HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} => Key not found.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} => Value deleted successfully.HKCR\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} => Key not found.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Value deleted successfully.HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4153492D-5341-5400-76A7-7A786E7484D7} => Value deleted successfully.HKCR\CLSID\{4153492D-5341-5400-76A7-7A786E7484D7} => Key not found.HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{E180F496-8A4B-44E2-9FE0-0364E345DB7F} => Value deleted successfully.HKCR\CLSID\{E180F496-8A4B-44E2-9FE0-0364E345DB7F} => Key not found.MyWebSearchService => Service deleted successfully. The system needs a manual reboot. ==== End of Fixlog ==== Link to post Share on other sites More sharing options...
cushdaddy Posted August 5, 2013 Author ID:711340 Share Posted August 5, 2013 ComboFix 13-08-05.03 - Nerissa Fox 08/05/2013 14:15:05.1.2 - x86Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1525.612 [GMT -7:00]Running from: c:\users\Nerissa Fox\Downloads\ComboFix.exeAV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\DFR6C4E.tmpc:\program files\FunWebProductsc:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.htmlc:\program files\MyWebSearchc:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPGc:\program files\MyWebSearch\bar\1.bin\F3CJpeg.dllc:\program files\MyWebSearch\bar\1.bin\F3DTactl.dllc:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLLc:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLLc:\program files\MyWebSearch\bar\1.bin\F3HTmlmu.dllc:\program files\MyWebSearch\bar\1.bin\F3HTtpct.dllc:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLLc:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCRc:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLLc:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLLc:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLLc:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXEc:\program files\MyWebSearch\bar\1.bin\F3SCrctr.dllc:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMVc:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DATc:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLLc:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNGc:\program files\MyWebSearch\bar\1.bin\M3AUXSTB.DLLc:\program files\MyWebSearch\bar\1.bin\M3DLGHK.DLLc:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JARc:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFESTc:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXEc:\program files\MyWebSearch\bar\1.bin\M3HTml.dllc:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLLc:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXEc:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXEc:\program files\MyWebSearch\bar\1.bin\M3MSg.dllc:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JARc:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFESTc:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLLc:\program files\MyWebSearch\bar\1.bin\M3PATCH.DLLc:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLLc:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLLc:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXEc:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXEc:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXEc:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLLc:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXEc:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLLc:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLLc:\program files\MyWebSearch\bar\1.bin\MWSSRCAS.DLLc:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXEc:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLLc:\program files\MyWebSearch\bar\Avatar\COMMON.F3Sc:\program files\MyWebSearch\bar\Cache\002FB635c:\program files\MyWebSearch\bar\Cache\002FBDF2c:\program files\MyWebSearch\bar\Cache\002FC1F8.binc:\program files\MyWebSearch\bar\Cache\002FC542.binc:\program files\MyWebSearch\bar\Cache\002FD2BA.binc:\program files\MyWebSearch\bar\Cache\002FD44F.binc:\program files\MyWebSearch\bar\Cache\002FD5D5.binc:\program files\MyWebSearch\bar\Cache\002FD77A.binc:\program files\MyWebSearch\bar\Cache\002FDD44.binc:\program files\MyWebSearch\bar\Cache\files.inic:\program files\MyWebSearch\bar\Game\CHECKERS.F3Sc:\program files\MyWebSearch\bar\Game\CHESS.F3Sc:\program files\MyWebSearch\bar\Game\REVERSI.F3Sc:\program files\MyWebSearch\bar\History\search3c:\program files\MyWebSearch\bar\icons\CM.ICOc:\program files\MyWebSearch\bar\icons\MFC.ICOc:\program files\MyWebSearch\bar\icons\PSS.ICOc:\program files\MyWebSearch\bar\icons\SMILEY.ICOc:\program files\MyWebSearch\bar\icons\WB.ICOc:\program files\MyWebSearch\bar\icons\ZWINKY.ICOc:\program files\MyWebSearch\bar\Message\COMMON.F3Sc:\program files\MyWebSearch\bar\Notifier\COMMON.F3Sc:\program files\MyWebSearch\bar\Notifier\DOG.F3Sc:\program files\MyWebSearch\bar\Notifier\FISH.F3Sc:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3Sc:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3Sc:\program files\MyWebSearch\bar\Notifier\MAID.F3Sc:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3Sc:\program files\MyWebSearch\bar\Notifier\OPERA.F3Sc:\program files\MyWebSearch\bar\Notifier\ROBOT.F3Sc:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3Sc:\program files\MyWebSearch\bar\Notifier\SURFER.F3Sc:\program files\MyWebSearch\bar\Settings\prevcfg2.htmc:\program files\MyWebSearch\bar\Settings\s_pid.datc:\program files\OApps\SeLEctionlinks.dllc:\program files\StartNow Toolbarc:\program files\StartNow Toolbar\genfix.exec:\program files\StartNow Toolbar\Reactivate.exec:\program files\StartNow Toolbar\Resources\images\engine_images.pngc:\program files\StartNow Toolbar\Resources\images\engine_maps.pngc:\program files\StartNow Toolbar\Resources\images\engine_news.pngc:\program files\StartNow Toolbar\Resources\images\engine_videos.pngc:\program files\StartNow Toolbar\Resources\images\engine_web.pngc:\program files\StartNow Toolbar\Resources\images\icon_amazon.pngc:\program files\StartNow Toolbar\Resources\images\icon_ebay.pngc:\program files\StartNow Toolbar\Resources\images\icon_facebook.pngc:\program files\StartNow Toolbar\Resources\images\icon_games.pngc:\program files\StartNow Toolbar\Resources\images\icon_msn.pngc:\program files\StartNow Toolbar\Resources\images\icon_shopping.pngc:\program files\StartNow Toolbar\Resources\images\icon_travel.pngc:\program files\StartNow Toolbar\Resources\images\icon_twitter.pngc:\program files\StartNow Toolbar\Resources\images\startnow_logo.pngc:\program files\StartNow Toolbar\Resources\installer.xmlc:\program files\StartNow Toolbar\Resources\skin\chevron_button.pngc:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.pngc:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.pngc:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.pngc:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.pngc:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.pngc:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.pngc:\program files\StartNow Toolbar\Resources\skin\separator.pngc:\program files\StartNow Toolbar\Resources\skin\splitter.pngc:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.pngc:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.pngc:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.pngc:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.pngc:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.pngc:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.pngc:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.pngc:\program files\StartNow Toolbar\Resources\toolbar.xmlc:\program files\StartNow Toolbar\Resources\update.xmlc:\program files\StartNow Toolbar\search_protect.exec:\program files\StartNow Toolbar\StartNowToolbarUninstall.exec:\program files\StartNow Toolbar\Toolbar32.dllc:\program files\StartNow Toolbar\ToolbarBroker.exec:\program files\StartNow Toolbar\ToolbarUpdaterService.exec:\program files\StartNow Toolbar\uninstall.datc:\program files\StartNow Toolbar\XBrowser.dllc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\_ctypes.pydc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\_elementtree.pydc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\_hashlib.pydc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\_multiprocessing.pydc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\_socket.pydc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\_ssl.pydc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\pyexpat.pydc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\pysqlite2._sqlite.pydc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\python27.dllc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\pythoncom27.dllc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\PyWinTypes27.dllc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\select.pydc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\unicodedata.pydc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\win32api.pydc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\win32com.shell.shell.pydc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\win32crypt.pydc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\win32event.pydc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\win32file.pydc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\win32inet.pydc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\win32pdh.pydc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\win32process.pydc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\win32profile.pydc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\win32security.pydc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\win32ts.pydc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\windows._cacheinvalidation.pydc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\wx._controls_.pydc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\wx._core_.pydc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\wx._gdi_.pydc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\wx._html2.pydc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\wx._misc_.pydc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\wx._windows_.pydc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\wx._wizard.pydc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\wxbase294u_net_vc90.dllc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\wxbase294u_vc90.dllc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\wxmsw294u_adv_vc90.dllc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\wxmsw294u_core_vc90.dllc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\wxmsw294u_html_vc90.dllc:\users\NERISS~1\AppData\Local\Temp\_MEI34162\wxmsw294u_webview_vc90.dllc:\users\Nerissa Fox\AppData\Local\ArcadeCandy\caNDyex.dllc:\users\Nerissa Fox\AppData\Local\Plaxo\3.34.0.3\PlaxoSysTray.exec:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\_ctypes.pydc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\_elementtree.pydc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\_hashlib.pydc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\_multiprocessing.pydc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\_socket.pydc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\_ssl.pydc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\pyexpat.pydc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\pysqlite2._sqlite.pydc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\python27.dllc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\pythoncom27.dllc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\PyWinTypes27.dllc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\select.pydc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\unicodedata.pydc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\win32api.pydc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\win32com.shell.shell.pydc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\win32crypt.pydc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\win32event.pydc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\win32file.pydc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\win32inet.pydc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\win32pdh.pydc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\win32process.pydc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\win32profile.pydc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\win32security.pydc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\win32ts.pydc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\windows._cacheinvalidation.pydc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\wx._controls_.pydc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\wx._core_.pydc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\wx._gdi_.pydc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\wx._html2.pydc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\wx._misc_.pydc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\wx._windows_.pydc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\wx._wizard.pydc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\wxbase294u_net_vc90.dllc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\wxbase294u_vc90.dllc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\wxmsw294u_adv_vc90.dllc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\wxmsw294u_core_vc90.dllc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\wxmsw294u_html_vc90.dllc:\users\Nerissa Fox\AppData\Local\Temp\_MEI34162\wxmsw294u_webview_vc90.dllc:\users\Nerissa Fox\AppData\Roaming\.#c:\users\Nerissa Fox\g2mdlhlpx.exec:\windows\system32\Cachec:\windows\system32\Cache\26c630d098e22dd5.fbc:\windows\system32\Cache\272512937d9e61a4.fbc:\windows\system32\Cache\287204568329e189.fbc:\windows\system32\Cache\28bc8f716fd76a47.fbc:\windows\system32\Cache\2ae837cfa44d01fe.fbc:\windows\system32\Cache\2c1877e1f4d51f48.fbc:\windows\system32\Cache\2c53092c95605355.fbc:\windows\system32\Cache\31a0997e9a5b5eb3.fbc:\windows\system32\Cache\31b04c1c0834f807.fbc:\windows\system32\Cache\32c84fe32bb74d60.fbc:\windows\system32\Cache\3917078cb68ec657.fbc:\windows\system32\Cache\3c1a1884c74ddf40.fbc:\windows\system32\Cache\51ced760ec471375.fbc:\windows\system32\Cache\590ba23ce359fd0c.fbc:\windows\system32\Cache\610289e025a3ee9a.fbc:\windows\system32\Cache\651c5d3cdbfb8bd1.fbc:\windows\system32\Cache\6c59ac5e7e7a3ad0.fbc:\windows\system32\Cache\6d03dad1035885d3.fbc:\windows\system32\Cache\7c9beee9844c6041.fbc:\windows\system32\Cache\81fafd97f5d4f0f3.fbc:\windows\system32\Cache\95f567698be8a182.fbc:\windows\system32\Cache\9c2937c8aa5802d3.fbc:\windows\system32\Cache\a3e4b9e160ed1e3a.fbc:\windows\system32\Cache\a8556537add6dfc5.fbc:\windows\system32\Cache\a9cbe256285b3740.fbc:\windows\system32\Cache\ad10a52aff5e038d.fbc:\windows\system32\Cache\c1fa887b03019701.fbc:\windows\system32\Cache\c4d28dca2e7648be.fbc:\windows\system32\Cache\d201ef9910cd39de.fbc:\windows\system32\Cache\d2e94710a5708128.fbc:\windows\system32\Cache\d79b9dfe81484ec4.fbc:\windows\system32\Cache\dcf5dac0b9371f6b.fbc:\windows\system32\Cache\e0de16f883bea794.fbc:\windows\system32\Cache\f998975c9cc711ee.fb..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_Updater Service for StartNow Toolbar-------\Service_Updater Service for StartNow Toolbar..((((((((((((((((((((((((( Files Created from 2013-07-05 to 2013-08-05 )))))))))))))))))))))))))))))))..2013-08-05 21:42 . 2013-08-05 21:42 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS2013-08-05 21:42 . 2013-08-05 21:42 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS2013-08-05 21:42 . 2013-08-05 21:42 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS2013-08-05 21:42 . 2013-08-05 21:42 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS2013-08-05 21:42 . 2013-08-05 21:42 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS2013-08-05 21:42 . 2013-08-05 21:42 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS2013-08-05 21:42 . 2013-08-05 21:42 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS2013-08-05 21:42 . 2013-08-05 21:42 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS2013-08-05 21:42 . 2013-08-05 21:42 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS2013-08-05 21:42 . 2013-08-05 21:42 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS2013-08-05 21:42 . 2013-08-05 21:42 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS2013-08-05 21:42 . 2013-08-05 21:42 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS2013-08-05 21:41 . 2013-08-05 21:41 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS2013-08-05 21:41 . 2013-08-05 21:41 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS2013-08-05 21:41 . 2013-08-05 21:41 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS2013-08-05 21:41 . 2013-08-05 21:41 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS2013-08-05 21:41 . 2013-08-05 21:41 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS2013-08-05 21:37 . 2013-08-05 21:37 -------- d-----w- c:\users\Default\AppData\Local\temp2013-08-03 19:27 . 2013-08-05 20:56 -------- dc----w- C:\FRST2013-07-20 08:51 . 2013-07-20 08:51 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys2013-07-20 08:50 . 2013-07-20 08:50 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys2013-07-20 08:50 . 2013-07-20 08:50 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys2013-07-20 08:50 . 2013-07-20 08:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys2013-07-18 23:08 . 2013-07-18 23:08 -------- d-----w- c:\users\Nerissa Fox\AppData\Roaming\HotSync2013-07-18 22:41 . 2013-07-18 22:41 -------- d-----w- c:\users\Nerissa Fox\AppData\Roaming\SuperAdBlocker.com2013-07-18 22:37 . 2011-05-13 23:17 632656 ----a-w- c:\windows\system32\msvcr80.dll2013-07-18 22:37 . 2011-05-13 23:17 479232 ----a-w- c:\windows\system32\msvcm80.dll2013-07-18 22:37 . 2011-05-13 23:17 554832 ----a-w- c:\windows\system32\msvcp80.dll2013-07-17 01:56 . 1998-06-24 10:00 137000 ----a-w- c:\windows\system32\msmapi32.ocx2013-07-17 01:56 . 2013-07-17 01:56 -------- d-----w- c:\program files\Picture Resize2013-07-17 01:56 . 2013-07-17 01:56 -------- d-----w- c:\users\Nerissa Fox\AppData\Roaming\Bidgood Svcs2013-07-17 01:54 . 2013-08-05 21:35 -------- d-----w- c:\program files\OApps2013-07-10 08:32 . 2013-07-10 08:32 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-07-29 19:34 . 2012-07-21 17:19 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys2013-07-19 20:35 . 2013-07-19 20:36 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2013-07-19 20:35 . 2012-06-27 18:36 867240 ----a-w- c:\windows\system32\npdeployJava1.dll2013-07-19 20:35 . 2010-04-16 18:48 789416 ----a-w- c:\windows\system32\deployJava1.dll2013-07-01 08:45 . 2013-07-01 08:45 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys2013-06-11 23:17 . 2012-03-29 17:51 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-06-11 23:17 . 2011-05-18 16:43 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]2013-07-29 19:34 3086512 ----a-w- c:\program files\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}]2012-12-09 05:29 1624576 ----a-w- c:\program files\Dogpile Bundle Toolbar\Toolbar.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll" [2013-07-29 3086512]"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2012-12-09 1624576].[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}][HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1][HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj].[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}][HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1][HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}][HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar].[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2012-12-09 1624576].[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}][HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1][HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}][HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2011-12-05 19:17 94208 ----a-w- c:\users\Nerissa Fox\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2011-12-05 19:17 94208 ----a-w- c:\users\Nerissa Fox\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2011-12-05 19:17 94208 ----a-w- c:\users\Nerissa Fox\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2011-12-05 19:17 94208 ----a-w- c:\users\Nerissa Fox\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]2013-06-07 06:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2013-06-07 06:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2013-06-07 06:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]2013-06-07 06:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]2013-06-07 06:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]2013-06-07 06:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.c:\users\Nerissa Fox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 [2010-7-29 3656].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Connections.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Connections.lnkbackup=c:\windows\pss\HP Connections.lnk.CommonStartupbackupExtension=.CommonStartup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act! Preloader]2007-03-28 16:38 1015808 ------w- c:\program files\ACT\ACT for Windows\ActSage.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act.Outlook.Service]2007-03-28 16:43 9728 ------w- c:\program files\ACT\ACT for Windows\Act.Outlook.Service.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2011-04-27 08:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]2007-12-20 02:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]2012-09-27 18:08 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001.--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]bthsvcs REG_MULTI_SZ BthServWindowsMobile REG_MULTI_SZ wcescomm rapimgrLocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgrLocalServiceAndNoImpersonation REG_MULTI_SZ FontCacheHPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]2009-02-25 18:12 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]2011-04-03 18:35 114176 ----a-w- c:\windows\System32\advpack.dll.Contents of the 'Scheduled Tasks' folder.2013-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 23:17].2013-08-05 c:\windows\Tasks\CandyUpdater.job- c:\users\Nerissa Fox\AppData\Local\ArcadeCandy\candyUpdater.exe [2013-08-05 20:25].2013-08-05 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-27 22:42].2013-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 19:08].2013-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 19:08].2013-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3644431488-1808320650-4190770662-1000Core.job- c:\users\Nerissa Fox\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-06 18:51].2013-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3644431488-1808320650-4190770662-1000UA.job- c:\users\Nerissa Fox\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-06 18:51].2013-07-26 c:\windows\Tasks\HPCeeScheduleForNerissa Fox.job- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2006-12-18 00:08]..------- Supplementary Scan -------.mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.htmluInternet Settings,ProxyOverride = *.localIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000Trusted Zone: riverspiritbrewing.com\wwwTCP: DhcpNameServer = 192.168.1.1Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll.- - - - ORPHANS REMOVED - - - -.MSConfigStartUp-HotSync - c:\program files\PalmSource\Desktop\HotSync.exeMSConfigStartUp-PlaxoSysTray - c:\users\Nerissa Fox\AppData\Local\Plaxo\3.28.0.11\PlaxoSysTray.exeAddRemove-Bricks Of Egypt - c:\program files\Yahoo! Games\Bricks Of Egypt\Uninstall.exeAddRemove-Imation Disk Manager II Service - c:\users\NERISS~1\AppData\Local\Temp\Imation Disk Manager II.exeAddRemove-Scrabble - c:\users\Nerissa Fox\Desktop\Scrabble\Uninstall.exeAddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exeAddRemove-The Weather Channel App - c:\program files\The Weather Channel\The Weather Channel App\TheWeatherChannelCustomUninstall.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-08-05 14:46Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************. Link to post Share on other sites More sharing options...
cushdaddy Posted August 5, 2013 Author ID:711341 Share Posted August 5, 2013 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Data].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking 4.0.0.0].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Data Provider for Oracle].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Data Provider for SqlServer].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Memory Cache 4.0].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NETFramework].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ACPI]"ImagePath"="system32\drivers\acpi.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AddFiltr]"ImagePath"="\"c:\program files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdobeARMservice]"ImagePath"="\"c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdobeFlashPlayerUpdateSvc]"ImagePath"="c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adp94xx]"ImagePath"="\SystemRoot\system32\drivers\adp94xx.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpahci]"ImagePath"="\SystemRoot\system32\drivers\adpahci.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu160m]"ImagePath"="\SystemRoot\system32\drivers\adpu160m.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu320]"ImagePath"="\SystemRoot\system32\drivers\adpu320.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adsi].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AeLookupSvc]"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AFD]"ImagePath"="\SystemRoot\system32\drivers\afd.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AFS].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\agp440]"ImagePath"="\SystemRoot\system32\drivers\agp440.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aic78xx]"ImagePath"="\SystemRoot\system32\drivers\djsvs.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ALG]"ImagePath"="%SystemRoot%\System32\alg.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aliide]"ImagePath"="\SystemRoot\system32\drivers\aliide.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdagp]"ImagePath"="\SystemRoot\system32\drivers\amdagp.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdide]"ImagePath"="\SystemRoot\system32\drivers\amdide.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AmdK7]"ImagePath"="\SystemRoot\system32\drivers\amdk7.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AmdK8]"ImagePath"="\SystemRoot\system32\drivers\amdk8.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Appinfo]"ServiceDll"="%SystemRoot%\System32\appinfo.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Apple Mobile Device]"ImagePath"="\"c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AppMgmt]"ServiceDll"="%SystemRoot%\System32\appmgmts.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\arc]"ImagePath"="\SystemRoot\system32\drivers\arc.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\arcsas]"ImagePath"="\SystemRoot\system32\drivers\arcsas.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ASP.NET].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ASP.NET_1.1.4322].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ASP.NET_4.0.30319].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Aspi32].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aspnet_state]"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AsyncMac]"ImagePath"="system32\DRIVERS\asyncmac.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi]"ImagePath"="system32\drivers\atapi.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AudioEndpointBuilder]"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Audiosrv]"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSAgent]"ImagePath"="\"c:\program files\AVG\AVG2013\avgidsagent.exe\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSDriver]"ImagePath"="system32\DRIVERS\avgidsdriverx.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSHX]"ImagePath"="system32\DRIVERS\avgidshx.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSShim]"ImagePath"="system32\DRIVERS\avgidsshimx.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgldx86]"ImagePath"="system32\DRIVERS\avgldx86.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avglogx]"ImagePath"="system32\DRIVERS\avglogx.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgmfx86]"ImagePath"="system32\DRIVERS\avgmfx86.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgrkx86]"ImagePath"="system32\DRIVERS\avgrkx86.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgtdix]"ImagePath"="system32\DRIVERS\avgtdix.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgtp]"ImagePath"="\??\c:\windows\system32\drivers\avgtpx86.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgwd]"ImagePath"="\"c:\program files\AVG\AVG2013\avgwdsvc.exe\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BattC]"MofImagePath"="system32\drivers\battc.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BCM43XV]"ImagePath"="system32\DRIVERS\bcmwl6.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BCM43XX]"ImagePath"="system32\DRIVERS\bcmwl6.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Beep].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE]"ServiceDll"="%SystemRoot%\System32\bfe.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS]"ServiceDll"="%systemroot%\system32\qmgr.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\blbdrive]"ImagePath"="\SystemRoot\system32\drivers\blbdrive.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bonjour Service]"ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bowser]"ImagePath"="system32\DRIVERS\bowser.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrFiltLo]"ImagePath"="\SystemRoot\system32\drivers\brfiltlo.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrFiltUp]"ImagePath"="\SystemRoot\system32\drivers\brfiltup.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Browser]"ServiceDll"="%SystemRoot%\System32\browser.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Brserid]"ImagePath"="\SystemRoot\system32\drivers\brserid.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrSerWdm]"ImagePath"="\SystemRoot\system32\drivers\brserwdm.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrUsbMdm]"ImagePath"="\SystemRoot\system32\drivers\brusbmdm.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrUsbSer]"ImagePath"="\SystemRoot\system32\drivers\brusbser.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BthEnum]"ImagePath"="system32\DRIVERS\BthEnum.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHMODEM]"ImagePath"="\SystemRoot\system32\drivers\bthmodem.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BthPan]"ImagePath"="system32\DRIVERS\bthpan.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT]"ImagePath"="System32\Drivers\BTHport.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BthServ]"ServiceDll"="%SystemRoot%\System32\bthserv.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHUSB]"ImagePath"="System32\Drivers\BTHUSB.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\catchme]"ImagePath"="\??\c:\users\NERISS~1\AppData\Local\Temp\catchme.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdfs]"ImagePath"="system32\DRIVERS\cdfs.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdrom]"ImagePath"="system32\DRIVERS\cdrom.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CertPropSvc]"ServiceDll"="%SystemRoot%\System32\certprop.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\circlass]"ImagePath"="\SystemRoot\system32\drivers\circlass.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CLFS]"ImagePath"="System32\CLFS.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v2.0.50727_32]"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v4.0.30319_32]"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CLTNetCnService]"ImagePath"="\"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe\" /h ccCommon".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CmBatt]"ImagePath"="system32\DRIVERS\CmBatt.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdide]"ImagePath"="\SystemRoot\system32\drivers\cmdide.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CnxtHdAudService]"ImagePath"="system32\drivers\CHDRT32.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Compbatt]"ImagePath"="system32\DRIVERS\compbatt.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\COMSysApp]"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crcdisk]"ImagePath"="system32\drivers\crcdisk.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Crusoe]"ImagePath"="\SystemRoot\system32\drivers\crusoe.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crypt32].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CryptSvc]"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DCLocator].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DcomLaunch]"ServiceDll"="%SystemRoot%\system32\rpcss.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DfsC]"ImagePath"="System32\Drivers\dfsc.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DFSR]"ImagePath"="%SystemRoot%\system32\DFSR.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp]"ServiceDll"="%SystemRoot%\system32\dhcpcsvc.dll"--.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\disk]"ImagePath"="system32\drivers\disk.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dlbu_device]"ImagePath"="c:\windows\system32\dlbucoms.exe -service".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache]"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dot3svc]"ServiceDll"="%SystemRoot%\System32\dot3svc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dot4]"ImagePath"="system32\DRIVERS\Dot4.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dot4Print]"ImagePath"="system32\DRIVERS\Dot4Prt.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dot4Scan]"ImagePath"="system32\DRIVERS\Dot4Scan.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dot4usb]"ImagePath"="system32\DRIVERS\dot4usb.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DPS]"ServiceDll"="%SystemRoot%\system32\dps.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\drmkaud]"ImagePath"="system32\drivers\drmkaud.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DXGKrnl]"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\E100B]"ImagePath"="system32\DRIVERS\e100b325.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\E1G60]"ImagePath"="system32\DRIVERS\E1G60I32.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eabfiltr]"ImagePath"="system32\DRIVERS\eabfiltr.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eabusb].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EapHost]"ServiceDll"="%SystemRoot%\System32\eapsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ecache]"ImagePath"="System32\drivers\ecache.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehRecvr]"ImagePath"="%systemroot%\ehome\ehRecvr.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehSched]"ImagePath"="%systemroot%\ehome\ehsched.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehstart]"ServiceDll"="%SystemRoot%\ehome\ehstart.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\elxstor]"ImagePath"="\SystemRoot\system32\drivers\elxstor.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EmdCache].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EMDMgmt]"ServiceDll"="%systemroot%\system32\emdmgmt.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ESENT].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog]"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem]"ServiceDll"="%systemroot%\system32\es.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\exfat].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fastfat].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdc]"ImagePath"="system32\DRIVERS\fdc.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdPHost]"ServiceDll"="%SystemRoot%\system32\fdPHost.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FDResPub]"ServiceDll"="%SystemRoot%\system32\fdrespub.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FileInfo]"ImagePath"="system32\drivers\fileinfo.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Filetrace]"ImagePath"="system32\drivers\filetrace.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\flpydisk]"ImagePath"="system32\DRIVERS\flpydisk.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FltMgr]"ImagePath"="system32\drivers\fltmgr.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache]"ServiceDll"="%SystemRoot%\system32\FntCache.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache3.0.0.0]"ImagePath"="%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fs_Rec].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gagp30kx]"ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GameConsoleService]"ImagePath"="\"c:\program files\HP Games\My HP Game Console\GameConsoleService.exe\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GEARAspiWDM]"ImagePath"="System32\Drivers\GEARAspiWDM.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gpsvc]"ServiceDll"="%SystemRoot%\System32\gpsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gupdate]"ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /svc".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gupdatem]"ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /medsvc".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gusvc]"ImagePath"="\"c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HBtnKey]"ImagePath"="system32\DRIVERS\cpqbttn.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HdAudAddService]"ImagePath"="system32\drivers\CHDART.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HDAudBus]"ImagePath"="system32\DRIVERS\HDAudBus.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidBth]"ImagePath"="\SystemRoot\system32\drivers\hidbth.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidIr]"ImagePath"="\SystemRoot\system32\drivers\hidir.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hidserv]"ServiceDll"="%SystemRoot%\System32\hidserv.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidUsb]"ImagePath"="system32\DRIVERS\hidusb.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hkmsvc]"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HP Health Check Service]"ImagePath"="\"c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HpCISSs]"ImagePath"="\SystemRoot\system32\drivers\hpcisss.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hpqwmiex]"ImagePath"="c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HSFHWAZL]"ImagePath"="system32\DRIVERS\VSTAZL3.SYS".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HSF_DPV]"ImagePath"="system32\DRIVERS\HSX_DPV.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HSXHWAZL]"ImagePath"="system32\DRIVERS\HSXHWAZL.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTP]"ImagePath"="system32\drivers\HTTP.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i2omp]"ImagePath"="\SystemRoot\system32\drivers\i2omp.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt]"ImagePath"="system32\DRIVERS\i8042prt.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ialm]"ImagePath"="system32\DRIVERS\igdkmd32.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iaStorV]"ImagePath"="\SystemRoot\system32\drivers\iastorv.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IDriverT]"ImagePath"="\"c:\program files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\idsvc]"ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\igfx]"ImagePath"="system32\DRIVERS\igdkmd32.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iirsp]"ImagePath"="\SystemRoot\system32\drivers\iirsp.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IKEEXT]"ServiceDll"="%SystemRoot%\System32\ikeext.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\inetaccs].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\intelide]"ImagePath"="system32\drivers\intelide.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\intelppm]"ImagePath"="system32\DRIVERS\intelppm.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPBusEnum]"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver]"ImagePath"="system32\DRIVERS\ipfltdrv.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvc]"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpInIp]"ImagePath"="system32\DRIVERS\ipinip.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPMIDRV]"ImagePath"="\SystemRoot\system32\drivers\ipmidrv.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPNAT]"ImagePath"="system32\DRIVERS\ipnat.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iPod Service]"ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IRENUM]"ImagePath"="system32\drivers\irenum.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\isapnp]"ImagePath"="\SystemRoot\system32\drivers\isapnp.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iScsiPrt]"ImagePath"="system32\DRIVERS\msiscsi.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iteatapi]"ImagePath"="\SystemRoot\system32\drivers\iteatapi.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iteraid]"ImagePath"="\SystemRoot\system32\drivers\iteraid.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbdclass]"ImagePath"="system32\DRIVERS\kbdclass.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbdhid]"ImagePath"="system32\DRIVERS\kbdhid.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KeyIso]"ImagePath"="%SystemRoot%\system32\lsass.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KSecDD]"ImagePath"="System32\Drivers\ksecdd.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KtmRm]"ServiceDll"="%systemroot%\system32\msdtckrm.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer]"ServiceDll"="%SystemRoot%\System32\srvsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanWorkstation]"ServiceDll"="%SystemRoot%\System32\wkssvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ldap].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LightScribeService]"ImagePath"="\"c:\program files\Common Files\LightScribe\LSSrvc.exe\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdio]"ImagePath"="system32\DRIVERS\lltdio.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdsvc]"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lmhosts]"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Lsa].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_FC]"ImagePath"="\SystemRoot\system32\drivers\lsi_fc.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SAS]"ImagePath"="\SystemRoot\system32\drivers\lsi_sas.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SCSI]"ImagePath"="\SystemRoot\system32\drivers\lsi_scsi.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\luafv]"ImagePath"="\SystemRoot\system32\drivers\luafv.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mcx2Svc]"ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mdmxsdk]"ImagePath"="system32\DRIVERS\mdmxsdk.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\megasas]"ImagePath"="\SystemRoot\system32\drivers\megasas.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Microsoft Office Groove Audit Service]"ImagePath"="\"c:\program files\Microsoft Office\Office12\GrooveAuditService.exe\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MMCSS]"ServiceDll"="%SystemRoot%\system32\mmcss.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Modem]"ImagePath"="system32\drivers\modem.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\monitor]"ImagePath"="system32\DRIVERS\monitor.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouclass]"ImagePath"="system32\DRIVERS\mouclass.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouhid]"ImagePath"="system32\DRIVERS\mouhid.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MountMgr]"ImagePath"="System32\drivers\mountmgr.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mpio]"ImagePath"="\SystemRoot\system32\drivers\mpio.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mpsdrv]"ImagePath"="System32\drivers\mpsdrv.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc]"ServiceDll"="%SystemRoot%\system32\mpssvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mraid35x]"ImagePath"="\SystemRoot\system32\drivers\mraid35x.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxDAV]"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb]"ImagePath"="system32\DRIVERS\mrxsmb.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb10]"ImagePath"="system32\DRIVERS\mrxsmb10.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb20]"ImagePath"="system32\DRIVERS\mrxsmb20.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msahci]"ImagePath"="system32\drivers\msahci.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msdsm]"ImagePath"="\SystemRoot\system32\drivers\msdsm.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC]"ImagePath"="%SystemRoot%\System32\msdtc.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 3.0.0.0].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 4.0.0.0].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Msfs].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msisadrv]"ImagePath"="system32\drivers\msisadrv.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSiSCSI]"ServiceDll"="%systemroot%\system32\iscsiexe.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiserver]"ImagePath"="%systemroot%\system32\msiexec.exe /V".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSKSSRV]"ImagePath"="system32\drivers\MSKSSRV.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPCLOCK]"ImagePath"="system32\drivers\MSPCLOCK.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPQM]"ImagePath"="system32\drivers\MSPQM.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsRPC].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSSCNTRS].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mssmbios]"ImagePath"="system32\DRIVERS\mssmbios.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSSQL$ACT7]"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe\" -sACT7".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSSQLServerADHelper]"ImagePath"="\"c:\program files\Microsoft SQL Server\90\Shared\sqladhlp90.exe\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSTEE]"ImagePath"="system32\drivers\MSTEE.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mup]"ImagePath"="System32\Drivers\mup.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\napagent]"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NativeWifiP]"ImagePath"="system32\DRIVERS\nwifi.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDIS]"ImagePath"="system32\drivers\ndis.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisTapi]"ImagePath"="system32\DRIVERS\ndistapi.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ndisuio]"ImagePath"="system32\DRIVERS\ndisuio.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisWan]"ImagePath"="system32\DRIVERS\ndiswan.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDProxy].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Net Driver HPZ12]"ServiceDll"="c:\windows\system32\HPZinw12.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBIOS]"ImagePath"="system32\DRIVERS\netbios.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netbt]"ImagePath"="System32\DRIVERS\netbt.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon]"ImagePath"="%SystemRoot%\system32\lsass.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netman]"ServiceDll"="%SystemRoot%\System32\netman.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetMsmqActivator]"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe\" -NetMsmqActivator".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetPipeActivator]"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netprofm]"ServiceDll"="%SystemRoot%\System32\netprofm.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetTcpActivator]"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetTcpPortSharing]"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NETw3v32]"ImagePath"="system32\DRIVERS\NETw3v32.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nfrd960]"ImagePath"="\SystemRoot\system32\drivers\nfrd960.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NlaSvc]"ServiceDll"="%SystemRoot%\System32\nlasvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NMIndexingService]"ImagePath"="\"c:\program files\Common Files\Nero\Lib\NMIndexingService.exe\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Npfs].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsi]"ServiceDll"="%systemroot%\system32\nsisvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsiproxy]"ImagePath"="system32\drivers\nsiproxy.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NTDS].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ntfs].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ntrigdigi]"ImagePath"="\SystemRoot\system32\drivers\ntrigdigi.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NuidFltr]"ImagePath"="system32\DRIVERS\NuidFltr.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Null].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvraid]"ImagePath"="\SystemRoot\system32\drivers\nvraid.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvstor]"ImagePath"="\SystemRoot\system32\drivers\nvstor.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nv_agp]"ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFlt]"ImagePath"="system32\DRIVERS\nwlnkflt.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFwd]"ImagePath"="system32\DRIVERS\nwlnkfwd.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\odserv]"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ohci1394]"ImagePath"="system32\DRIVERS\ohci1394.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ose]"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Outlook].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2pimsvc]"ServiceDll"="%SystemRoot%\system32\p2psvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2psvc]"ServiceDll"="%SystemRoot%\system32\p2psvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PalmUSBD]"ImagePath"="system32\drivers\PalmUSBD.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Parport]"ImagePath"="\SystemRoot\system32\drivers\parport.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgr]"ImagePath"="System32\drivers\partmgr.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Parvdm]"ImagePath"="\SystemRoot\system32\drivers\parvdm.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PcaSvc]"ServiceDll"="%SystemRoot%\System32\pcasvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pci]"ImagePath"="system32\drivers\pci.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pciide]"ImagePath"="\SystemRoot\system32\drivers\pciide.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcmcia]"ImagePath"="\SystemRoot\system32\drivers\pcmcia.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PEAUTH]"ImagePath"="system32\drivers\peauth.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfDisk].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfNet].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfOS].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfProc].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pla]"ServiceDll"="%systemroot%\system32\pla.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PlugPlay]"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Pml Driver HPZ12]"ServiceDll"="c:\windows\system32\HPZipm12.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPAutoReg]"ServiceDll"="%SystemRoot%\system32\p2psvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPsvc]"ServiceDll"="%SystemRoot%\system32\p2psvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PolicyAgent]"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PortProxy].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PptpMiniport]"ImagePath"="system32\DRIVERS\raspptp.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Processor]"ImagePath"="\SystemRoot\system32\drivers\processr.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProfSvc]"ServiceDll"="%systemroot%\system32\profsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtectedStorage]"ImagePath"="%SystemRoot%\system32\lsass.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSched]"ImagePath"="system32\DRIVERS\pacer.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PxHelp20]"ImagePath"="System32\Drivers\PxHelp20.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql2300]"ImagePath"="\SystemRoot\system32\drivers\ql2300.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql40xx]"ImagePath"="\SystemRoot\system32\drivers\ql40xx.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QPCapSvc]"ImagePath"="\"c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe\"\00\00\12\00\00\00\12\00\00\00¤‡0wc:\program files\HP\QuickPlay\Kernel\TV\Ca".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QPSched]"ImagePath"="\"c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe\"\00a\00y\00\\00K\00e\00r\00n\00e\00l\00\\00T\00V\00\\00Q\00P\00C\00a\00p\00S\00v\00c\00.\00e\00x\00e".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QWAVE]"ServiceDll"="%windir%\system32\qwave.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QWAVEdrv]"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RapiMgr]"ServiceDll"="%windir%\WindowsMobile\rapimgr.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAcd]"ImagePath"="System32\DRIVERS\rasacd.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAuto]"ServiceDll"="%SystemRoot%\System32\rasauto.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Rasl2tp]"ImagePath"="system32\DRIVERS\rasl2tp.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan]"ServiceDll"="%SystemRoot%\System32\rasmans.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasPppoe]"ImagePath"="system32\DRIVERS\raspppoe.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasSstp]"ImagePath"="system32\DRIVERS\rassstp.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdbss]"ImagePath"="system32\DRIVERS\rdbss.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPCDD]"ImagePath"="System32\DRIVERS\RDPCDD.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPDD].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdpdr]"ImagePath"="\SystemRoot\system32\drivers\rdpdr.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPENCDD]"ImagePath"="system32\drivers\rdpencdd.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPNP].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPWD].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess]"ServiceDLL"="%SystemRoot%\System32\mprdim.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry]"ServiceDll"="%SystemRoot%\system32\regsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RFCOMM]"ImagePath"="system32\DRIVERS\rfcomm.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rimmptsk]"ImagePath"="system32\DRIVERS\rimmptsk.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rimsptsk]"ImagePath"="system32\DRIVERS\rimsptsk.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rismxdp]"ImagePath"="system32\DRIVERS\rixdptsk.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RoxMediaDB9]"ImagePath"="\"c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcLocator]"ImagePath"="%SystemRoot%\system32\locator.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcSs]"ServiceDll"="%SystemRoot%\system32\rpcss.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rspndr]"ImagePath"="system32\DRIVERS\rspndr.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SABKUTIL]"ImagePath"="\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SABProcEnum]"ImagePath"="\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SamSs]"ImagePath"="%SystemRoot%\system32\lsass.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sbp2port]"ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCardSvr]"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Schedule]"ServiceDll"="%systemroot%\system32\schedsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCPolicySvc]"ServiceDll"="%SystemRoot%\System32\certprop.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sdbus]"ImagePath"="system32\DRIVERS\sdbus.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SDRSVC]"ServiceDll"="%Systemroot%\System32\SDRSVC.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\secdrv].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seclogon]"ServiceDll"="%windir%\system32\seclogon.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENS]"ServiceDll"="%SystemRoot%\system32\sens.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Serenum]"ImagePath"="\SystemRoot\system32\drivers\serenum.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Serial]"ImagePath"="\SystemRoot\system32\drivers\serial.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sermouse]"ImagePath"="\SystemRoot\system32\drivers\sermouse.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelOperation 3.0.0.0].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelService 3.0.0.0].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SessionEnv]"ServiceDLL"="%SystemRoot%\system32\sessenv.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffdisk]"ImagePath"="system32\DRIVERS\sffdisk.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffp_mmc]"ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffp_sd]"ImagePath"="system32\DRIVERS\sffp_sd.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sfloppy]"ImagePath"="\SystemRoot\system32\drivers\sfloppy.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess]"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetection]"ServiceDll"="%SystemRoot%\System32\shsvcs.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sisagp]"ImagePath"="\SystemRoot\system32\drivers\sisagp.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SiSRaid2]"ImagePath"="\SystemRoot\system32\drivers\sisraid2.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SiSRaid4]"ImagePath"="\SystemRoot\system32\drivers\sisraid4.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\slsvc]"ImagePath"="%SystemRoot%\system32\SLsvc.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SLUINotify]"ServiceDll"="%SystemRoot%\system32\SLUINotify.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Smb]"ImagePath"="system32\DRIVERS\smb.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SMSvcHost 3.0.0.0].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SMSvcHost 4.0.0.0].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SNMPTRAP]"ImagePath"="%SystemRoot%\System32\snmptrap.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\spldr].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Spooler]"ImagePath"="%SystemRoot%\System32\spoolsv.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SQLBrowser]"ImagePath"="\"c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SQLWriter]"ImagePath"="\"c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srv]"ImagePath"="System32\DRIVERS\srv.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srv2]"ImagePath"="System32\DRIVERS\srv2.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srvnet]"ImagePath"="System32\DRIVERS\srvnet.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSDPSRV]"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SstpSvc]"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\stisvc]"ServiceDll"="%SystemRoot%\System32\wiaservc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\stllssvr]"ImagePath"="\"c:\program files\Common Files\SureThing Shared\stllssvr.exe\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum]"ImagePath"="system32\DRIVERS\swenum.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swprv]"ServiceDll"="%Systemroot%\System32\swprv.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Symc8xx]"ImagePath"="\SystemRoot\system32\drivers\symc8xx.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sym_hi]"ImagePath"="\SystemRoot\system32\drivers\sym_hi.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sym_u3]"ImagePath"="\SystemRoot\system32\drivers\sym_u3.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SynTP]"ImagePath"="system32\DRIVERS\SynTP.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysMain]"ServiceDll"="%systemroot%\system32\sysmain.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TabletInputService]"ServiceDll"="%SystemRoot%\System32\TabSvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TapiSrv]"ServiceDll"="%SystemRoot%\System32\tapisrv.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TBS]"ServiceDll"="%SystemRoot%\System32\tbssvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip]"ImagePath"="System32\drivers\tcpip.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6]"ImagePath"="system32\DRIVERS\tcpip.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcpipreg]"ImagePath"="System32\drivers\tcpipreg.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDPIPE]"ImagePath"="system32\drivers\tdpipe.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDTCP]"ImagePath"="system32\drivers\tdtcp.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdx]"ImagePath"="system32\DRIVERS\tdx.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermDD]"ImagePath"="system32\DRIVERS\termdd.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermService]"ServiceDll"="%SystemRoot%\System32\termsrv.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Themes]"ServiceDll"="%SystemRoot%\system32\shsvcs.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\THREADORDER]"ServiceDll"="%SystemRoot%\system32\mmcss.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWks]"ServiceDll"="%SystemRoot%\System32\trkwks.dll"--.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrustedInstaller]"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TSDDD].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tssecsrv]"ImagePath"="System32\DRIVERS\tssecsrv.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tunmp]"ImagePath"="system32\DRIVERS\tunmp.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tunnel]"ImagePath"="system32\DRIVERS\tunnel.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uagp35]"ImagePath"="\SystemRoot\system32\drivers\uagp35.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\udfs]"ImagePath"="system32\DRIVERS\udfs.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UGatherer].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UGTHRSVC].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UI0Detect]"ImagePath"="%SystemRoot%\system32\UI0Detect.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UIUSys].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uliagpkx]"ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uliahci]"ImagePath"="\SystemRoot\system32\drivers\uliahci.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UlSata]"ImagePath"="\SystemRoot\system32\drivers\ulsata.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ulsata2]"ImagePath"="\SystemRoot\system32\drivers\ulsata2.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\umbus]"ImagePath"="system32\DRIVERS\umbus.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\upnphost]"ServiceDll"="%SystemRoot%\System32\upnphost.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usb].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbccgp]"ImagePath"="system32\DRIVERS\usbccgp.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbcir]"ImagePath"="\SystemRoot\system32\drivers\usbcir.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbehci]"ImagePath"="system32\DRIVERS\usbehci.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbhub]"ImagePath"="system32\DRIVERS\usbhub.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbohci]"ImagePath"="\SystemRoot\system32\drivers\usbohci.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbprint]"ImagePath"="system32\DRIVERS\usbprint.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbscan]"ImagePath"="system32\DRIVERS\usbscan.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBSTOR]"ImagePath"="system32\DRIVERS\USBSTOR.SYS".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbuhci]"ImagePath"="system32\DRIVERS\usbuhci.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UStorage Server Service]"ImagePath"="c:\windows\system32\UStorSrv.exe /Service".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UxSms]"ServiceDll"="%SystemRoot%\System32\uxsms.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vds]"ImagePath"="%SystemRoot%\System32\vds.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vga]"ImagePath"="system32\DRIVERS\vgapnp.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VgaSave]"ImagePath"="\SystemRoot\System32\drivers\vga.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\viaagp]"ImagePath"="\SystemRoot\system32\drivers\viaagp.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ViaC7]"ImagePath"="\SystemRoot\system32\drivers\viac7.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\viaide]"ImagePath"="\SystemRoot\system32\drivers\viaide.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volmgr]"ImagePath"="system32\drivers\volmgr.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volmgrx]"ImagePath"="System32\drivers\volmgrx.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volsnap]"ImagePath"="system32\drivers\volsnap.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vsmraid]"ImagePath"="\SystemRoot\system32\drivers\vsmraid.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS]"ImagePath"="%systemroot%\system32\vssvc.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vToolbarUpdater15.4.0]"ImagePath"="c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time]"ServiceDll"="%systemroot%\system32\w32time.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W3SVC].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WacomPen]"ImagePath"="\SystemRoot\system32\drivers\wacompen.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wanarp]"ImagePath"="system32\DRIVERS\wanarp.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wanarpv6]"ImagePath"="system32\DRIVERS\wanarp.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WcesComm]"ServiceDll"="%windir%\WindowsMobile\wcescomm.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wcncsvc]"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WcsPlugInService]"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wd]"ImagePath"="\SystemRoot\system32\drivers\wd.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wdf01000]"ImagePath"="system32\drivers\Wdf01000.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdiServiceHost]"ServiceDll"="%SystemRoot%\system32\wdi.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdiSystemHost]"ServiceDll"="%SystemRoot%\system32\wdi.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebClient]"ServiceDll"="%SystemRoot%\System32\webclnt.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebPost].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wecsvc]"ServiceDll"="%SystemRoot%\system32\wecsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wercplsupport]"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WerSvc]"ServiceDll"="%SystemRoot%\System32\WerSvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winachsf]"ImagePath"="system32\DRIVERS\HSX_CNXT.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDefend]"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Workflow Foundation 4.0.0.0].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinHttpAutoProxySvc]"ServiceDll"="winhttp.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winmgmt]"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinRM]"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winusb]"ImagePath"="system32\DRIVERS\winusb.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wlansvc]"ServiceDll"="%SystemRoot%\System32\wlansvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wlidsvc]"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiAcpi]"ImagePath"="system32\DRIVERS\wmiacpi.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiApRpl].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wmiApSrv]"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WMPNetworkSvc]"ImagePath"="\"%ProgramFiles%\Windows Media Player\wmpnetwk.exe\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPCSvc]"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPDBusEnum]"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WpdUsb]"ImagePath"="system32\DRIVERS\wpdusb.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPFFontCache_v0400]"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ws2ifsl]"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSearch]"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSearchIdxPi].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv]"ServiceDll"="%systemroot%\system32\wuaueng.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WUDFRd]"ImagePath"="system32\DRIVERS\WUDFRd.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wudfsvc]"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XAudio]"ImagePath"="system32\DRIVERS\xaudio.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XAudioService]"ImagePath"="%SystemRoot%\system32\DRIVERS\xaudio.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\YahooAUService]"ImagePath"="\"c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{3FF3BBE2-486F-4C4D-BA82-376F2B16C76E}].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{A421DFC0-23E3-452A-BA2A-3B86B86FAEA5}].--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'Explorer.exe'(1884)c:\users\Nerissa Fox\AppData\Roaming\Dropbox\bin\DropboxExt.14.dllc:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll.------------------------ Other Running Processes ------------------------.c:\progra~1\AVG\AVG2013\avgrsx.exec:\program files\AVG\AVG2013\avgcsrvx.exec:\program files\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\AVG\AVG2013\avgidsagent.exec:\program files\Google\Update\1.3.21.153\GoogleCrashHandler.exec:\program files\AVG\AVG2013\avgwdsvc.exec:\program files\Bonjour\mDNSResponder.exec:\windows\system32\dlbucoms.exec:\program files\Common Files\LightScribe\LSSrvc.exec:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exec:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exec:\program files\AVG\AVG2013\avgnsx.exec:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exec:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exec:\windows\system32\UStorSrv.exec:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEc:\windows\system32\DRIVERS\xaudio.exec:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exec:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exec:\program files\HP\QuickPlay\Kernel\TV\QPSched.exec:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exec:\windows\system32\wbem\unsecapp.exec:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe.**************************************************************************.Completion time: 2013-08-05 14:55:04 - machine was rebootedComboFix-quarantined-files.txt 2013-08-05 21:55.Pre-Run: 2,591,379,456 bytes freePost-Run: 4,676,186,112 bytes free.- - End Of File - - E54CEB1C19CFD1861C4B9BE331FA57F91A1A06F62E891045814007163C1C76C3 Link to post Share on other sites More sharing options...
cushdaddy Posted August 5, 2013 Author ID:711380 Share Posted August 5, 2013 The log for the combofix was so big I had to cut and paste it in two parts. Just so you know I am still getting pop ups from Links and from arcarecandy adverttzing Link to post Share on other sites More sharing options...
Staff CatByte Posted August 6, 2013 Staff ID:711388 Share Posted August 6, 2013 Hello, We still have more work to do, so stay with me. Please run the following: Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can. MBAR tutorial Download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt~~~~~~~~~~~~~~~~~~~~~~~ Note: <<<This step is very important >>> If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional: Internet access Windows Update Windows Firewall If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit located in the mbar\plugins folder and reboot. Verify that your system is now functioning normally. NEXT Please download Junkware Removal Tool to your desktop.Shutdown your antivirus to avoid any conflicts.Right-mouse click JRT.exe and select Run as administratorThe tool will open and start scanning your system.Please be patient as this can take a while to complete.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message NEXT Download AdwCleaner from here and save it to your desktop.Run AdwCleaner and select DeleteOnce done it will ask to reboot, allow the rebootOn reboot a log will be produced, please attach the content of the log to your next reply Link to post Share on other sites More sharing options...
cushdaddy Posted August 8, 2013 Author ID:712607 Share Posted August 8, 2013 Malwarebytes Anti-Rootkit BETA 1.06.0.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.0.6002 Windows Vista Service Pack 2 x86 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_33 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 1.729000 GHzMemory total: 1599406080, free: 434061312 Downloaded database version: v2013.08.08.06Downloaded database version: v2013.08.06.01Initializing...------------ Kernel report ------------ 08/08/2013 12:37:08------------ Loaded modules -----------\SystemRoot\system32\ntkrnlpa.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\BOOTVID.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\acpi.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\drivers\intelide.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\System32\Drivers\AFS.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\PxHelp20.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\msrpc.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\ecache.sys\SystemRoot\system32\drivers\disk.sys\SystemRoot\system32\drivers\CLASSPNP.SYS\SystemRoot\system32\drivers\crcdisk.sys\SystemRoot\system32\DRIVERS\avgrkx86.sys\SystemRoot\system32\DRIVERS\avglogx.sys\SystemRoot\system32\DRIVERS\avgmfx86.sys\SystemRoot\system32\DRIVERS\avgidshx.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\tunmp.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\wmiacpi.sys\SystemRoot\system32\DRIVERS\igdkmd32.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\bcmwl6.sys\SystemRoot\system32\DRIVERS\usbuhci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\ohci1394.sys\SystemRoot\system32\DRIVERS\1394BUS.SYS\SystemRoot\system32\DRIVERS\sdbus.sys\SystemRoot\system32\DRIVERS\rimmptsk.sys\SystemRoot\system32\DRIVERS\rimsptsk.sys\SystemRoot\system32\DRIVERS\rixdptsk.sys\SystemRoot\system32\DRIVERS\e100b325.sys\SystemRoot\system32\DRIVERS\cpqbttn.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\System32\Drivers\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\msiscsi.sys\SystemRoot\system32\DRIVERS\storport.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\drivers\CHDRT32.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\DRIVERS\HSXHWAZL.sys\SystemRoot\system32\DRIVERS\HSX_DPV.sys\SystemRoot\system32\DRIVERS\HSX_CNXT.sys\SystemRoot\system32\drivers\modem.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\Fs_Rec.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\??\C:\Windows\system32\drivers\avgtpx86.sys\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\System32\DRIVERS\rasacd.sys\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\avgtdix.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\DRIVERS\smb.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\eabfiltr.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\avgldx86.sys\SystemRoot\system32\DRIVERS\avgidsshimx.sys\SystemRoot\system32\DRIVERS\avgidsdriverx.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_dumpata.sys\SystemRoot\System32\Drivers\dump_msahci.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\drivers\spsys.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\drivers\mrxdav.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\mdmxsdk.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\system32\DRIVERS\xaudio.sys\SystemRoot\system32\drivers\tdtcp.sys\SystemRoot\System32\DRIVERS\tssecsrv.sys\SystemRoot\System32\Drivers\RDPWD.SYS\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\system32\DRIVERS\cdfs.sys\SystemRoot\system32\DRIVERS\udfs.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff854fb928Upper Device Driver Name: \Driver\disk\Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-2\Lower Device Object: 0xffffffff84aa88a0Lower Device Driver Name: \Driver\atapi\<<<2>>>Device number: 0, partition: 1Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff854fb928, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\--------- Disk Stack ------DevicePointer: 0xffffffff854fb548, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff854fb928, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\DevicePointer: 0xffffffff84aa88a0, DeviceName: \Device\Ide\IdeDeviceP1T0L0-2\, DriverName: \Driver\atapi\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>>Device number: 0, partition: 1<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\Windows\system32\drivers...<<<2>>>Device number: 0, partition: 1<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 6125DB67 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 220684842 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 220684905 Numsec = 13751640 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 120034123776 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-234421648-234441648)...Done!Infected: c:\Windows\System32\f3PSSavr.scr --> [Trojan.Agent]Scan finishedCreating System Restore point...Cleaning up...Removal scheduling successful. System shutdown needed.System shutdown occurred======================================= Removal queue found; removal startedRemoving c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_63_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...Removal finished Link to post Share on other sites More sharing options...
cushdaddy Posted August 8, 2013 Author ID:712608 Share Posted August 8, 2013 Malwarebytes Anti-Rootkit BETA 1.06.0.1004www.malwarebytes.org Database version: v2013.08.08.06 Windows Vista Service Pack 2 x86 NTFSInternet Explorer 9.0.8112.16421Nerissa Fox :: FOXY [administrator] 8/8/2013 12:37:16 PMmbar-log-2013-08-08 (12-37-16).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2PScan options disabled: PUPObjects scanned: 241253Time elapsed: 32 minute(s), 29 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 1c:\Windows\System32\f3PSSavr.scr (Trojan.Agent) -> Delete on reboot. Physical Sectors Detected: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
cushdaddy Posted August 8, 2013 Author ID:712611 Share Posted August 8, 2013 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.3.8 (08.07.2013:4)OS: Windows Vista Home Premium x86Ran by Nerissa Fox on Thu 08/08/2013 at 13:32:26.21~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dw7Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3644431488-1808320650-4190770662-1000\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\freecauseurlsearchhook.fctoolbarurlsearchhookSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\freecauseurlsearchhook.fctoolbarurlsearchhook.1Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistpluginSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dllSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exeSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\toolbar.dllSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\toolbarbroker.exeSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dllSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettingsSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\imSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstallerSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetimSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\trolltechSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\fun web productsSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\funwebproductsSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\mywebsearchSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Successfully deleted: [Registry Key] "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3644431488-1808320650-4190770662-1000\Software\SweetIM"Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetimSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwndSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fefSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fefSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocolSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapiSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.bandobjectSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.bandobject.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.toolbarhelperobjectSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.toolbarhelperobject.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocololeSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zgclnt.mngrSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zgclnt.mngr.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000060231.FCTB000060231PosSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000060231.FCTB000060231Pos.1Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000060231.IEToolbarSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000060231.JSOptionsImplSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000060231.JSOptionsImpl.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000060231.FCTB000060231PosSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000060231.FCTB000060231Pos.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000060231.IEToolbarSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000060231.IEToolbar.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000060231.JSOptionsImplSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000060231.JSOptionsImpl.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2438727Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6294E6E6-04B2-4E27-8CD6-65433324A509}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{93C55396-0D8E-4C41-A983-22835AF7BE18}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{93C55396-0D8E-4C41-A983-22835AF7BE18}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"Successfully deleted: [Registry Key] "hkey_current_user\software\apn"Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\interface\{ac71b60e-94c9-4ede-ba46-e146747bb67e}"Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\typelib\{2996f0e7-292b-4cae-893f-47b8b1c05b56}"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0cfe535c35f99574e8340bfa75bf92c2"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\120dfadeb50841f408f04d2a278f9509"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\261f213d1f55267499b1f87d0cc3bcf7"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\741b4adf27276464790022c965ab6da8"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\7de196b10195f5647a2b21b761f3de01"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9d4f5849367142e4685ed8c25e44c5ed"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a5875b04372c19545beb90d4d606c472"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a876d9e80b896ec44a8620248cc79296"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\b66ffab725b92594c986de826a867888"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\a28b4d68debaa244eb686953b7074fef"Successfully deleted: [Registry Key] "hkey_local_machine\software\pip" ~~~ Files Successfully deleted [File] C:\Windows\Tasks\candyupdater.jobSuccessfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"Successfully deleted: [File] "C:\Users\Public\Desktop\play more great games!.url"Successfully deleted: [File] "C:\Windows\couponprinter.ocx" ~~~ Folders Successfully deleted: [Folder] C:\Users\Nerissa Fox\AppData\LocalLow\FCTB000060231Successfully deleted: [Folder] "C:\ProgramData\apn"Successfully deleted: [Folder] "C:\ProgramData\tarma installer"Successfully deleted: [Folder] "C:\ProgramData\trymedia"Successfully deleted: [Folder] "C:\Users\Nerissa Fox\AppData\Roaming\iwin"Successfully deleted: [Folder] "C:\Users\Nerissa Fox\AppData\Roaming\opencandy"Successfully deleted: [Folder] "C:\Users\Nerissa Fox\AppData\Roaming\startnow toolbar"Successfully deleted: [Folder] "C:\Users\Nerissa Fox\appdata\local\apn"Successfully deleted: [Folder] "C:\Users\Nerissa Fox\appdata\local\arcadecandy"Successfully deleted: [Folder] "C:\Users\Nerissa Fox\appdata\local\conduit"Successfully deleted: [Folder] "C:\Users\Nerissa Fox\appdata\local\opencandy"Successfully deleted: [Folder] "C:\Users\Nerissa Fox\appdata\locallow\funwebproducts"Successfully deleted: [Folder] "C:\Users\Nerissa Fox\appdata\locallow\mywebsearch"Successfully deleted: [Folder] "C:\Program Files\coupons"Successfully deleted: [Folder] "C:\Program Files\dogpile bundle toolbar"Successfully deleted: [Folder] "C:\Program Files\oapps"Successfully deleted: [Folder] "C:\Program Files\trymedia"Successfully deleted: [Folder] "C:\Program Files\zynga"Successfully deleted: [Folder] "C:\Users\Nerissa Fox\appdata\locallow\asktoolbar"Successfully deleted: [Folder] "C:\Program Files\ask.com"Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}" ~~~ Chrome Successfully deleted: [Folder] C:\Users\Nerissa Fox\appdata\local\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpacSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Thu 08/08/2013 at 13:35:33.33End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
cushdaddy Posted August 8, 2013 Author ID:712616 Share Posted August 8, 2013 # AdwCleaner v2.306 - Logfile created 08/08/2013 at 13:49:17# Updated 19/07/2013 by Xplode# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)# User : Nerissa Fox - FOXY# Boot Mode : Normal# Running from : C:\Users\Nerissa Fox\Downloads\AdwCleaner.exe# Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files\Common Files\AVG Secure SearchFile Deleted : C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xmlFolder Deleted : C:\Program Files\AVG Secure SearchFolder Deleted : C:\ProgramData\AVG Secure SearchFolder Deleted : C:\Users\Nerissa Fox\AppData\Local\AVG Secure SearchFolder Deleted : C:\Users\Nerissa Fox\AppData\Local\AVG Security ToolbarFolder Deleted : C:\Users\Nerissa Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblofFolder Deleted : C:\Users\Nerissa Fox\AppData\LocalLow\AVG Secure SearchFolder Deleted : C:\Users\Nerissa Fox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dogpile Bundle Toolbar ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security ToolbarKey Deleted : HKCU\Software\AVG Secure SearchKey Deleted : HKCU\Software\AVG Security ToolbarKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure SearchKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstallKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow ToolbarKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}Key Deleted : HKCU\ToolbarKey Deleted : HKLM\Software\AVG Secure SearchKey Deleted : HKLM\Software\AVG Security ToolbarKey Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPIKey Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObjKey Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67FA02C4-AB30-4E77-A640-78EE8EC8673B}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F78BF7A8-CF12-4DE7-A6DA-C463D1B539A7}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}Key Deleted : HKLM\SOFTWARE\FCTB000060231Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblofKey Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dllKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure SearchKey Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginValue Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C80BDEB2-8735-44C6-BD55-A1CCD555667A}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C80BDEB2-8735-44C6-BD55-A1CCD555667A}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16448 -\\ Google Chrome v28.0.1500.95 File : C:\Users\Nerissa Fox\AppData\Local\Google\Chrome\User Data\Default\Preferences ************************* AdwCleaner[R1].txt - [13683 octets] - [08/08/2013 13:48:28]AdwCleaner[s1].txt - [12097 octets] - [08/08/2013 13:49:17] ########## EOF - C:\AdwCleaner[s1].txt - [12158 octets] ########## Link to post Share on other sites More sharing options...
cushdaddy Posted August 8, 2013 Author ID:712618 Share Posted August 8, 2013 I forgot to run Malwarebytes Anti-Rootkit twice. Does that make a difference? Thank you for all your help so far. CheersCushdaddy Link to post Share on other sites More sharing options...
Staff CatByte Posted August 8, 2013 Staff ID:712662 Share Posted August 8, 2013 Yes, give it another run, make sure that detection is permanently gone. How is the computer running now, any outstanding issues? Link to post Share on other sites More sharing options...
cushdaddy Posted August 9, 2013 Author ID:712698 Share Posted August 9, 2013 Ran it a second time and no malware found!! Yippie! No more pop up ads! Everything worked as you said! Can't thank you enough! Thank you! Thank you! CheersCushdaddy! Link to post Share on other sites More sharing options...
Staff CatByte Posted August 9, 2013 Staff ID:712699 Share Posted August 9, 2013 That's great news, we just have some housekeeping to do now, please do the following: You can delete the FRST, JRT, and MBAR logs and programs from your desktop. NEXT Follow these steps to uninstall Combofix Make sure your security programs are totally disabled.Press the WinKey +R to open a run boxNow copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there. NEXTDouble click on adwcleaner.exe to run the tool.Click on Uninstall.Confirm with yes.If there are any logs/tools remaining on your desktop > right click and delete them. NEXT Below I have included a number of recommendations for how to protect your computer against malware infections.It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.Keep Windows updated by regularly checking their website at : http://windowsupdate.microsoft.com/ This will ensure your computer has always the latest security updates available installed on your computer.Make Internet Explorer more secureClick Start > RunType Inetcpl.cpl & click OKClick on the Security tabClick Reset all zones to default levelMake sure the Internet Zone is selected & Click Custom levelIn the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".Next Click OK, then Apply button and then OK to exit the Internet Properties page.Download TFC to your desktopClose any open windows.Double click the TFC icon to run the programTFC will close all open programs itself in order to run,Click the Start button to begin the process.Allow TFC to run uninterrupted.The program should not take long to finish it's jobOnce its finished it should automatically reboot your machine,if it doesn't, manually reboot to ensure a complete cleanIt's normal after running TFC cleaner that the PC will be slower to boot the first time. WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:Green to goYellow for cautionRed to stopWOT has an addon available for both Firefox and IEKeep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles: PC Safety and Security--What Do I Need?.Simple and easy ways to keep your computer safe and secure on the InternetThank you for your patience, and performing all of the procedures requested. Please respond one last time so we can consider the thread resolved and close it, thank-you. Link to post Share on other sites More sharing options...
cushdaddy Posted August 12, 2013 Author ID:714177 Share Posted August 12, 2013 All files and programs deleted. TFC froze up on two attempts to run it after deleting temp files, but other then that, everything is fine. No pop up etc. I will soon be buying Malwarebytes to protect my PC from this point on! Thank you for all that you do. I truly appreciate the help in ridding my computer of the malware/adware. Thanks again,Cushdaddy Link to post Share on other sites More sharing options...
Recommended Posts