Jump to content

WizCalifa

Members
  • Posts

    15
  • Joined

  • Last visited

Reputation

0 Neutral

About WizCalifa

  • Birthday 10/19/1994
  1. Edit: My mother won't let me send you a donation, but I promise that when I open my own bank account, I will definitely still remember to!
  2. Okie dokies! Thank you so much, Maniac! You helped me so much and I'm so glad that you could help me so quickly and so patiently! <333 I will be sending you a donation very soon!
  3. Things are going smoothly I suppose, but I'm confused as to why this time it found nothing... LOL When you know how the first time I scanned to 100% but it was only at Step 3 of 4 it found 9 things.
  4. I'm having trouble scanning...like it'll scan until 100%, but it'll only be in Step 3...? And I let the laptop scan since about 5 PM, and it's 12 AM now and it's only at 28%?
  5. Here's the ComboFix log: ComboFix 12-08-20.02 - Admin123 08/21/2012 0:25.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.2257 [GMT -4:00] Running from: c:\users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7SCDUXP\ComboFix.exe AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B} SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Admin123\AppData\Local\Temp\{4EB39058-0184-49B1-9E48-EF6E6914BD6D}\fpb.tmp . . ((((((((((((((((((((((((( Files Created from 2012-07-21 to 2012-08-21 ))))))))))))))))))))))))))))))) . . 2012-08-21 04:38 . 2012-08-21 04:38 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-21 04:02 . 2012-08-21 04:02 -------- d-----w- c:\program files (x86)\AVG Secure Search 2012-08-18 07:16 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys 2012-08-18 07:15 . 2012-08-18 07:15 -------- d-----w- c:\windows\PCHEALTH 2012-08-18 07:11 . 2012-06-29 03:49 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-08-18 06:15 . 2012-08-18 06:15 -------- d-----w- C:\_OTL 2012-08-17 16:37 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll 2012-08-17 16:37 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll 2012-08-17 16:37 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll 2012-08-17 16:37 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll 2012-08-17 16:37 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe 2012-08-17 16:37 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe 2012-08-17 16:37 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2012-08-17 16:37 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-08-17 16:37 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll 2012-08-17 16:37 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll 2012-08-17 16:36 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-08-17 16:36 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll 2012-08-09 04:50 . 2012-08-09 04:50 -------- d-----w- c:\users\Admin123\AppData\Local\PackageAware 2012-08-08 02:11 . 2012-08-08 02:11 -------- d-----w- c:\users\Admin123\AppData\Roaming\Roxio Log Files 2012-08-08 00:27 . 2012-08-09 05:05 -------- d-----w- c:\users\Admin123\AppData\Roaming\DVDVideoSoft 2012-08-07 23:38 . 2012-08-07 23:38 -------- d-----w- c:\users\Admin123\AppData\Local\Programs 2012-08-07 23:37 . 2012-08-08 01:03 -------- d-----w- c:\users\Admin123\AppData\Roaming\Apple Computer 2012-08-07 23:37 . 2012-08-07 23:37 -------- d-----w- c:\users\Admin123\AppData\Local\Apple Computer 2012-08-07 23:37 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-08-07 23:37 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-08-07 23:37 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll 2012-08-07 23:36 . 2012-08-07 23:36 -------- d-----w- c:\program files\iPod 2012-08-07 23:36 . 2012-08-07 23:36 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2012-08-07 23:36 . 2012-08-07 23:36 -------- d-----w- c:\program files\iTunes 2012-08-07 23:36 . 2012-08-07 23:36 -------- d-----w- c:\program files (x86)\iTunes 2012-08-07 23:36 . 2012-08-07 23:36 -------- d-----w- c:\programdata\Apple Computer 2012-08-07 23:35 . 2012-08-07 23:35 -------- d-----w- c:\users\Admin123\AppData\Local\Apple 2012-08-07 23:35 . 2012-08-07 23:35 -------- d-----w- c:\program files (x86)\Apple Software Update 2012-08-07 23:34 . 2012-08-07 23:34 -------- d-----w- c:\program files\Common Files\Apple 2012-08-07 23:34 . 2012-08-07 23:34 -------- d-----w- c:\program files (x86)\Bonjour 2012-08-07 23:34 . 2012-08-07 23:34 -------- d-----w- c:\program files\Bonjour 2012-08-07 23:34 . 2012-08-07 23:36 -------- d-----w- c:\program files (x86)\Common Files\Apple 2012-08-07 23:34 . 2012-08-07 23:35 -------- d-----w- c:\programdata\Apple 2012-08-07 20:17 . 2012-08-07 20:17 -------- d-----w- c:\program files\Google 2012-08-06 01:43 . 2012-08-06 01:43 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-06 01:26 . 2012-08-06 01:26 -------- d-----w- c:\program files (x86)\TeamViewer 2012-08-06 01:20 . 2012-08-06 01:20 -------- d-----w- c:\users\Admin123\temp 2012-08-06 01:20 . 2012-08-06 01:20 -------- d-----w- c:\users\Admin123\AppData\Roaming\TeamViewer 2012-08-05 23:03 . 2012-08-05 23:05 -------- d-----w- c:\users\Admin123\AppData\Roaming\AVG 2012-08-05 21:47 . 2012-08-05 21:47 -------- d-----w- c:\users\Admin123\AppData\Local\AVG Secure Search 2012-08-05 21:47 . 2012-08-21 04:02 -------- d-----w- c:\programdata\AVG Secure Search 2012-08-05 21:47 . 2012-08-21 04:02 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2012-08-05 21:47 . 2012-08-05 21:47 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search 2012-08-05 21:46 . 2012-08-21 04:02 -------- d-----w- c:\windows\SysWow64\drivers\AVG 2012-08-05 21:44 . 2012-08-05 21:44 -------- d-----w- C:\$AVG 2012-08-05 21:44 . 2012-08-05 22:26 -------- d-----w- c:\programdata\AVG2012 2012-08-05 21:43 . 2012-08-21 03:59 -------- d-----w- c:\program files (x86)\AVG 2012-08-05 21:24 . 2012-08-21 04:03 -------- d-----w- c:\programdata\MFAData 2012-08-05 21:24 . 2012-08-05 21:24 -------- d--h--w- c:\programdata\Common Files 2012-08-05 19:44 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F37733ED-2048-4C0A-BF88-BEA4CE3E8EB1}\mpengine.dll 2012-08-04 21:38 . 2012-08-05 04:19 -------- d-----w- c:\program files\GIMP 2 2012-08-04 21:24 . 2012-08-04 21:24 -------- d-----w- c:\users\Admin123\AppData\Roaming\OpenOffice.org 2012-08-04 18:43 . 2012-08-05 04:19 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com 2012-08-04 18:42 . 2012-08-04 21:17 -------- d-----w- c:\programdata\Tarma Installer 2012-08-04 18:40 . 2012-08-04 21:16 -------- d-----w- c:\programdata\WeCareReminder 2012-07-30 06:09 . 2012-07-30 06:09 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-07-30 03:54 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-07-30 03:54 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-07-30 02:24 . 2012-08-21 04:03 -------- d-----w- c:\users\Admin123\AppData\Local\Google 2012-07-30 02:23 . 2012-08-08 02:11 -------- d-----w- c:\program files (x86)\Google 2012-07-29 19:05 . 2012-07-29 19:05 -------- d-----w- c:\program files (x86)\McAfee 2012-07-24 14:56 . 2012-07-24 14:56 -------- d-----w- c:\windows\Sun 2012-07-24 06:58 . 2012-07-29 19:05 -------- d-----w- c:\programdata\McAfee 2012-07-24 06:58 . 2012-08-17 18:00 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-24 06:58 . 2012-08-17 18:00 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-23 22:06 . 2012-07-23 22:06 -------- d-----w- c:\users\Admin123\AppData\Local\Diagnostics 2012-07-23 17:42 . 2012-07-23 17:42 -------- d-----w- c:\programdata\Blio 2012-07-23 17:42 . 2012-07-23 17:44 -------- d-----w- c:\users\Admin123\AppData\Roaming\Blio . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-18 07:02 . 2012-05-12 02:04 62134624 ----a-w- c:\windows\system32\MRT.exe 2012-06-09 05:43 . 2012-07-11 19:05 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX 2012-06-06 06:06 . 2012-07-11 19:04 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 06:06 . 2012-07-11 19:04 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 06:02 . 2012-07-10 20:33 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-06-06 05:05 . 2012-07-11 19:04 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:05 . 2012-07-11 19:04 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-06 05:03 . 2012-07-11 19:05 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-06-02 22:19 . 2012-06-19 01:39 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-19 01:39 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-19 01:39 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-19 01:39 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-19 01:39 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-19 01:39 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-19 01:39 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 19:19 . 2012-06-19 01:39 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:15 . 2012-06-19 01:39 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 05:50 . 2012-07-11 19:05 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:48 . 2012-07-11 19:05 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:48 . 2012-07-11 19:05 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:45 . 2012-07-11 19:05 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:44 . 2012-07-11 19:05 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 04:40 . 2012-07-11 19:05 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:40 . 2012-07-11 19:05 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:39 . 2012-07-10 20:33 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34 . 2012-07-11 19:05 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-05-31 16:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-08-21 04:02 2045024 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll" [2012-08-21 2045024] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ooVoo.exe"="c:\program files (x86)\ooVoo\ooVoo.exe" [2012-05-29 25249400] "FreeScreenSharing"="c:\users\Admin123\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe" [2011-11-22 2204488] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-07 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-15 343168] "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944] "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-08-21 1162848] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776] "ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-08-21 1020512] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-9-20 1338144] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-07 136176] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-17 250056] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-01 138912] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-07 136176] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-11 18288] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-12 1255736] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-17 79488] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-17 40064] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-21 31080] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-16 204288] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-15 361984] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072] S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-03-14 197504] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-08-29 2424424] S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-26 5790064] S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-26 487280] S2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [2012-08-21 927840] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-16 10206208] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-16 317952] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704] S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2011-09-21 133672] S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-09-21 620584] S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-09-21 89640] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-21 39976] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-08-29 339048] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-08-18 53376] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 18:00] . 2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-07 20:16] . 2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-07 20:16] . 2012-08-18 c:\windows\Tasks\HPCeeScheduleForADMIN123-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43] . 2012-08-18 c:\windows\Tasks\HPCeeScheduleForAdmin123.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-08 1424896] "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.33.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll . - - - - ORPHANS REMOVED - - - - . HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-08-21 01:11:42 ComboFix-quarantined-files.txt 2012-08-21 05:11 . Pre-Run: 236,934,184,960 bytes free Post-Run: 236,690,210,816 bytes free . - - End Of File - - F2B2C39CAAB18893209A4CF50A700D3D
  6. Yep, still with you. All processes killed ========== OTL ========== 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found. Registry key HKEY_USERS\S-1-5-21-1641636118-1598163892-1382682310-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found. ========== FILES ========== File\Folder C:\Windows\Installer\{29d9bd97-a400-c327-ec45-0e2f68899581} not found. File\Folder c:\users\admin123\appdata\local\{29d9bd97-a400-c327-ec45-0e2f68899581} not found. File\Folder c:\windows\assembly\gac_32\desktop.ini not found. File\Folder c:\windows\assembly\gac_64\desktop.ini not found. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Admin123\Desktop\cmd.bat deleted successfully. C:\Users\Admin123\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Admin123 ->Temp folder emptied: 4386767 bytes ->Temporary Internet Files folder emptied: 266307360 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 11648 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1010469 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 902 bytes Total Files Cleaned = 259.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.57.0 log created on 08182012_021558 Files\Folders moved on Reboot... C:\Users\Admin123\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WWWIKUEC\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully. C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WWWIKUEC\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully. C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q1ZQJF6A\fastbutton[1].htm moved successfully. C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PGMZTMP7\index[2].htm moved successfully. C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully. C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. PendingFileRenameOperations files... File C:\Users\Admin123\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! File C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WWWIKUEC\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot not found! File C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WWWIKUEC\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot not found! File C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q1ZQJF6A\fastbutton[1].htm not found! File C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PGMZTMP7\index[2].htm not found! File C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found! File C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found! Registry entries deleted on Reboot...
  7. Ah, I see o: Is this right? :OTL IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF :files C:\Windows\Installer\{29d9bd97-a400-c327-ec45-0e2f68899581} c:\users\admin123\appdata\local\{29d9bd97-a400-c327-ec45-0e2f68899581} c:\windows\assembly\gac_32\desktop.ini c:\windows\assembly\gac_64\desktop.ini ipconfig /flushdns /c :Commands [emptytemp] [clearallrestorepoints]
  8. All processes killed Error: Unable to interpret <:OTLIE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDFIE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDFIE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF:filesC:\Windows\Installer\{29d9bd97-a400-c327-ec45-0e2f68899581}c:\users\admin123\appdata\local\{29d9bd97-a400-c327-ec45-0e2f68899581}c:\windows\assembly\gac_32\desktop.inic:\windows\assembly\gac_64\desktop.iniipconfig /flushdns /c:Commands[emptytemp][clearallrestorepoints]> in the current context! OTL by OldTimer - Version 3.2.56.0 log created on 08072012_153332 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...
  9. OTL Extras logfile created on: 8/6/2012 11:16:20 PM - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Admin123\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.48 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 62.54% Memory free 6.96 Gb Paging File | 5.20 Gb Available in Paging File | 74.77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 273.01 Gb Total Space | 223.92 Gb Free Space | 82.02% Space Free | Partition Type: NTFS Drive D: | 20.92 Gb Total Space | 2.26 Gb Free Space | 10.79% Space Free | Partition Type: NTFS Drive E: | 3.72 Gb Total Space | 3.72 Gb Free Space | 99.96% Space Free | Partition Type: FAT32 Drive G: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.23% Space Free | Partition Type: FAT32 Computer Name: ADMIN123-HP | User Name: Admin123 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0E0CE1BA-BEB3-4E85-85ED-6D4F9BF32B2A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0EB07E7D-60CB-446E-8AB7-899A637CC2B5}" = lport=445 | protocol=6 | dir=in | app=system | "{198D9BC0-A3F0-4692-A621-C14847A16573}" = rport=10243 | protocol=6 | dir=out | app=system | "{1C78BEC7-9368-4022-B27A-30938A771B14}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{22E1DF5E-CA63-4F8B-BDBE-D2782C857243}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{26FA7734-5686-47E6-91F0-F2DC92682DA2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3675E7A7-7F52-4EAE-B5A5-924658936BF7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{45F058EA-6162-40B5-9F2F-124FD7B304A6}" = lport=139 | protocol=6 | dir=in | app=system | "{5A1D94BE-3BE1-4D77-95CC-9DDEC26432B6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6B87D70A-8871-4F39-A2C8-BB72DB7CE27C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6CF6F1A2-F345-4B49-A8A8-B76254005F94}" = lport=2869 | protocol=6 | dir=in | app=system | "{7E79B05F-E929-4170-B718-F3EFE1C85063}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{81E52199-7D8D-4E96-AC29-644D664933DC}" = lport=10243 | protocol=6 | dir=in | app=system | "{84E6E768-B193-4217-B169-C17E07503583}" = rport=445 | protocol=6 | dir=out | app=system | "{8FDD0241-963C-4D0D-AE8F-10A2664ADF5A}" = lport=138 | protocol=17 | dir=in | app=system | "{A5B90602-153A-41A8-AA3F-363925F9BCF9}" = rport=137 | protocol=17 | dir=out | app=system | "{A97DE926-824E-4D56-83C5-13EBFD9C7019}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B8B9BB92-B3E5-4150-991F-D5AC89A6B88F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C0832662-82FB-4AA0-A13A-DD2509D16D95}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{C2428932-7AB9-4557-8179-A087EF7ECDC9}" = rport=139 | protocol=6 | dir=out | app=system | "{DF83751D-AE45-426E-8396-97DC3CF49E8A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E3893CCF-9D00-451E-B2A5-B0964A7D5870}" = rport=138 | protocol=17 | dir=out | app=system | "{F0382F01-6C6C-4FD5-BE68-A3DB56C164D0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F9D777D4-2E96-417C-BC04-2A9A0F7F5850}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05FA3F96-530B-40D2-8C32-9D4A40966473}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{11A97F36-3D22-409D-A7D4-2A9E7F054C8C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1254CEA3-EABE-459C-88ED-089B05D815CD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{13EF10E2-A4C1-4B7B-B948-27A2169C8CC9}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe | "{186B8448-07D7-4D3B-A616-6370D1224983}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{23E093F0-A714-460A-95F8-1DB07B0B559C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{27B3DA0D-82B4-45B3-A163-2E03BF88D811}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2B5655B3-3B00-4447-84A1-FC7CD9E4C3F5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2D866127-887F-4F42-AB34-A85CD8C18C67}" = protocol=6 | dir=out | app=system | "{337803FC-897B-4AB8-B984-94C053EBB3ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4060DBCB-E6CC-4634-AEF6-F81815C363E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{46D3F34C-F03C-4A61-9BC0-3BD3C880CD12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{49D8C27E-847E-438A-9DDE-75FF871DBF2D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{4A3FC3BF-C746-42AF-9AB9-F03988505FE3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{51DF0774-7139-4282-80F2-0C3D2C10D6A6}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe | "{55C195A6-3F30-4F48-808D-FEF25FCDDA84}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{6E84CD72-9814-4CDD-B584-B510B84B5729}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{6EA9894E-659B-46E5-B157-0C42057BDB17}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{810E3C31-6A2C-4873-B93F-54152FD8DEEE}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | "{82AC7309-652D-4953-9358-4264BEF5CC1A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{A31E0BDC-8B62-4FEA-998A-99E325EEACE7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A799F3CB-A53F-4795-BDAD-8C2ED65CD14D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{B1813968-63F4-4718-B64E-CA4F123DE895}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe | "{B37525C4-774F-4EB0-B9F0-8C1EBA12076F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{B89DB853-F5D6-412F-8803-57DB9651206E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{BAF6764A-FCE5-4400-9419-6AD6B9E2728B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{BD4391DB-714A-4033-B45A-50CC168B4F6E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{C4363880-BBE2-4CA0-9B30-726A201EE93F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{CFAB7987-2722-4EAA-BA1B-369D63C8E71C}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe | "{D23D9760-3853-4552-A6F5-DF58C321B259}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E265F2F4-5AF8-4DB6-BF37-BB9BC742B284}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | "{E2C0CC1E-D28C-4B53-8F3C-1A068BEB12D2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{EA71F19F-67A5-44A8-B776-5CBEB40B8A0B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F6D9038E-2EDC-450E-83F8-95A2F733BC72}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "TCP Query User{6A5CD1FA-385F-4C6F-9776-451683C5F3F5}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | "TCP Query User{9F0D4767-DCD2-4F0B-AF2B-FBB492F311DC}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | "UDP Query User{95446DD7-2428-4F0E-8E7E-463E3F520E07}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | "UDP Query User{E8EC780B-5EE3-4D59-962A-56D07669B397}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{006716FE-DAB7-8EA8-99B6-04EB354AC3A8}" = AMD Media Foundation Decoders "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services "{288591DE-4151-4E8E-A698-C6EFF5DF00F9}" = HP Security Assistant "{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro "{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6032497A-4479-462B-ADB8-A0A372BB9A23}" = HP Application Assistant "{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}" = Broadcom Bluetooth Software "{6ECDAC2F-12C1-E49B-448E-6002368967E0}" = AMD Steady Video Plug-In "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{9795DCDC-45CB-8A98-4F01-8C4B37361BF5}" = AMD Fuel "{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012 "{A21EA495-2B09-7E39-8C55-310D6DC7DB4C}" = ccc-utility64 "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{CF780466-D74B-C6E7-7E61-0C4DCA614455}" = AMD Catalyst Install Manager "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "AVG" = AVG 2012 "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter "EPSON Artisan 810 Series" = EPSON Artisan 810 Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Pen Tablet Driver" = Bamboo "SynTPDeinstKey" = Synaptics TouchPad Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{06A62CCD-4953-88D6-104D-37C20CCA8140}" = CCC Help Greek "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0AD538F8-AE22-4448-71C5-2A321D3953A3}" = CCC Help Chinese Standard "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore "{169FDBFF-6FA1-2A14-F5F0-EEA7C27C4AFE}" = AMD VISION Engine Control Center "{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0 "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1AD2BBC8-8233-F193-6915-AEB19299EF69}" = CCC Help Dutch "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java 6 Update 32 "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{35E81526-8A3E-FF8C-6E43-EBA7D40904CA}" = CCC Help Finnish "{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource "{3D5C7E0E-AEC0-40EB-99D3-C40469738040}" = HP Documentation "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup "{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch "{579BD527-0EED-20A8-B9F4-0244FBABB085}" = CCC Help German "{600DFD49-D7C2-9DE4-4EEA-337083E72B1F}" = CCC Help Russian "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{6DE8EE45-09DE-3288-4635-DCFA87765D84}" = CCC Help Portuguese "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0 "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant "{6F89F8EB-16A2-E21F-A34C-CF6AB53EA7E1}" = CCC Help Hungarian "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{741006D1-7B2B-4E33-B2B0-831F282EEF64}" = Blio "{79A21AE8-0BF2-955D-7AC3-2AFD9430C199}" = CCC Help Czech "{7B67B74C-6942-9F20-C05A-2870D600A6EB}" = CCC Help Italian "{8279D3BD-3A54-A6F6-E8BE-C12FADDC1064}" = CCC Help Polish "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8B4F2108-7395-4951-A7BE-86DA108A001C}" = OGA Notifier 1.7.0105.14.0 "{8D78F24E-3AA8-9D2A-3B28-CA240439B802}" = CCC Help Swedish "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003 "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{962CB079-85E6-405F-8704-1C62365AE46F}" = HP Software Framework "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F4532D6-62F3-4B5B-AA47-979CFC7510F5}" = CCC Help Chinese Traditional "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A7A7B78C-3EEE-5783-E2FB-218E4B40198E}" = CCC Help Spanish "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager "{B0E3A46B-0629-BD31-EC2B-4C96DCF7F7BB}" = Catalyst Control Center Localization All "{B41441A0-A65C-CABF-4D1B-B1588E316F7D}" = CCC Help Korean "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B894D068-A07A-96C8-A6CB-87C5EDB97C8E}" = Catalyst Control Center Graphics Previews Common "{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}" = HP QuickWeb "{BDD74598-1133-68FA-CD69-6FD442759CD4}" = CCC Help Thai "{BEA1CE9A-93E0-E131-13DF-76441B6783E6}" = Catalyst Control Center InstallProxy "{C0E6C680-7B1D-0EE9-0D6C-AF28765FB885}" = CCC Help Turkish "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C7D23135-04B6-1A0C-E835-42AADD00EA1F}" = CCC Help Japanese "{CA41C92C-BEA4-5C7B-6DDE-48C7E996FE72}" = CCC Help Norwegian "{CB841B9A-4049-E21F-1E62-49AC742C1B81}" = CCC Help English "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{D0DDF9EE-C67F-368B-EB42-ECB44FD7556D}" = Adobe Photoshop.com Inspiration Browser "{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager "{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager "{E12C4983-DA0E-7AFD-04E5-592EC5DF1974}" = CCC Help French "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1 "{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F30403FF-0146-4633-AAC5-D5CD5C50AE70}" = Catalyst Control Center - Branding "{F500B5DC-CCCE-CC7F-B1D1-39139AE57676}" = CCC Help Danish "{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3 "{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0 "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "EPSON PC-FAX Driver 2" = Epson PC-FAX Driver "EPSON Scanner" = EPSON Scan "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Pen Tablet Driver" = Bamboo "PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser "Picasa 3" = Picasa 3 "PROPLUS" = Microsoft Office Professional Plus 2007 "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin "WildTangent hp Master Uninstall" = HP Games "WTA-03eaf8a3-d4e4-4e74-81fa-9a750638440f" = Hoyle Card Games "WTA-05baa083-98fc-4295-b0d6-ebbfde2cbaae" = Polar Bowler "WTA-0e2af03a-115c-43b8-92cf-2e9894b75a09" = Final Drive Fury "WTA-1013007a-e2ae-4478-a7ba-fcb5ef229d1d" = Blackhawk Striker 2 "WTA-21411c76-2cba-40b4-9f51-4d86a472e884" = Virtual Villagers 4 - The Tree of Life "WTA-279cf681-1067-4bbb-94b5-f1157720c963" = FATE "WTA-2f933c63-a5b8-4438-ba29-3b2167ffb329" = Letters from Nowhere 2 "WTA-38ca30e4-5ef4-48ec-b6c0-eac39d7622b2" = John Deere Drive Green "WTA-4bd98dfa-b4b2-4568-b754-fd6fbebb6c77" = Plants vs. Zombies - Game of the Year "WTA-596c1d88-c119-4aac-ac47-824dd7bd0092" = RollerCoaster Tycoon 3: Platinum "WTA-7422e5c8-c1ba-4b5f-8d80-e66d5379244d" = Penguins! "WTA-78d9a8fa-7918-4b63-b3df-c50fa13e91ad" = Luxor HD "WTA-7be5810c-ea5e-4369-bb44-222ca40b37ca" = Bejeweled 3 "WTA-864f03ed-f2c1-4145-8110-d2725c4d5d3b" = Jewel Match 3 "WTA-89b4debd-166b-437d-bd18-2d6141046e35" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition "WTA-93ff1273-e0b2-48f8-b5b5-5df7ee75ec68" = Cradle of Rome 2 "WTA-9493dec6-a9ec-4c16-82aa-6bc1cb0b678c" = Torchlight "WTA-a440874a-34ea-40fe-9af4-c9cdd81dea06" = Farm Frenzy "WTA-b1d68def-d5bd-4f0b-9690-ead73acb9a11" = Dora's World Adventure "WTA-b24b387f-0989-4b82-99bc-c30584401ee7" = Zuma's Revenge "WTA-c1968821-c8ac-4459-812b-75906d5c143e" = Polar Golfer "WTA-c2714556-d482-4680-bd2b-d17b8abe75ce" = Chuzzle Deluxe "WTA-cdcdfb51-ac34-4f64-9069-95c4d07b8738" = Farmscapes "WTA-e2531fc0-9b5d-42e4-ad84-b227f6e379da" = Mah Jong Medley "WTA-f6945d06-5c82-4266-8a9f-b1a296130bdd" = The Treasures of Mystery Island: The Ghost Ship "WTA-ff3a66bc-e702-4df5-87d2-62dbd4791335" = Poker Superstars III ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "FreeScreenSharing" = FreeScreenSharing ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 7/30/2012 12:23:07 AM | Computer Name = Admin123-HP | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver. System Error: The system cannot find the file specified. . Error - 7/30/2012 12:25:18 AM | Computer Name = Admin123-HP | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver. System Error: The system cannot find the file specified. . Error - 7/30/2012 12:25:18 AM | Computer Name = Admin123-HP | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver. System Error: The system cannot find the file specified. . Error - 7/30/2012 1:45:28 AM | Computer Name = Admin123-HP | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16447, time stamp: 0x4fc9d776 Exception code: 0xc0000005 Fault offset: 0x0021d9dc Faulting process id: 0x126c Faulting application start time: 0x01cd6e0a30357c5d Faulting application path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll Report Id: c3c6c7fe-da09-11e1-8e83-e4d53dfedfe8 Error - 7/30/2012 2:53:05 AM | Computer Name = Admin123-HP | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16447, time stamp: 0x4fc9d776 Exception code: 0xc0000005 Fault offset: 0x0021d9dc Faulting process id: 0xaa0 Faulting application start time: 0x01cd6e16d6fc5757 Faulting application path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll Report Id: 3659e46c-da13-11e1-8e83-e4d53dfedfe8 Error - 7/30/2012 3:00:13 AM | Computer Name = Admin123-HP | Source = WinMgmt | ID = 10 Description = Error - 7/30/2012 5:44:45 PM | Computer Name = Admin123-HP | Source = WinMgmt | ID = 10 Description = Error - 7/30/2012 6:10:36 PM | Computer Name = Admin123-HP | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 7/31/2012 9:43:41 PM | Computer Name = Admin123-HP | Source = WinMgmt | ID = 10 Description = Error - 7/31/2012 9:47:14 PM | Computer Name = Admin123-HP | Source = WinMgmt | ID = 10 Description = [ Hewlett-Packard Events ] Error - 6/15/2012 1:30:53 PM | Computer Name = Admin123-HP | Source = HPSF.exe | ID = 4000 Description = Error - 6/15/2012 1:32:51 PM | Computer Name = Admin123-HP | Source = HPSF.exe | ID = 4000 Description = Error - 6/15/2012 1:33:04 PM | Computer Name = Admin123-HP | Source = HPSF.exe | ID = 4000 Description = Error - 6/15/2012 1:43:16 PM | Computer Name = Admin123-HP | Source = HPSF.exe | ID = 4000 Description = [ HP Software Framework Events ] Error - 10/26/2011 12:38:23 AM | Computer Name = 960EC8351I5AL | Source = CaslWmi | ID = 5 Description = 2011/10/25 21:38:23.032|00000BB0|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception occurred in querying WMI for WmiMonitorBrightness: 'Not supported ' Error - 10/26/2011 12:38:25 AM | Computer Name = 960EC8351I5AL | Source = CaslWmi | ID = 5 Description = 2011/10/25 21:38:25.248|00000BB0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 5/11/2012 8:31:49 PM | Computer Name = Admin123-HP | Source = CaslWmi | ID = 5 Description = 2012/05/11 20:31:49.128|00000ECC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 5/11/2012 8:31:50 PM | Computer Name = Admin123-HP | Source = CaslSmBios | ID = 5 Description = 2012/05/11 20:31:50.174|00000ECC|Error |[CaslWmi]CommandDiags::A{hpCasl.enReturnCode(System.DateTime&)}|Error attempting to parse year 2000, month 0, day 0: Year, Month, and Day parameters describe an un-representable DateTime. Error - 5/11/2012 8:31:56 PM | Computer Name = Admin123-HP | Source = CaslWmi | ID = 5 Description = 2012/05/11 20:31:56.324|000006C4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 5/11/2012 9:12:39 PM | Computer Name = Admin123-HP | Source = CaslWmi | ID = 5 Description = 2012/05/11 21:12:39.596|000003FC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 5/19/2012 1:14:23 PM | Computer Name = Admin123-HP | Source = CaslWmi | ID = 5 Description = 2012/05/19 13:14:23.232|000016E0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 5/19/2012 1:17:17 PM | Computer Name = Admin123-HP | Source = CaslWmi | ID = 5 Description = 2012/05/19 13:17:17.072|00001A64|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 5/19/2012 1:17:30 PM | Computer Name = Admin123-HP | Source = CaslWmi | ID = 5 Description = 2012/05/19 13:17:30.116|000014A0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 5/20/2012 2:22:07 PM | Computer Name = Admin123-HP | Source = CaslWmi | ID = 5 Description = 2012/05/20 14:22:07.827|00001AF0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state [ System Events ] Error - 8/4/2012 9:15:22 PM | Computer Name = Admin123-HP | Source = Service Control Manager | ID = 7034 Description = The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s). Error - 8/4/2012 9:21:05 PM | Computer Name = Admin123-HP | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 8/4/2012 9:25:19 PM | Computer Name = Admin123-HP | Source = Application Popup | ID = 1060 Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 8/4/2012 9:31:57 PM | Computer Name = Admin123-HP | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 8/4/2012 11:17:48 PM | Computer Name = Admin123-HP | Source = DCOM | ID = 10016 Description = Error - 8/5/2012 12:11:24 AM | Computer Name = Admin123-HP | Source = DCOM | ID = 10016 Description = Error - 8/5/2012 1:32:16 AM | Computer Name = Admin123-HP | Source = DCOM | ID = 10016 Description = Error - 8/5/2012 1:36:33 AM | Computer Name = Admin123-HP | Source = Service Control Manager | ID = 7022 Description = The Windows Update service hung on starting. Error - 8/5/2012 10:59:27 AM | Computer Name = Admin123-HP | Source = DCOM | ID = 10016 Description = Error - 8/5/2012 3:40:25 PM | Computer Name = Admin123-HP | Source = DCOM | ID = 10016 Description = < End of report >
  10. Sorry! I didn't realize this got answered to! Thank you so much for taking your time out to help me! OTL logfile created on: 8/6/2012 11:16:20 PM - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Admin123\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.48 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 62.54% Memory free 6.96 Gb Paging File | 5.20 Gb Available in Paging File | 74.77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 273.01 Gb Total Space | 223.92 Gb Free Space | 82.02% Space Free | Partition Type: NTFS Drive D: | 20.92 Gb Total Space | 2.26 Gb Free Space | 10.79% Space Free | Partition Type: NTFS Drive E: | 3.72 Gb Total Space | 3.72 Gb Free Space | 99.96% Space Free | Partition Type: FAT32 Drive G: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.23% Space Free | Partition Type: FAT32 Computer Name: ADMIN123-HP | User Name: Admin123 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/06 23:14:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Admin123\Downloads\OTL.exe PRC - [2012/08/05 17:47:30 | 000,830,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe PRC - [2012/08/05 17:47:28 | 001,147,488 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe PRC - [2012/05/29 10:37:22 | 025,249,400 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/03/14 10:28:28 | 000,197,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe PRC - [2011/11/22 05:57:16 | 002,204,488 | ---- | M] () -- C:\Users\Admin123\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe PRC - [2011/11/03 17:20:58 | 000,803,144 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe PRC - [2011/10/07 22:10:48 | 000,169,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe PRC - [2011/08/22 23:40:22 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2011/08/19 17:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe PRC - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe PRC - [2009/06/05 00:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe ========== Modules (No Company Name) ========== MOD - [2012/08/05 17:47:31 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\SiteSafety.dll MOD - [2012/08/05 17:47:28 | 001,147,488 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe MOD - [2012/06/19 00:53:14 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/06/19 00:52:58 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012/05/19 13:16:05 | 000,877,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll MOD - [2011/11/22 05:57:16 | 002,204,488 | ---- | M] () -- C:\Users\Admin123\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe MOD - [2011/11/03 17:21:06 | 000,350,024 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madExcept_.bpl MOD - [2011/11/03 17:21:06 | 000,184,136 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madBasic_.bpl MOD - [2011/11/03 17:21:06 | 000,050,504 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madDisAsm_.bpl ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/09/20 15:52:38 | 001,085,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2011/09/16 06:12:12 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011/09/15 18:15:44 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2011/09/08 09:42:28 | 000,305,152 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:64bit: - [2011/02/17 01:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto) SRV:64bit: - [2010/10/26 17:42:16 | 005,790,064 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV:64bit: - [2010/10/26 17:42:16 | 000,487,280 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/08/05 17:47:30 | 000,830,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe -- (vToolbarUpdater12.1.5) SRV - [2012/08/05 16:02:17 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/20 02:44:03 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws) SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/05/19 13:39:48 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/03/14 10:28:28 | 000,197,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011/09/09 20:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011/08/29 14:02:22 | 002,424,424 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007/12/17 00:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) SRV - [2007/01/11 00:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/08/05 17:47:32 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012/02/17 14:02:12 | 004,729,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter) DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2011/10/25 23:53:55 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/10/25 23:53:55 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011/09/20 21:36:50 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2011/09/20 21:36:50 | 000,133,672 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums) DRV:64bit: - [2011/09/20 21:36:50 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN) DRV:64bit: - [2011/09/20 21:36:44 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2011/09/20 21:36:44 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2011/09/20 21:36:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2011/09/20 21:36:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2011/09/16 06:51:12 | 010,206,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/09/16 05:38:42 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011/09/08 09:42:28 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011/08/29 14:02:28 | 000,339,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2011/08/18 08:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2011/06/17 07:08:26 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2011/06/17 07:08:24 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2011/06/10 18:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd) DRV:64bit: - [2011/03/30 18:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/10/11 15:19:36 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV:64bit: - [2010/10/11 15:19:28 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter) DRV:64bit: - [2010/10/11 15:19:26 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2010/07/28 13:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010/02/18 13:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV - [2012/07/01 12:04:28 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012/05/31 21:00:58 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{F49D5C67-6B4F-48F6-AAB4-1BB9ED7371AC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} IE - HKLM\..\SearchScopes\{F49D5C67-6B4F-48F6-AAB4-1BB9ED7371AC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.deviantart.com/ IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes,DefaultScope = {59CE12E8-1C40-40BC-805C-F4F21E604F78} IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{59CE12E8-1C40-40BC-805C-F4F21E604F78}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcrms}&l=dis&o=HPNTDF IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={F96DD5A7-070E-4C0E-8DDA-08BEB83597F9}&mid=2d57263ed15e47d08182359c7b1a361b-77582ebb37624dca34eebc43c116d9fe623beda2〈=en&ds=AVG&pr=pr&d=2012-08-05 17:47:34&v=12.1.0.21&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120521,17118,0,18,0 IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{F49D5C67-6B4F-48F6-AAB4-1BB9ED7371AC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://my.deviantart.com/messages/" FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=%7B0dd404fe-1f66-4a03-a407-58c6b3d8f6a5%7D&mid=2d57263ed15e47d08182359c7b1a361b-77582ebb37624dca34eebc43c116d9fe623beda2&ds=AVG&v=12.1.0.21〈=en&pr=pr&d=2012-08-05%2017%3A47%3A34&sap=ku&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/05 17:45:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.1.0.21\ [2012/08/05 17:47:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/05 20:22:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/05 20:22:11 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/26 08:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin123\AppData\Roaming\mozilla\Extensions [2012/08/05 15:47:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin123\AppData\Roaming\mozilla\Firefox\Profiles\pbt687ag.default\extensions [2012/08/05 00:18:53 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Admin123\AppData\Roaming\mozilla\Firefox\Profiles\pbt687ag.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2012/06/21 14:57:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/07/24 02:49:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/08/05 17:47:38 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.1.0.21 [2012/08/05 15:47:06 | 000,004,854 | ---- | M] () (No name found) -- C:\USERS\ADMIN123\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PBT687AG.DEFAULT\EXTENSIONS\{F86E6264-E877-5FCE-C3E4-8668A7D99DA2}.XPI [2012/07/20 02:44:03 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/08/05 17:47:28 | 000,003,750 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012/06/29 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/06/29 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll () O3 - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4:64bit: - HKLM..\Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001..\Run: [EPSON011DA5] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_S4A29.tmp" /EF "HKCU" File not found O4 - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001..\Run: [FreeScreenSharing] C:\Users\Admin123\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe () O4 - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\ooVoo.exe (ooVoo LLC) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriver.com/DRHM/store?Action=DisplayProductSearchResultsPage&SiteID=hpappli&Locale=en_US&keywords=%w O7 - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation) O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.33.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B2E936E-E467-4AFD-9399-CEF592C23C0B}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.33.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll () O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{c75077ed-9c03-11e1-9498-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c75077ed-9c03-11e1-9498-806e6f6e6963}\Shell\AutoRun\command - "" = F:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/08/06 21:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/08/06 21:12:02 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/08/06 21:12:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/08/05 21:43:41 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/08/05 21:26:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer [2012/08/05 21:20:28 | 000,000,000 | ---D | C] -- C:\Users\Admin123\temp [2012/08/05 21:20:27 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\TeamViewer [2012/08/05 19:03:57 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\AVG [2012/08/05 19:02:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011 [2012/08/05 17:48:11 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\AVG2012 [2012/08/05 17:47:47 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\AVG Secure Search [2012/08/05 17:47:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012/08/05 17:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2012/08/05 17:47:32 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2012/08/05 17:47:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search [2012/08/05 17:47:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search [2012/08/05 17:46:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG [2012/08/05 17:44:43 | 000,000,000 | -H-D | C] -- C:\$AVG [2012/08/05 17:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012 [2012/08/05 17:44:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG [2012/08/05 17:43:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2012/08/05 17:24:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/08/05 17:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012/08/05 15:40:34 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{BF53B6B7-32C5-4C80-8A46-119A00218050} [2012/08/05 15:40:23 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{A8F26326-87D4-482D-9A33-CF2973CB06FE} [2012/08/05 11:10:15 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{DA5E432D-9A7D-4E1F-917D-C759764C9213} [2012/08/05 11:10:05 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{600970A0-5505-4D92-86EA-E67FFF715770} [2012/08/05 00:49:34 | 000,000,000 | ---D | C] -- C:\FRST [2012/08/04 21:31:18 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/08/04 21:15:36 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/08/04 21:15:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/08/04 20:29:02 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{1D2659DA-06BB-4162-811C-3C721D09A7E2} [2012/08/04 20:28:49 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{7CE6F2C6-0AF9-49FE-B144-9A5DABF30C97} [2012/08/04 17:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2012/08/04 17:24:31 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\OpenOffice.org [2012/08/04 14:43:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Offers from Freeze.com [2012/08/04 14:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2012/08/04 14:40:19 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder [2012/08/04 13:36:33 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{564BCC32-878A-4F1B-86DA-29D6E802F868} [2012/08/04 13:36:16 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{8BEAE5EB-338B-473D-8E73-4A42BC9E9E4E} [2012/08/03 20:31:29 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{E8E0C480-C253-4A0D-A655-0B50A5C1C89F} [2012/08/03 20:31:16 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{1F6C5F07-4D99-40A7-9758-BE1BCED84EBE} [2012/07/31 21:48:36 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{1D2B6A55-C7FA-49AF-9845-10A09CA2B586} [2012/07/31 21:48:23 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{68979DA7-06C7-4A66-BDB9-1E2CD4B1CA9F} [2012/07/31 21:46:10 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{E9E967F1-A989-4B03-A3FC-EDD18054DD3E} [2012/07/31 21:45:57 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{DB01FF44-8DC5-4A5C-9AB5-E9554D46D6F4} [2012/07/30 17:45:55 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{FD7BF79A-8AA6-4C17-AA3F-4F14BFD898CE} [2012/07/30 17:45:42 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{1663D21E-A6DB-478C-B2AA-8B5D917F3E4E} [2012/07/30 02:09:15 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012/07/29 22:24:13 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\Google [2012/07/29 22:23:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012/07/29 22:05:44 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{79A904E6-2178-461C-800D-564CCF356417} [2012/07/29 22:05:31 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{E42C85C4-751D-48A1-AAD4-44720AAA4846} [2012/07/29 22:00:27 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{7348F264-86B1-466C-A33C-80D1AC1B6F78} [2012/07/29 22:00:10 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{E853D025-B9CB-4B2E-AE5D-F8D9559D4D83} [2012/07/29 15:05:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee [2012/07/29 14:59:50 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{67AD0CD9-9497-455D-8EFB-746C90CE2C42} [2012/07/29 14:59:29 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{A7A25F5E-E9A8-46BB-8D3E-AF50963EABEA} [2012/07/25 22:57:01 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{F04D1DFE-7D4A-4A55-9B96-6D762F7DBA67} [2012/07/25 22:56:50 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{E7C09A40-B4C3-44E5-BD3F-52BB26832044} [2012/07/25 10:51:56 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{F71BE9E3-4DA1-459F-BFC9-F92CF3FCD7F3} [2012/07/25 10:51:43 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{8D4673F7-4933-4253-8FE1-BFFBF189775A} [2012/07/24 13:40:09 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{7027C784-72DC-4ADD-9696-47B40C5864D5} [2012/07/24 13:39:59 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{E588D9EB-D304-46D5-A301-26964DEBCD8D} [2012/07/24 10:56:51 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012/07/24 02:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012/07/24 01:39:32 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{B4018704-91A9-4731-9E03-8BCAA1585DC0} [2012/07/24 01:39:22 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{5EFF4758-1DE3-4CF7-8BD7-B621CC953C23} [2012/07/23 18:06:44 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\Diagnostics [2012/07/23 13:42:31 | 000,000,000 | ---D | C] -- C:\Users\Admin123\Documents\Blio [2012/07/23 13:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Blio [2012/07/23 13:42:28 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\Blio [2012/07/23 13:38:50 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{0ABA0609-C426-40E8-B62E-69DDA8776D77} [2012/07/23 13:38:38 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{CD06E514-7D92-4857-92C3-AF3F25BBA920} [2012/07/22 22:15:26 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{DED9A98B-3174-4391-9985-37BF85E928A2} [2012/07/22 22:15:13 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{3E2A64ED-BB8A-4623-8510-ECE79BD5DE25} [2012/07/21 18:54:33 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{A8DBCF88-C524-4CE4-B2D7-C1401609C11C} [2012/07/21 18:54:20 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{176E9C0C-F11E-42CF-AC10-5B662A5C5CE2} [2012/07/19 22:13:33 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{4206FAD9-DB21-4F3F-9752-E9BD11BCAB91} [2012/07/19 22:13:22 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{B77458AD-6BD2-49B3-A6A5-89B26908282F} [2012/07/18 16:38:16 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{C6D9A22D-7ED6-48FB-BE40-353BC11C0B59} [2012/07/18 16:38:04 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{3D1F3DA9-9EC0-4E2F-974E-6B78E43B449B} [2012/07/17 23:00:56 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{4D6A7D49-DF48-4592-A9AD-DB48C8E5513C} [2012/07/17 23:00:45 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{1B6C1D19-81BE-4F1B-BC31-AEC793580834} [2012/07/16 19:26:37 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{EC6DDCB3-15AB-4C31-BB59-1A6A067813EF} [2012/07/16 19:26:24 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{5AD8E849-D42B-4602-A380-C11DB750D3A0} [2012/07/16 01:40:19 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\CrashRpt [2012/07/16 01:40:13 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin [2012/07/16 00:59:02 | 000,000,000 | ---D | C] -- C:\Users\Admin123\Documents\Mikogo4 [2012/07/16 00:50:56 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\Windows Live Writer [2012/07/16 00:50:56 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\Windows Live Writer [2012/07/16 00:45:30 | 000,000,000 | ---D | C] -- C:\Users\Admin123\.freescreensharing [2012/07/16 00:45:29 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeScreenSharing [2012/07/16 00:45:15 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\FreeScreenSharing [2012/07/15 19:26:00 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{C63E9491-3FBF-4355-B3FF-FAE3FE0F9149} [2012/07/15 19:25:48 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{998CF935-08A1-4350-9681-356ED3F15DAF} [2012/07/14 17:29:20 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{A5594CFC-EDC9-462D-BEEF-B0059C2951FA} [2012/07/14 17:29:08 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{015A645A-B376-4A2D-8F69-37C144AFE9BF} [2012/07/13 21:03:36 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{4B7A5B88-224B-403F-A97D-5E3B4543666D} [2012/07/13 21:03:22 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{CA439C39-1245-4452-9B55-1ECA4180F398} [2012/07/12 11:52:56 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{D0A319A9-0A87-4F4F-902C-77DDFBBB9320} [2012/07/12 11:52:42 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{91DD9EC0-84F6-4457-8025-40A464C08641} [2012/07/11 14:46:47 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{C9F8894D-E03D-457A-BD56-4296F473EFCD} [2012/07/11 14:46:30 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{64873836-03AC-45F6-AB70-6B76DF7E913B} [2012/07/11 01:10:07 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{2395C7D7-6EE0-47A6-85C1-2D1B9E2C019C} [2012/07/11 01:09:55 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{B3BFDB53-607C-4666-8A3D-32D2D4B8ACD9} [2012/07/10 23:48:13 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012/07/10 22:31:24 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\Malwarebytes [2012/07/10 22:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/07/10 21:34:14 | 000,000,000 | ---D | C] -- C:\Users\Admin123\Documents\OC Profiles [2012/07/10 16:35:55 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\Leadertech [2012/07/10 16:32:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpsonNet [2012/07/10 16:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet [2012/07/10 16:31:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON [2012/07/10 16:30:53 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\Epson [2012/07/10 16:29:54 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\InstallShield [2012/07/10 16:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software [2012/07/10 16:25:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software [2012/07/10 16:25:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2012/07/10 16:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON [2012/07/10 16:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON [2012/07/10 16:24:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson [2012/07/10 13:09:18 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{F451B05C-6220-401B-BDF7-F8999437E72C} [2012/07/10 13:09:07 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{82648B08-0B39-4693-9111-924C42C10EB0} [2012/07/09 14:53:19 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{4B48AE7B-7BE6-422D-90B2-3AB304474242} [2012/07/09 14:53:06 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{84DECF6A-76E5-40C1-A8C5-D63C248E0F38} [2012/07/08 03:26:44 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{806A7D75-82FA-4D5A-9CB7-888A3A99EC6D} [2012/07/08 03:26:34 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{7439D1A7-A7B9-48D4-8B0D-6B7DE77E399B} ========== Files - Modified Within 30 Days ========== [2012/08/06 23:01:28 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/06 23:01:28 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/06 22:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/06 22:54:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/06 22:53:57 | 2801,983,488 | -HS- | M] () -- C:\hiberfil.sys [2012/08/06 22:39:56 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/08/06 22:39:56 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/08/06 22:39:56 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/08/06 21:12:04 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/08/06 21:00:25 | 103,125,647 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012/08/05 22:35:52 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForADMIN123-HP$.job [2012/08/05 19:02:50 | 000,001,170 | ---- | M] () -- C:\Users\Admin123\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk [2012/08/05 19:02:50 | 000,001,146 | ---- | M] () -- C:\Users\Admin123\Desktop\AVG PC Tuneup 2011.lnk [2012/08/05 17:47:40 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012/08/05 17:47:32 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2012/08/05 17:46:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2012/08/05 17:46:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm [2012/08/05 17:46:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2012/08/05 16:54:22 | 000,000,033 | ---- | M] () -- C:\Users\Admin123\AppData\Roaming\mbam.context.scan [2012/08/05 16:24:25 | 000,000,020 | ---- | M] () -- C:\Windows\ÈóF [2012/07/29 23:55:25 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012/07/22 22:14:19 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAdmin123.job [2012/07/12 11:51:33 | 000,441,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/07/10 16:31:33 | 000,000,060 | ---- | M] () -- C:\Windows\EPART810.ini [2012/07/10 13:07:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf ========== Files Created - No Company Name ========== [2012/08/06 21:12:04 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/08/06 21:00:25 | 103,125,647 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012/08/05 19:02:50 | 000,001,170 | ---- | C] () -- C:\Users\Admin123\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk [2012/08/05 19:02:50 | 000,001,146 | ---- | C] () -- C:\Users\Admin123\Desktop\AVG PC Tuneup 2011.lnk [2012/08/05 17:47:40 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012/08/05 17:46:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2012/08/05 17:46:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm [2012/08/05 17:46:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2012/08/05 16:54:22 | 000,000,033 | ---- | C] () -- C:\Users\Admin123\AppData\Roaming\mbam.context.scan [2012/08/05 16:24:22 | 000,000,020 | ---- | C] () -- C:\Windows\ÈóF [2012/07/29 23:55:23 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012/07/24 02:58:53 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/07/10 16:29:59 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2012/07/10 16:29:59 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2012/07/10 16:29:59 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2012/07/10 16:29:59 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2012/07/10 16:29:59 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2012/07/10 16:29:59 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2012/07/10 16:29:59 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2012/07/10 16:29:59 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2012/07/10 16:29:59 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2012/07/10 16:29:59 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2012/07/10 16:29:59 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2012/07/10 16:29:59 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2012/07/10 16:29:59 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2012/07/10 16:29:58 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2012/07/10 16:29:58 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2012/07/10 16:29:58 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2012/07/10 16:29:58 | 000,012,669 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg [2012/07/10 16:29:58 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg [2012/07/10 16:29:58 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg [2012/07/10 16:29:58 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg [2012/07/10 16:29:58 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg [2012/07/10 16:29:58 | 000,006,226 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg [2012/07/10 16:22:46 | 000,000,060 | ---- | C] () -- C:\Windows\EPART810.ini [2012/07/10 13:07:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012/05/22 20:23:34 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012/05/11 21:20:32 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2012/05/11 21:12:27 | 000,323,072 | R--- | C] () -- C:\Windows\SysWow64\WgaTray.exe [2012/05/11 21:12:27 | 000,190,976 | R--- | C] () -- C:\Windows\SysWow64\Wgalogon.dll [2012/02/17 14:09:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/09/15 18:24:42 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011/09/06 16:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2011/03/18 05:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2012/08/05 19:05:03 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\AVG [2012/08/05 17:48:11 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\AVG2012 [2012/07/23 13:44:17 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\Blio [2012/07/30 00:02:27 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\Epson [2012/07/10 16:35:55 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\Leadertech [2012/07/04 01:32:32 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\ooVoo Details [2012/08/04 17:24:31 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\OpenOffice.org [2012/05/11 20:33:48 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\Synaptics [2012/05/22 19:51:54 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\SYSTEMAX Software Development [2012/08/05 21:20:27 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\TeamViewer [2012/07/16 00:50:56 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\Windows Live Writer [2009/07/14 01:08:49 | 000,027,662 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0B4227B4 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B4227B4 < End of report >
  11. Ahh!! I didn't realize I got answered!!! Thank you very much! So sorry to spam up the forums!
  12. Hi there! I am pretty new to this whole malware fighting thing, so if anyone with great expertise and patience could help me, I would be most grateful! ;A; So, I've been hit by both a trojan.agent disguised as a svchost.exe, as well as a ZeroAccess rootkit. I may or may not still have a problem with a .PUP toolbar or something of that sort- it hasn't shown up lately. Anyway, while I scanned my computer with Malwarebytes Anti-Malware- BOTH QUICK AND FULL SCANS - it will say that it is not there anymore. The unnerving thing is, however, that a couple days ago, it's been showing up sporadically in the quick and full scans- though the quick scans didn't always pick it up. Does anyone know how to help me? T____T
  13. I think I've been hit by both a Trojan backdoor virus, as well as rootkits(?). I have Malwarebytes Anti-Malware try and get rid of them, and each time I do another scan, they appear again. I've done almost everything that the other threads involving these two problems. Here, I have included the DDS.txt, the Attached.txt, the RogueKiller log, and the Malwarebytes Anti-Malware Scan Results. DDS: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Admin123 at 23:04:28 on 2012-08-04 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.1424 [GMT -4:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Tablet\Pen\Pen_TouchService.exe C:\Windows\system32\atieclxx.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\system32\taskhost.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE C:\Program Files\Tablet\Pen\Pen_TouchUser.exe C:\Windows\system32\Dwm.exe C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Tablet\Pen\Pen_Tablet.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\Explorer.EXE C:\Program Files\Tablet\Pen\Pen_TabletUser.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Tablet\Pen\Pen_Tablet.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\ooVoo\ooVoo.exe C:\Windows\System32\spool\drivers\x64\3\E_IATIFRA.EXE C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Windows\system32\DllHost.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe -netsvcs C:\Windows\system32\conhost.exe C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE C:\Windows\splwow64.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.deviantart.com/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\ooVoo.exe /minimized uRun: [FreeScreenSharing] "C:\Users\Admin123\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 71.242.0.12 TCP: Interfaces\{1B2E936E-E467-4AFD-9399-CEF592C23C0B} : DhcpNameServer = 192.168.1.1 71.242.0.12 TCP: Interfaces\{1B2E936E-E467-4AFD-9399-CEF592C23C0B}\9556C6C6F677D4F6F63756D27657563747 : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.33.1 TCP: Interfaces\{1B2E936E-E467-4AFD-9399-CEF592C23C0B}\C696E6B6379737F5750535F586167656 : DhcpNameServer = 75.75.75.75 75.75.76.76 Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll BHO-X64: AMD SteadyVideo BHO - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Admin123\AppData\Roaming\Mozilla\Firefox\Profiles\pbt687ag.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.deviantart.com/messages/ FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?] R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-15 361984] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072] R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-3-14 197504] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-2-17 2424424] R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-5-19 5790064] R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-5-19 487280] R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\system32\drivers\bcbtums.sys --> C:\Windows\system32\drivers\bcbtums.sys [?] R3 btwampfl;btwampfl Bluetooth filter driver;\??\C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?] R3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\system32\DRIVERS\btwdpan.sys --> C:\Windows\system32\DRIVERS\btwdpan.sys [?] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] R3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-24 250056] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-31 138912] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-26 113120] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-08-05 04:49:34 -------- d-----w- C:\FRST 2012-08-05 02:36:18 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-08-05 02:28:35 -------- d-sh--w- C:\$RECYCLE.BIN 2012-08-05 01:21:49 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7DF4DAD6-3021-4968-9462-8648F25D1B23}\offreg.dll 2012-08-05 01:16:11 98816 ----a-w- C:\Windows\sed.exe 2012-08-05 01:16:11 518144 ----a-w- C:\Windows\SWREG.exe 2012-08-05 01:16:11 256000 ----a-w- C:\Windows\PEV.exe 2012-08-05 01:16:11 208896 ----a-w- C:\Windows\MBR.exe 2012-08-05 00:32:06 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7DF4DAD6-3021-4968-9462-8648F25D1B23}\mpengine.dll 2012-08-05 00:29:02 -------- d-----w- C:\Users\Admin123\AppData\Local\{1D2659DA-06BB-4162-811C-3C721D09A7E2} 2012-08-05 00:28:49 -------- d-----w- C:\Users\Admin123\AppData\Local\{7CE6F2C6-0AF9-49FE-B144-9A5DABF30C97} 2012-08-04 21:38:49 -------- d-----w- C:\Program Files\GIMP 2 2012-08-04 21:24:31 -------- d-----w- C:\Users\Admin123\AppData\Roaming\OpenOffice.org 2012-08-04 18:43:13 -------- d-----w- C:\Program Files (x86)\Free Offers from Freeze.com 2012-08-04 18:42:32 -------- d-----w- C:\ProgramData\Tarma Installer 2012-08-04 18:40:19 -------- d-----w- C:\ProgramData\WeCareReminder 2012-08-04 17:36:33 -------- d-----w- C:\Users\Admin123\AppData\Local\{564BCC32-878A-4F1B-86DA-29D6E802F868} 2012-08-04 17:36:16 -------- d-----w- C:\Users\Admin123\AppData\Local\{8BEAE5EB-338B-473D-8E73-4A42BC9E9E4E} 2012-08-04 00:31:29 -------- d-----w- C:\Users\Admin123\AppData\Local\{E8E0C480-C253-4A0D-A655-0B50A5C1C89F} 2012-08-04 00:31:16 -------- d-----w- C:\Users\Admin123\AppData\Local\{1F6C5F07-4D99-40A7-9758-BE1BCED84EBE} 2012-08-01 01:48:36 -------- d-----w- C:\Users\Admin123\AppData\Local\{1D2B6A55-C7FA-49AF-9845-10A09CA2B586} 2012-08-01 01:48:23 -------- d-----w- C:\Users\Admin123\AppData\Local\{68979DA7-06C7-4A66-BDB9-1E2CD4B1CA9F} 2012-08-01 01:46:10 -------- d-----w- C:\Users\Admin123\AppData\Local\{E9E967F1-A989-4B03-A3FC-EDD18054DD3E} 2012-08-01 01:45:57 -------- d-----w- C:\Users\Admin123\AppData\Local\{DB01FF44-8DC5-4A5C-9AB5-E9554D46D6F4} 2012-07-30 21:45:55 -------- d-----w- C:\Users\Admin123\AppData\Local\{FD7BF79A-8AA6-4C17-AA3F-4F14BFD898CE} 2012-07-30 21:45:42 -------- d-----w- C:\Users\Admin123\AppData\Local\{1663D21E-A6DB-478C-B2AA-8B5D917F3E4E} 2012-07-30 06:09:15 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-07-30 03:54:27 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-07-30 03:54:27 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-07-30 02:24:13 -------- d-----w- C:\Users\Admin123\AppData\Local\Google 2012-07-30 02:05:44 -------- d-----w- C:\Users\Admin123\AppData\Local\{79A904E6-2178-461C-800D-564CCF356417} 2012-07-30 02:05:31 -------- d-----w- C:\Users\Admin123\AppData\Local\{E42C85C4-751D-48A1-AAD4-44720AAA4846} 2012-07-30 02:00:27 -------- d-----w- C:\Users\Admin123\AppData\Local\{7348F264-86B1-466C-A33C-80D1AC1B6F78} 2012-07-30 02:00:10 -------- d-----w- C:\Users\Admin123\AppData\Local\{E853D025-B9CB-4B2E-AE5D-F8D9559D4D83} 2012-07-29 19:05:13 -------- d-----w- C:\Program Files (x86)\McAfee 2012-07-29 18:59:50 -------- d-----w- C:\Users\Admin123\AppData\Local\{67AD0CD9-9497-455D-8EFB-746C90CE2C42} 2012-07-29 18:59:29 -------- d-----w- C:\Users\Admin123\AppData\Local\{A7A25F5E-E9A8-46BB-8D3E-AF50963EABEA} 2012-07-26 02:57:01 -------- d-----w- C:\Users\Admin123\AppData\Local\{F04D1DFE-7D4A-4A55-9B96-6D762F7DBA67} 2012-07-26 02:56:50 -------- d-----w- C:\Users\Admin123\AppData\Local\{E7C09A40-B4C3-44E5-BD3F-52BB26832044} 2012-07-25 14:51:56 -------- d-----w- C:\Users\Admin123\AppData\Local\{F71BE9E3-4DA1-459F-BFC9-F92CF3FCD7F3} 2012-07-25 14:51:43 -------- d-----w- C:\Users\Admin123\AppData\Local\{8D4673F7-4933-4253-8FE1-BFFBF189775A} 2012-07-24 17:40:09 -------- d-----w- C:\Users\Admin123\AppData\Local\{7027C784-72DC-4ADD-9696-47B40C5864D5} 2012-07-24 17:39:59 -------- d-----w- C:\Users\Admin123\AppData\Local\{E588D9EB-D304-46D5-A301-26964DEBCD8D} 2012-07-24 06:58:49 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-24 06:58:49 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-24 05:39:32 -------- d-----w- C:\Users\Admin123\AppData\Local\{B4018704-91A9-4731-9E03-8BCAA1585DC0} 2012-07-24 05:39:22 -------- d-----w- C:\Users\Admin123\AppData\Local\{5EFF4758-1DE3-4CF7-8BD7-B621CC953C23} 2012-07-23 22:06:44 -------- d-----w- C:\Users\Admin123\AppData\Local\Diagnostics 2012-07-23 17:42:31 -------- d-----w- C:\ProgramData\Blio 2012-07-23 17:42:28 -------- d-----w- C:\Users\Admin123\AppData\Roaming\Blio 2012-07-23 17:38:50 -------- d-----w- C:\Users\Admin123\AppData\Local\{0ABA0609-C426-40E8-B62E-69DDA8776D77} 2012-07-23 17:38:38 -------- d-----w- C:\Users\Admin123\AppData\Local\{CD06E514-7D92-4857-92C3-AF3F25BBA920} 2012-07-23 02:15:26 -------- d-----w- C:\Users\Admin123\AppData\Local\{DED9A98B-3174-4391-9985-37BF85E928A2} 2012-07-23 02:15:13 -------- d-----w- C:\Users\Admin123\AppData\Local\{3E2A64ED-BB8A-4623-8510-ECE79BD5DE25} 2012-07-21 22:54:33 -------- d-----w- C:\Users\Admin123\AppData\Local\{A8DBCF88-C524-4CE4-B2D7-C1401609C11C} 2012-07-21 22:54:20 -------- d-----w- C:\Users\Admin123\AppData\Local\{176E9C0C-F11E-42CF-AC10-5B662A5C5CE2} 2012-07-20 02:13:33 -------- d-----w- C:\Users\Admin123\AppData\Local\{4206FAD9-DB21-4F3F-9752-E9BD11BCAB91} 2012-07-20 02:13:22 -------- d-----w- C:\Users\Admin123\AppData\Local\{B77458AD-6BD2-49B3-A6A5-89B26908282F} 2012-07-18 20:38:16 -------- d-----w- C:\Users\Admin123\AppData\Local\{C6D9A22D-7ED6-48FB-BE40-353BC11C0B59} 2012-07-18 20:38:04 -------- d-----w- C:\Users\Admin123\AppData\Local\{3D1F3DA9-9EC0-4E2F-974E-6B78E43B449B} 2012-07-18 03:00:56 -------- d-----w- C:\Users\Admin123\AppData\Local\{4D6A7D49-DF48-4592-A9AD-DB48C8E5513C} 2012-07-18 03:00:45 -------- d-----w- C:\Users\Admin123\AppData\Local\{1B6C1D19-81BE-4F1B-BC31-AEC793580834} 2012-07-16 23:26:37 -------- d-----w- C:\Users\Admin123\AppData\Local\{EC6DDCB3-15AB-4C31-BB59-1A6A067813EF} 2012-07-16 23:26:24 -------- d-----w- C:\Users\Admin123\AppData\Local\{5AD8E849-D42B-4602-A380-C11DB750D3A0} 2012-07-16 05:40:19 -------- d-----w- C:\Users\Admin123\AppData\Local\CrashRpt 2012-07-16 05:40:13 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin 2012-07-16 04:50:56 -------- d-----w- C:\Users\Admin123\AppData\Roaming\Windows Live Writer 2012-07-16 04:50:56 -------- d-----w- C:\Users\Admin123\AppData\Local\Windows Live Writer 2012-07-16 04:45:30 -------- d-----w- C:\Users\Admin123\.freescreensharing 2012-07-16 04:45:15 -------- d-----w- C:\Users\Admin123\AppData\Local\FreeScreenSharing 2012-07-15 23:26:00 -------- d-----w- C:\Users\Admin123\AppData\Local\{C63E9491-3FBF-4355-B3FF-FAE3FE0F9149} 2012-07-15 23:25:48 -------- d-----w- C:\Users\Admin123\AppData\Local\{998CF935-08A1-4350-9681-356ED3F15DAF} 2012-07-14 21:29:20 -------- d-----w- C:\Users\Admin123\AppData\Local\{A5594CFC-EDC9-462D-BEEF-B0059C2951FA} 2012-07-14 21:29:08 -------- d-----w- C:\Users\Admin123\AppData\Local\{015A645A-B376-4A2D-8F69-37C144AFE9BF} 2012-07-14 01:03:36 -------- d-----w- C:\Users\Admin123\AppData\Local\{4B7A5B88-224B-403F-A97D-5E3B4543666D} 2012-07-14 01:03:22 -------- d-----w- C:\Users\Admin123\AppData\Local\{CA439C39-1245-4452-9B55-1ECA4180F398} 2012-07-12 15:52:56 -------- d-----w- C:\Users\Admin123\AppData\Local\{D0A319A9-0A87-4F4F-902C-77DDFBBB9320} 2012-07-12 15:52:42 -------- d-----w- C:\Users\Admin123\AppData\Local\{91DD9EC0-84F6-4457-8025-40A464C08641} 2012-07-12 15:47:20 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-12 02:09:25 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-07-11 19:04:54 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll 2012-07-11 19:04:54 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2012-07-11 19:04:54 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-07-11 19:04:54 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-07-11 19:04:54 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-07-11 19:04:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-07-11 18:46:47 -------- d-----w- C:\Users\Admin123\AppData\Local\{C9F8894D-E03D-457A-BD56-4296F473EFCD} 2012-07-11 18:46:30 -------- d-----w- C:\Users\Admin123\AppData\Local\{64873836-03AC-45F6-AB70-6B76DF7E913B} 2012-07-11 05:10:07 -------- d-----w- C:\Users\Admin123\AppData\Local\{2395C7D7-6EE0-47A6-85C1-2D1B9E2C019C} 2012-07-11 05:09:55 -------- d-----w- C:\Users\Admin123\AppData\Local\{B3BFDB53-607C-4666-8A3D-32D2D4B8ACD9} 2012-07-11 02:31:24 -------- d-----w- C:\Users\Admin123\AppData\Roaming\Malwarebytes 2012-07-11 02:31:12 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-11 02:31:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-10 20:33:34 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-07-10 20:33:29 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-07-10 20:32:56 -------- d-----w- C:\Program Files (x86)\EpsonNet 2012-07-10 20:32:18 -------- d-----w- C:\Program Files\EpsonNet 2012-07-10 20:31:41 -------- d-----w- C:\Program Files (x86)\Common Files\EPSON 2012-07-10 20:29:59 80024 ----a-w- C:\Windows\SysWow64\PICSDK.dll 2012-07-10 20:29:59 51360 ----a-w- C:\Windows\SysWow64\EpPicPrt.dll 2012-07-10 20:29:59 501912 ----a-w- C:\Windows\SysWow64\PICSDK2.dll 2012-07-10 20:29:59 108704 ----a-w- C:\Windows\SysWow64\PICEntry.dll 2012-07-10 20:29:58 51360 ----a-w- C:\Windows\SysWow64\EpPicMgr.dll 2012-07-10 20:27:52 282624 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe 2012-07-10 20:25:18 -------- d-----w- C:\Program Files (x86)\Epson Software 2012-07-10 20:24:43 118784 ----a-w- C:\Windows\System32\E_ILMFRA.DLL 2012-07-10 20:24:40 81920 ----a-w- C:\Windows\System32\E_IBCBFRA.DLL 2012-07-10 20:24:23 -------- d-----w- C:\ProgramData\EPSON 2012-07-10 20:24:06 459776 ----a-w- C:\Windows\System32\esxwiaud.dll 2012-07-10 20:24:06 17408 ----a-w- C:\Windows\System32\esxcdev.dll 2012-07-10 20:24:06 128392 ----a-w- C:\Windows\System32\esdevapp.exe 2012-07-10 20:24:04 -------- d-----w- C:\Program Files (x86)\epson 2012-07-10 17:09:18 -------- d-----w- C:\Users\Admin123\AppData\Local\{F451B05C-6220-401B-BDF7-F8999437E72C} 2012-07-10 17:09:07 -------- d-----w- C:\Users\Admin123\AppData\Local\{82648B08-0B39-4693-9111-924C42C10EB0} 2012-07-09 18:53:19 -------- d-----w- C:\Users\Admin123\AppData\Local\{4B48AE7B-7BE6-422D-90B2-3AB304474242} 2012-07-09 18:53:06 -------- d-----w- C:\Users\Admin123\AppData\Local\{84DECF6A-76E5-40C1-A8C5-D63C248E0F38} 2012-07-08 07:26:44 -------- d-----w- C:\Users\Admin123\AppData\Local\{806A7D75-82FA-4D5A-9CB7-888A3A99EC6D} 2012-07-08 07:26:34 -------- d-----w- C:\Users\Admin123\AppData\Local\{7439D1A7-A7B9-48D4-8B0D-6B7DE77E399B} 2012-07-08 01:04:23 -------- d-----w- C:\Users\Admin123\AppData\Local\{36A69F17-B550-4BE5-8B84-990B06DF9791} 2012-07-06 16:09:45 -------- d-----w- C:\Users\Admin123\AppData\Local\{6478E291-5D3A-4707-BDCC-D566669C85BC} 2012-07-06 16:09:34 -------- d-----w- C:\Users\Admin123\AppData\Local\{F1633444-E049-4A30-96CB-B53C1BB2C923} . ==================== Find3M ==================== . 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-05-19 17:06:35 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-05-19 17:06:35 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll . ============= FINISH: 23:06:17.37 =============== Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 5/11/2012 8:29:36 PM System Uptime: 8/4/2012 8:58:48 PM (3 hours ago) . Motherboard: Hewlett-Packard | | 169B Processor: AMD A4-3320M APU with Radeon HD Graphics | Socket FS1 | 2000/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 273 GiB total, 222.304 GiB free. D: is FIXED (NTFS) - 21 GiB total, 2.257 GiB free. E: is Removable F: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP55: 7/29/2012 10:10:35 PM - Windows Update RP57: 7/29/2012 11:55:47 PM - Windows Modules Installer RP58: 7/29/2012 11:59:39 PM - Removed Livestream Procaster RP59: 7/30/2012 12:01:15 AM - Removed EPSON Scan Assistant RP60: 7/30/2012 12:01:35 AM - Removed Attach To Email RP61: 7/30/2012 12:01:56 AM - Removed Epson Event Manager RP62: 7/30/2012 12:23:01 AM - Removed Blio. RP63: 7/30/2012 12:25:17 AM - Removed Adobe Photoshop.com Inspiration Browser RP64: 8/3/2012 9:26:25 PM - Removed Java 6 Update 32 RP65: 8/4/2012 2:06:52 PM - Removed Adobe Photoshop Elements 8.0. RP66: 8/4/2012 5:13:28 PM - Removed InstallIQ Updater RP67: 8/4/2012 5:16:21 PM - Removed SavetheChildren Reminder by We-Care.com v4.1.17.4 RP68: 8/4/2012 8:31:30 PM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Adobe AIR Adobe Flash Player 11 Plugin Adobe Photoshop Elements 8.0 Adobe Photoshop.com Inspiration Browser Adobe Reader X (10.1.3) MUI Adobe Shockwave Player 11.6 AMD VISION Engine Control Center Bamboo Bejeweled 3 Blackhawk Striker 2 Blio Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chuzzle Deluxe Cradle of Rome 2 CyberLink YouCam D3DX10 Dora's World Adventure Epson FAX Utility Epson PC-FAX Driver EPSON Scan EpsonNet Setup ESU for Microsoft Windows 7 SP1 Evernote v. 4.2.3 Farm Frenzy Farmscapes FATE Final Drive Fury FreeScreenSharing Hewlett-Packard ACLM.NET v1.1.2.0 Hoyle Card Games HP Customer Experience Enhancements HP Documentation HP Games HP MovieStore HP On Screen Display HP Power Manager HP Quick Launch HP QuickWeb HP Recovery Manager HP Setup HP Setup Manager HP Software Framework HP Support Assistant IDT Audio Java Auto Updater Java 6 Update 32 Jewel Match 3 Jewel Quest Mysteries: The Seventh Gate Collector's Edition John Deere Drive Green Junk Mail filter update K-Lite Codec Pack 7.0.0 (Standard) Letters from Nowhere 2 Luxor HD Mah Jong Medley Malwarebytes Anti-Malware version 1.62.0.1300 Mesh Runtime Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Visio Professional 2003 Microsoft Office Word MUI (English) 2007 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft WSE 3.0 Runtime Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) OGA Notifier 1.7.0105.14.0 ooVoo OpenOffice.org 3.3 opensource Penguins! Picasa 3 Plants vs. Zombies - Game of the Year PlayReady PC Runtime x86 Poker Superstars III Polar Bowler Polar Golfer Realtek Ethernet Controller Driver Realtek PCIE Card Reader RollerCoaster Tycoon 3: Platinum Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Skype Click to Call Skype™ 5.10 swMSM The Treasures of Mystery Island: The Ghost Ship Torchlight Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update Installer for WildTangent Games App Virtual Villagers 4 - The Tree of Life WebTablet IE Plugin WebTablet Netscape Plugin WildTangent Games App (HP Games) Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Zuma's Revenge . ==== Event Viewer Messages From Past Week ======== . 8/4/2012 9:31:57 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 8/4/2012 9:25:19 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 8/4/2012 9:15:22 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s). 8/4/2012 9:00:23 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 8/4/2012 8:31:59 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 8/4/2012 8:27:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service. 8/4/2012 8:21:51 PM, Error: Microsoft-Windows-DriverFrameworks-UserMode [10101] - The driver package installation has failed. The final status was 0x45B. 8/4/2012 8:06:50 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 8/4/2012 8:06:50 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 8/4/2012 8:06:49 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 8/4/2012 7:25:53 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 8/4/2012 7:25:53 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 8/4/2012 2:03:43 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8808e539728, 0x0000000000000001, 0xfffffa8004b0e2e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080412-43118-01. 7/30/2012 9:49:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service. 7/30/2012 3:00:04 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8808c35f728, 0x0000000000000001, 0xfffffa80055472e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 073012-37221-01. 7/30/2012 12:16:16 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8808b354928, 0x0000000000000001, 0xfffffa80051f52e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 073012-57080-01. 7/30/2012 12:07:55 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8808f8b7128, 0x0000000000000001, 0xfffffa80051d62e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 073012-62369-01. 7/29/2012 9:59:36 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 7/29/2012 11:47:58 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8808bcf9328, 0x0000000000000001, 0xfffffa80051c52e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072912-41059-01. 7/29/2012 11:45:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8808ecda630, 0x0000000000000001, 0xfffffa80059132e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072912-36941-01. 7/29/2012 11:30:56 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8808ecbf328, 0x0000000000000001, 0xfffffa80052032e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072912-43867-01. 7/29/2012 10:03:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002e617ef, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072912-80605-01. . ==== End Of File =========================== RogueKiller Log: RogueKiller V7.6.5 [08/03/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Admin123 [Admin rights] Mode: Scan -- Date: 08/04/2012 19:25:00 ¤¤¤ Bad processes: 3 ¤¤¤ [sUSP PATH] c2c_service.exe -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc] [sUSP PATH] FreeScreenSharing.exe -- C:\Users\Admin123\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe -> KILLED [TermProc] [sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 4 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : FreeScreenSharing ("C:\Users\Admin123\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe") -> FOUND [sUSP PATH] HKUS\S-1-5-21-1641636118-1598163892-1382682310-1001[...]\Run : FreeScreenSharing ("C:\Users\Admin123\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe") -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : c:\windows\installer\{29d9bd97-a400-c327-ec45-0e2f68899581}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\windows\installer\{29d9bd97-a400-c327-ec45-0e2f68899581}\U --> FOUND [ZeroAccess][FOLDER] L : c:\windows\installer\{29d9bd97-a400-c327-ec45-0e2f68899581}\L --> FOUND [ZeroAccess][FILE] @ : c:\users\admin123\appdata\local\{29d9bd97-a400-c327-ec45-0e2f68899581}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\users\admin123\appdata\local\{29d9bd97-a400-c327-ec45-0e2f68899581}\U --> FOUND [ZeroAccess][FOLDER] L : c:\users\admin123\appdata\local\{29d9bd97-a400-c327-ec45-0e2f68899581}\L --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND [susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> CANNOT FIX ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS543232A7A384 SATA Disk Device +++++ --- User --- [MBR] cd1e5e7483284daf76c96c769a479412 [bSP] 4d418d3c667ba0ecd9b5e11daf380f57 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 279563 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 572954624 | Size: 21418 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 616818688 | Size: 4063 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] 15253e84d3099f1e7c11d78750ef9d71 [bSP] 4d418d3c667ba0ecd9b5e11daf380f57 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo 1 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 159793152 | Size: 4000 Mo 2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167985152 | Size: 2000 Mo 3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 172081152 | Size: 25000 Mo Finished : << RKreport[1].txt >> RKreport[1].txt Malwarebytes Anti-Malware Scan Log: Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.04.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Admin123 :: ADMIN123-HP [administrator] Protection: Enabled 8/4/2012 7:04:02 PM mbam-log-2012-08-04 (19-04-02).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 329029 Time elapsed: 42 minute(s), 45 second(s) Memory Processes Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> 4588 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 6 C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\179KQB38\openfreely_1296.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully. C:\Users\Admin123\Downloads\SoftonicDownloader_for_picasa.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully. C:\Windows\Installer\{29d9bd97-a400-c327-ec45-0e2f68899581}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Delete on reboot. C:\Windows\Installer\{29d9bd97-a400-c327-ec45-0e2f68899581}\U\000000cb.@ (Rootkit.0Access) -> Delete on reboot. C:\Windows\Installer\{29d9bd97-a400-c327-ec45-0e2f68899581}\U\80000032.@ (Rootkit.0Access) -> Delete on reboot. C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. (end)
  14. I don't know what happened, but I continue to remove the same infected items over and over again. I restart the computer after each time, but each time I do another full scan to make sure they're all gone, Malwarebytes still seems to find something.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.