Jump to content


Photo
- - - - -

Trojan Backdoor and Rootkit Infection?

trojan backdoor rootkit

  • This topic is locked This topic is locked
24 replies to this topic

#1 WizCalifa

WizCalifa

    New Member

  • Members
  • Pip
  • 15 posts
  • Gender:Female

Posted 04 August 2012 - 10:11 PM

I think I've been hit by both a Trojan backdoor virus, as well as rootkits(?). I have Malwarebytes Anti-Malware try and get rid of them, and each time I do another scan, they appear again. I've done almost everything that the other threads involving these two problems.

Here, I have included the DDS.txt, the Attached.txt, the RogueKiller log, and the Malwarebytes Anti-Malware Scan Results.

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Admin123 at 23:04:28 on 2012-08-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.1424 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\Dwm.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIFRA.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.deviantart.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\ooVoo.exe /minimized
uRun: [FreeScreenSharing] "C:\Users\Admin123\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{1B2E936E-E467-4AFD-9399-CEF592C23C0B} : DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{1B2E936E-E467-4AFD-9399-CEF592C23C0B}\9556C6C6F677D4F6F63756D27657563747 : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.33.1
TCP: Interfaces\{1B2E936E-E467-4AFD-9399-CEF592C23C0B}\C696E6B6379737F5750535F586167656 : DhcpNameServer = 75.75.75.75 75.75.76.76
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Admin123\AppData\Roaming\Mozilla\Firefox\Profiles\pbt687ag.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.deviantart.com/messages/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-15 361984]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-3-14 197504]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-2-17 2424424]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-5-19 5790064]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-5-19 487280]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\system32\drivers\bcbtums.sys --> C:\Windows\system32\drivers\bcbtums.sys [?]
R3 btwampfl;btwampfl Bluetooth filter driver;\??\C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
R3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\system32\DRIVERS\btwdpan.sys --> C:\Windows\system32\DRIVERS\btwdpan.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-24 250056]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-31 138912]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-26 113120]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-05 04:49:34 -------- d-----w- C:\FRST
2012-08-05 02:36:18 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-05 02:28:35 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-05 01:21:49 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7DF4DAD6-3021-4968-9462-8648F25D1B23}\offreg.dll
2012-08-05 01:16:11 98816 ----a-w- C:\Windows\sed.exe
2012-08-05 01:16:11 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-05 01:16:11 256000 ----a-w- C:\Windows\PEV.exe
2012-08-05 01:16:11 208896 ----a-w- C:\Windows\MBR.exe
2012-08-05 00:32:06 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7DF4DAD6-3021-4968-9462-8648F25D1B23}\mpengine.dll
2012-08-05 00:29:02 -------- d-----w- C:\Users\Admin123\AppData\Local\{1D2659DA-06BB-4162-811C-3C721D09A7E2}
2012-08-05 00:28:49 -------- d-----w- C:\Users\Admin123\AppData\Local\{7CE6F2C6-0AF9-49FE-B144-9A5DABF30C97}
2012-08-04 21:38:49 -------- d-----w- C:\Program Files\GIMP 2
2012-08-04 21:24:31 -------- d-----w- C:\Users\Admin123\AppData\Roaming\OpenOffice.org
2012-08-04 18:43:13 -------- d-----w- C:\Program Files (x86)\Free Offers from Freeze.com
2012-08-04 18:42:32 -------- d-----w- C:\ProgramData\Tarma Installer
2012-08-04 18:40:19 -------- d-----w- C:\ProgramData\WeCareReminder
2012-08-04 17:36:33 -------- d-----w- C:\Users\Admin123\AppData\Local\{564BCC32-878A-4F1B-86DA-29D6E802F868}
2012-08-04 17:36:16 -------- d-----w- C:\Users\Admin123\AppData\Local\{8BEAE5EB-338B-473D-8E73-4A42BC9E9E4E}
2012-08-04 00:31:29 -------- d-----w- C:\Users\Admin123\AppData\Local\{E8E0C480-C253-4A0D-A655-0B50A5C1C89F}
2012-08-04 00:31:16 -------- d-----w- C:\Users\Admin123\AppData\Local\{1F6C5F07-4D99-40A7-9758-BE1BCED84EBE}
2012-08-01 01:48:36 -------- d-----w- C:\Users\Admin123\AppData\Local\{1D2B6A55-C7FA-49AF-9845-10A09CA2B586}
2012-08-01 01:48:23 -------- d-----w- C:\Users\Admin123\AppData\Local\{68979DA7-06C7-4A66-BDB9-1E2CD4B1CA9F}
2012-08-01 01:46:10 -------- d-----w- C:\Users\Admin123\AppData\Local\{E9E967F1-A989-4B03-A3FC-EDD18054DD3E}
2012-08-01 01:45:57 -------- d-----w- C:\Users\Admin123\AppData\Local\{DB01FF44-8DC5-4A5C-9AB5-E9554D46D6F4}
2012-07-30 21:45:55 -------- d-----w- C:\Users\Admin123\AppData\Local\{FD7BF79A-8AA6-4C17-AA3F-4F14BFD898CE}
2012-07-30 21:45:42 -------- d-----w- C:\Users\Admin123\AppData\Local\{1663D21E-A6DB-478C-B2AA-8B5D917F3E4E}
2012-07-30 06:09:15 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-30 03:54:27 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-07-30 03:54:27 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-07-30 02:24:13 -------- d-----w- C:\Users\Admin123\AppData\Local\Google
2012-07-30 02:05:44 -------- d-----w- C:\Users\Admin123\AppData\Local\{79A904E6-2178-461C-800D-564CCF356417}
2012-07-30 02:05:31 -------- d-----w- C:\Users\Admin123\AppData\Local\{E42C85C4-751D-48A1-AAD4-44720AAA4846}
2012-07-30 02:00:27 -------- d-----w- C:\Users\Admin123\AppData\Local\{7348F264-86B1-466C-A33C-80D1AC1B6F78}
2012-07-30 02:00:10 -------- d-----w- C:\Users\Admin123\AppData\Local\{E853D025-B9CB-4B2E-AE5D-F8D9559D4D83}
2012-07-29 19:05:13 -------- d-----w- C:\Program Files (x86)\McAfee
2012-07-29 18:59:50 -------- d-----w- C:\Users\Admin123\AppData\Local\{67AD0CD9-9497-455D-8EFB-746C90CE2C42}
2012-07-29 18:59:29 -------- d-----w- C:\Users\Admin123\AppData\Local\{A7A25F5E-E9A8-46BB-8D3E-AF50963EABEA}
2012-07-26 02:57:01 -------- d-----w- C:\Users\Admin123\AppData\Local\{F04D1DFE-7D4A-4A55-9B96-6D762F7DBA67}
2012-07-26 02:56:50 -------- d-----w- C:\Users\Admin123\AppData\Local\{E7C09A40-B4C3-44E5-BD3F-52BB26832044}
2012-07-25 14:51:56 -------- d-----w- C:\Users\Admin123\AppData\Local\{F71BE9E3-4DA1-459F-BFC9-F92CF3FCD7F3}
2012-07-25 14:51:43 -------- d-----w- C:\Users\Admin123\AppData\Local\{8D4673F7-4933-4253-8FE1-BFFBF189775A}
2012-07-24 17:40:09 -------- d-----w- C:\Users\Admin123\AppData\Local\{7027C784-72DC-4ADD-9696-47B40C5864D5}
2012-07-24 17:39:59 -------- d-----w- C:\Users\Admin123\AppData\Local\{E588D9EB-D304-46D5-A301-26964DEBCD8D}
2012-07-24 06:58:49 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-24 06:58:49 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-24 05:39:32 -------- d-----w- C:\Users\Admin123\AppData\Local\{B4018704-91A9-4731-9E03-8BCAA1585DC0}
2012-07-24 05:39:22 -------- d-----w- C:\Users\Admin123\AppData\Local\{5EFF4758-1DE3-4CF7-8BD7-B621CC953C23}
2012-07-23 22:06:44 -------- d-----w- C:\Users\Admin123\AppData\Local\Diagnostics
2012-07-23 17:42:31 -------- d-----w- C:\ProgramData\Blio
2012-07-23 17:42:28 -------- d-----w- C:\Users\Admin123\AppData\Roaming\Blio
2012-07-23 17:38:50 -------- d-----w- C:\Users\Admin123\AppData\Local\{0ABA0609-C426-40E8-B62E-69DDA8776D77}
2012-07-23 17:38:38 -------- d-----w- C:\Users\Admin123\AppData\Local\{CD06E514-7D92-4857-92C3-AF3F25BBA920}
2012-07-23 02:15:26 -------- d-----w- C:\Users\Admin123\AppData\Local\{DED9A98B-3174-4391-9985-37BF85E928A2}
2012-07-23 02:15:13 -------- d-----w- C:\Users\Admin123\AppData\Local\{3E2A64ED-BB8A-4623-8510-ECE79BD5DE25}
2012-07-21 22:54:33 -------- d-----w- C:\Users\Admin123\AppData\Local\{A8DBCF88-C524-4CE4-B2D7-C1401609C11C}
2012-07-21 22:54:20 -------- d-----w- C:\Users\Admin123\AppData\Local\{176E9C0C-F11E-42CF-AC10-5B662A5C5CE2}
2012-07-20 02:13:33 -------- d-----w- C:\Users\Admin123\AppData\Local\{4206FAD9-DB21-4F3F-9752-E9BD11BCAB91}
2012-07-20 02:13:22 -------- d-----w- C:\Users\Admin123\AppData\Local\{B77458AD-6BD2-49B3-A6A5-89B26908282F}
2012-07-18 20:38:16 -------- d-----w- C:\Users\Admin123\AppData\Local\{C6D9A22D-7ED6-48FB-BE40-353BC11C0B59}
2012-07-18 20:38:04 -------- d-----w- C:\Users\Admin123\AppData\Local\{3D1F3DA9-9EC0-4E2F-974E-6B78E43B449B}
2012-07-18 03:00:56 -------- d-----w- C:\Users\Admin123\AppData\Local\{4D6A7D49-DF48-4592-A9AD-DB48C8E5513C}
2012-07-18 03:00:45 -------- d-----w- C:\Users\Admin123\AppData\Local\{1B6C1D19-81BE-4F1B-BC31-AEC793580834}
2012-07-16 23:26:37 -------- d-----w- C:\Users\Admin123\AppData\Local\{EC6DDCB3-15AB-4C31-BB59-1A6A067813EF}
2012-07-16 23:26:24 -------- d-----w- C:\Users\Admin123\AppData\Local\{5AD8E849-D42B-4602-A380-C11DB750D3A0}
2012-07-16 05:40:19 -------- d-----w- C:\Users\Admin123\AppData\Local\CrashRpt
2012-07-16 05:40:13 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2012-07-16 04:50:56 -------- d-----w- C:\Users\Admin123\AppData\Roaming\Windows Live Writer
2012-07-16 04:50:56 -------- d-----w- C:\Users\Admin123\AppData\Local\Windows Live Writer
2012-07-16 04:45:30 -------- d-----w- C:\Users\Admin123\.freescreensharing
2012-07-16 04:45:15 -------- d-----w- C:\Users\Admin123\AppData\Local\FreeScreenSharing
2012-07-15 23:26:00 -------- d-----w- C:\Users\Admin123\AppData\Local\{C63E9491-3FBF-4355-B3FF-FAE3FE0F9149}
2012-07-15 23:25:48 -------- d-----w- C:\Users\Admin123\AppData\Local\{998CF935-08A1-4350-9681-356ED3F15DAF}
2012-07-14 21:29:20 -------- d-----w- C:\Users\Admin123\AppData\Local\{A5594CFC-EDC9-462D-BEEF-B0059C2951FA}
2012-07-14 21:29:08 -------- d-----w- C:\Users\Admin123\AppData\Local\{015A645A-B376-4A2D-8F69-37C144AFE9BF}
2012-07-14 01:03:36 -------- d-----w- C:\Users\Admin123\AppData\Local\{4B7A5B88-224B-403F-A97D-5E3B4543666D}
2012-07-14 01:03:22 -------- d-----w- C:\Users\Admin123\AppData\Local\{CA439C39-1245-4452-9B55-1ECA4180F398}
2012-07-12 15:52:56 -------- d-----w- C:\Users\Admin123\AppData\Local\{D0A319A9-0A87-4F4F-902C-77DDFBBB9320}
2012-07-12 15:52:42 -------- d-----w- C:\Users\Admin123\AppData\Local\{91DD9EC0-84F6-4457-8025-40A464C08641}
2012-07-12 15:47:20 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-12 02:09:25 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-07-11 19:04:54 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-11 19:04:54 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-07-11 19:04:54 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 19:04:54 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-11 19:04:54 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-11 19:04:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-11 18:46:47 -------- d-----w- C:\Users\Admin123\AppData\Local\{C9F8894D-E03D-457A-BD56-4296F473EFCD}
2012-07-11 18:46:30 -------- d-----w- C:\Users\Admin123\AppData\Local\{64873836-03AC-45F6-AB70-6B76DF7E913B}
2012-07-11 05:10:07 -------- d-----w- C:\Users\Admin123\AppData\Local\{2395C7D7-6EE0-47A6-85C1-2D1B9E2C019C}
2012-07-11 05:09:55 -------- d-----w- C:\Users\Admin123\AppData\Local\{B3BFDB53-607C-4666-8A3D-32D2D4B8ACD9}
2012-07-11 02:31:24 -------- d-----w- C:\Users\Admin123\AppData\Roaming\Malwarebytes
2012-07-11 02:31:12 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-11 02:31:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-10 20:33:34 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-07-10 20:33:29 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-07-10 20:32:56 -------- d-----w- C:\Program Files (x86)\EpsonNet
2012-07-10 20:32:18 -------- d-----w- C:\Program Files\EpsonNet
2012-07-10 20:31:41 -------- d-----w- C:\Program Files (x86)\Common Files\EPSON
2012-07-10 20:29:59 80024 ----a-w- C:\Windows\SysWow64\PICSDK.dll
2012-07-10 20:29:59 51360 ----a-w- C:\Windows\SysWow64\EpPicPrt.dll
2012-07-10 20:29:59 501912 ----a-w- C:\Windows\SysWow64\PICSDK2.dll
2012-07-10 20:29:59 108704 ----a-w- C:\Windows\SysWow64\PICEntry.dll
2012-07-10 20:29:58 51360 ----a-w- C:\Windows\SysWow64\EpPicMgr.dll
2012-07-10 20:27:52 282624 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2012-07-10 20:25:18 -------- d-----w- C:\Program Files (x86)\Epson Software
2012-07-10 20:24:43 118784 ----a-w- C:\Windows\System32\E_ILMFRA.DLL
2012-07-10 20:24:40 81920 ----a-w- C:\Windows\System32\E_IBCBFRA.DLL
2012-07-10 20:24:23 -------- d-----w- C:\ProgramData\EPSON
2012-07-10 20:24:06 459776 ----a-w- C:\Windows\System32\esxwiaud.dll
2012-07-10 20:24:06 17408 ----a-w- C:\Windows\System32\esxcdev.dll
2012-07-10 20:24:06 128392 ----a-w- C:\Windows\System32\esdevapp.exe
2012-07-10 20:24:04 -------- d-----w- C:\Program Files (x86)\epson
2012-07-10 17:09:18 -------- d-----w- C:\Users\Admin123\AppData\Local\{F451B05C-6220-401B-BDF7-F8999437E72C}
2012-07-10 17:09:07 -------- d-----w- C:\Users\Admin123\AppData\Local\{82648B08-0B39-4693-9111-924C42C10EB0}
2012-07-09 18:53:19 -------- d-----w- C:\Users\Admin123\AppData\Local\{4B48AE7B-7BE6-422D-90B2-3AB304474242}
2012-07-09 18:53:06 -------- d-----w- C:\Users\Admin123\AppData\Local\{84DECF6A-76E5-40C1-A8C5-D63C248E0F38}
2012-07-08 07:26:44 -------- d-----w- C:\Users\Admin123\AppData\Local\{806A7D75-82FA-4D5A-9CB7-888A3A99EC6D}
2012-07-08 07:26:34 -------- d-----w- C:\Users\Admin123\AppData\Local\{7439D1A7-A7B9-48D4-8B0D-6B7DE77E399B}
2012-07-08 01:04:23 -------- d-----w- C:\Users\Admin123\AppData\Local\{36A69F17-B550-4BE5-8B84-990B06DF9791}
2012-07-06 16:09:45 -------- d-----w- C:\Users\Admin123\AppData\Local\{6478E291-5D3A-4707-BDCC-D566669C85BC}
2012-07-06 16:09:34 -------- d-----w- C:\Users\Admin123\AppData\Local\{F1633444-E049-4A30-96CB-B53C1BB2C923}
.
==================== Find3M ====================
.
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-19 17:06:35 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-19 17:06:35 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 23:06:17.37 ===============

Attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/11/2012 8:29:36 PM
System Uptime: 8/4/2012 8:58:48 PM (3 hours ago)
.
Motherboard: Hewlett-Packard | | 169B
Processor: AMD A4-3320M APU with Radeon™ HD Graphics | Socket FS1 | 2000/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 273 GiB total, 222.304 GiB free.
D: is FIXED (NTFS) - 21 GiB total, 2.257 GiB free.
E: is Removable
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP55: 7/29/2012 10:10:35 PM - Windows Update
RP57: 7/29/2012 11:55:47 PM - Windows Modules Installer
RP58: 7/29/2012 11:59:39 PM - Removed Livestream Procaster
RP59: 7/30/2012 12:01:15 AM - Removed EPSON Scan Assistant
RP60: 7/30/2012 12:01:35 AM - Removed Attach To Email
RP61: 7/30/2012 12:01:56 AM - Removed Epson Event Manager
RP62: 7/30/2012 12:23:01 AM - Removed Blio.
RP63: 7/30/2012 12:25:17 AM - Removed Adobe Photoshop.com Inspiration Browser
RP64: 8/3/2012 9:26:25 PM - Removed Java™ 6 Update 32
RP65: 8/4/2012 2:06:52 PM - Removed Adobe Photoshop Elements 8.0.
RP66: 8/4/2012 5:13:28 PM - Removed InstallIQ Updater
RP67: 8/4/2012 5:16:21 PM - Removed SavetheChildren Reminder by We-Care.com v4.1.17.4
RP68: 8/4/2012 8:31:30 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 8.0
Adobe Photoshop.com Inspiration Browser
Adobe Reader X (10.1.3) MUI
Adobe Shockwave Player 11.6
AMD VISION Engine Control Center
Bamboo
Bejeweled 3
Blackhawk Striker 2
Blio
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Cradle of Rome 2
CyberLink YouCam
D3DX10
Dora's World Adventure
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EpsonNet Setup
ESU for Microsoft Windows 7 SP1
Evernote v. 4.2.3
Farm Frenzy
Farmscapes
FATE
Final Drive Fury
FreeScreenSharing
Hewlett-Packard ACLM.NET v1.1.2.0
Hoyle Card Games
HP Customer Experience Enhancements
HP Documentation
HP Games
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP QuickWeb
HP Recovery Manager
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
IDT Audio
Java Auto Updater
Java™ 6 Update 32
Jewel Match 3
Jewel Quest Mysteries: The Seventh Gate Collector's Edition
John Deere Drive Green
Junk Mail filter update
K-Lite Codec Pack 7.0.0 (Standard)
Letters from Nowhere 2
Luxor HD
Mah Jong Medley
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio Professional 2003
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 1.7.0105.14.0
ooVoo
OpenOffice.org 3.3
opensource
Penguins!
Picasa 3
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
RollerCoaster Tycoon 3: Platinum
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype Click to Call
Skype™ 5.10
swMSM
The Treasures of Mystery Island: The Ghost Ship
Torchlight
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
WebTablet IE Plugin
WebTablet Netscape Plugin
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
8/4/2012 9:31:57 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/4/2012 9:25:19 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/4/2012 9:15:22 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).
8/4/2012 9:00:23 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/4/2012 8:31:59 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
8/4/2012 8:27:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
8/4/2012 8:21:51 PM, Error: Microsoft-Windows-DriverFrameworks-UserMode [10101] - The driver package installation has failed. The final status was 0x45B.
8/4/2012 8:06:50 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
8/4/2012 8:06:50 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
8/4/2012 8:06:49 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
8/4/2012 7:25:53 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
8/4/2012 7:25:53 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
8/4/2012 2:03:43 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8808e539728, 0x0000000000000001, 0xfffffa8004b0e2e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080412-43118-01.
7/30/2012 9:49:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service.
7/30/2012 3:00:04 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8808c35f728, 0x0000000000000001, 0xfffffa80055472e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 073012-37221-01.
7/30/2012 12:16:16 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8808b354928, 0x0000000000000001, 0xfffffa80051f52e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 073012-57080-01.
7/30/2012 12:07:55 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8808f8b7128, 0x0000000000000001, 0xfffffa80051d62e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 073012-62369-01.
7/29/2012 9:59:36 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/29/2012 11:47:58 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8808bcf9328, 0x0000000000000001, 0xfffffa80051c52e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072912-41059-01.
7/29/2012 11:45:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8808ecda630, 0x0000000000000001, 0xfffffa80059132e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072912-36941-01.
7/29/2012 11:30:56 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8808ecbf328, 0x0000000000000001, 0xfffffa80052032e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072912-43867-01.
7/29/2012 10:03:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002e617ef, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072912-80605-01.
.
==== End Of File ===========================


RogueKiller Log:
RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Admin123 [Admin rights]
Mode: Scan -- Date: 08/04/2012 19:25:00

¤¤¤ Bad processes: 3 ¤¤¤
[SUSP PATH] c2c_service.exe -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]
[SUSP PATH] FreeScreenSharing.exe -- C:\Users\Admin123\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 4 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : FreeScreenSharing ("C:\Users\Admin123\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe") -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1641636118-1598163892-1382682310-1001[...]\Run : FreeScreenSharing ("C:\Users\Admin123\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe") -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : c:\windows\installer\{29d9bd97-a400-c327-ec45-0e2f68899581}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{29d9bd97-a400-c327-ec45-0e2f68899581}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{29d9bd97-a400-c327-ec45-0e2f68899581}\L --> FOUND
[ZeroAccess][FILE] @ : c:\users\admin123\appdata\local\{29d9bd97-a400-c327-ec45-0e2f68899581}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\users\admin123\appdata\local\{29d9bd97-a400-c327-ec45-0e2f68899581}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\admin123\appdata\local\{29d9bd97-a400-c327-ec45-0e2f68899581}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND
[Susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> CANNOT FIX

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS543232A7A384 SATA Disk Device +++++
--- User ---
[MBR] cd1e5e7483284daf76c96c769a479412
[BSP] 4d418d3c667ba0ecd9b5e11daf380f57 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 279563 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 572954624 | Size: 21418 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 616818688 | Size: 4063 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 15253e84d3099f1e7c11d78750ef9d71
[BSP] 4d418d3c667ba0ecd9b5e11daf380f57 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo
1 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 159793152 | Size: 4000 Mo
2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167985152 | Size: 2000 Mo
3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 172081152 | Size: 25000 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt



Malwarebytes Anti-Malware Scan Log:
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.04.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Admin123 :: ADMIN123-HP [administrator]

Protection: Enabled

8/4/2012 7:04:02 PM
mbam-log-2012-08-04 (19-04-02).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 329029
Time elapsed: 42 minute(s), 45 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4588 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\179KQB38\openfreely_1296.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
C:\Users\Admin123\Downloads\SoftonicDownloader_for_picasa.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
C:\Windows\Installer\{29d9bd97-a400-c327-ec45-0e2f68899581}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Delete on reboot.
C:\Windows\Installer\{29d9bd97-a400-c327-ec45-0e2f68899581}\U\000000cb.@ (Rootkit.0Access) -> Delete on reboot.
C:\Windows\Installer\{29d9bd97-a400-c327-ec45-0e2f68899581}\U\80000032.@ (Rootkit.0Access) -> Delete on reboot.
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.


(end)

#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 05 August 2012 - 05:59 AM

Hello WizCalifa! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING


One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?
Help: I Got Hacked. Now What Do I Do? Part II
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 WizCalifa

WizCalifa

    New Member

  • Members
  • Pip
  • 15 posts
  • Gender:Female

Posted 06 August 2012 - 10:26 PM

Sorry! I didn't realize this got answered to! Thank you so much for taking your time out to help me! :)

OTL logfile created on: 8/6/2012 11:16:20 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Admin123\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 62.54% Memory free
6.96 Gb Paging File | 5.20 Gb Available in Paging File | 74.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273.01 Gb Total Space | 223.92 Gb Free Space | 82.02% Space Free | Partition Type: NTFS
Drive D: | 20.92 Gb Total Space | 2.26 Gb Free Space | 10.79% Space Free | Partition Type: NTFS
Drive E: | 3.72 Gb Total Space | 3.72 Gb Free Space | 99.96% Space Free | Partition Type: FAT32
Drive G: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.23% Space Free | Partition Type: FAT32

Computer Name: ADMIN123-HP | User Name: Admin123 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/06 23:14:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Admin123\Downloads\OTL.exe
PRC - [2012/08/05 17:47:30 | 000,830,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
PRC - [2012/08/05 17:47:28 | 001,147,488 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2012/05/29 10:37:22 | 025,249,400 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/14 10:28:28 | 000,197,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/11/22 05:57:16 | 002,204,488 | ---- | M] () -- C:\Users\Admin123\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe
PRC - [2011/11/03 17:20:58 | 000,803,144 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
PRC - [2011/10/07 22:10:48 | 000,169,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/08/22 23:40:22 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/08/19 17:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/06/05 00:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/05 17:47:31 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\SiteSafety.dll
MOD - [2012/08/05 17:47:28 | 001,147,488 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/06/19 00:53:14 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/06/19 00:52:58 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/19 13:16:05 | 000,877,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
MOD - [2011/11/22 05:57:16 | 002,204,488 | ---- | M] () -- C:\Users\Admin123\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe
MOD - [2011/11/03 17:21:06 | 000,350,024 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madExcept_.bpl
MOD - [2011/11/03 17:21:06 | 000,184,136 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madBasic_.bpl
MOD - [2011/11/03 17:21:06 | 000,050,504 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madDisAsm_.bpl


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/20 15:52:38 | 001,085,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/09/16 06:12:12 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/09/15 18:15:44 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/09/08 09:42:28 | 000,305,152 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/02/17 01:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/26 17:42:16 | 005,790,064 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2010/10/26 17:42:16 | 000,487,280 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/05 17:47:30 | 000,830,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe -- (vToolbarUpdater12.1.5)
SRV - [2012/08/05 16:02:17 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/20 02:44:03 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/19 13:39:48 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/14 10:28:28 | 000,197,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/09/09 20:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/29 14:02:22 | 002,424,424 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/17 00:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/11 00:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/05 17:47:32 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/02/17 14:02:12 | 004,729,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/10/25 23:53:55 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/25 23:53:55 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/20 21:36:50 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2011/09/20 21:36:50 | 000,133,672 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2011/09/20 21:36:50 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011/09/20 21:36:44 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/09/20 21:36:44 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/09/20 21:36:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/09/20 21:36:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/09/16 06:51:12 | 010,206,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/16 05:38:42 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/09/08 09:42:28 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/08/29 14:02:28 | 000,339,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/08/18 08:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/06/17 07:08:26 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/06/17 07:08:24 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/06/10 18:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2011/03/30 18:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/11 15:19:36 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/10/11 15:19:28 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2010/10/11 15:19:26 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2010/07/28 13:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/18 13:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2012/07/01 12:04:28 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/05/31 21:00:58 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{F49D5C67-6B4F-48F6-AAB4-1BB9ED7371AC}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{F49D5C67-6B4F-48F6-AAB4-1BB9ED7371AC}: "URL" = http://www.amazon.co...s={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.deviantart.com/
IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes,DefaultScope = {59CE12E8-1C40-40BC-805C-F4F21E604F78}
IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{59CE12E8-1C40-40BC-805C-F4F21E604F78}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....pr&d=2012-08-05 17:47:34&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....21,17118,0,18,0
IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{F49D5C67-6B4F-48F6-AAB4-1BB9ED7371AC}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://my.deviantart....com/messages/"
FF - prefs.js..keyword.URL: "https://isearch.avg....7:34&sap=ku&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/05 17:45:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.1.0.21\ [2012/08/05 17:47:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/05 20:22:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/05 20:22:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/05/26 08:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin123\AppData\Roaming\mozilla\Extensions
[2012/08/05 15:47:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin123\AppData\Roaming\mozilla\Firefox\Profiles\pbt687ag.default\extensions
[2012/08/05 00:18:53 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Admin123\AppData\Roaming\mozilla\Firefox\Profiles\pbt687ag.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2012/06/21 14:57:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/24 02:49:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/05 17:47:38 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.1.0.21
[2012/08/05 15:47:06 | 000,004,854 | ---- | M] () (No name found) -- C:\USERS\ADMIN123\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PBT687AG.DEFAULT\EXTENSIONS\{F86E6264-E877-5FCE-C3E4-8668A7D99DA2}.XPI
[2012/07/20 02:44:03 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/05 17:47:28 | 000,003,750 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/29 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/29 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001..\Run: [EPSON011DA5] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_S4A29.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001..\Run: [FreeScreenSharing] C:\Users\Admin123\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe ()
O4 - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\ooVoo.exe (ooVoo LLC)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.33.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B2E936E-E467-4AFD-9399-CEF592C23C0B}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.33.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c75077ed-9c03-11e1-9498-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c75077ed-9c03-11e1-9498-806e6f6e6963}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/06 21:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/06 21:12:02 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/06 21:12:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/05 21:43:41 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/05 21:26:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012/08/05 21:20:28 | 000,000,000 | ---D | C] -- C:\Users\Admin123\temp
[2012/08/05 21:20:27 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\TeamViewer
[2012/08/05 19:03:57 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\AVG
[2012/08/05 19:02:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2012/08/05 17:48:11 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\AVG2012
[2012/08/05 17:47:47 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\AVG Secure Search
[2012/08/05 17:47:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/08/05 17:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/08/05 17:47:32 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/08/05 17:47:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/08/05 17:47:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/08/05 17:46:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/08/05 17:44:43 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/08/05 17:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/08/05 17:44:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/08/05 17:43:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/08/05 17:24:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/08/05 17:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/08/05 15:40:34 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{BF53B6B7-32C5-4C80-8A46-119A00218050}
[2012/08/05 15:40:23 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{A8F26326-87D4-482D-9A33-CF2973CB06FE}
[2012/08/05 11:10:15 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{DA5E432D-9A7D-4E1F-917D-C759764C9213}
[2012/08/05 11:10:05 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{600970A0-5505-4D92-86EA-E67FFF715770}
[2012/08/05 00:49:34 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/04 21:31:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/04 21:15:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/04 21:15:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/04 20:29:02 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{1D2659DA-06BB-4162-811C-3C721D09A7E2}
[2012/08/04 20:28:49 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{7CE6F2C6-0AF9-49FE-B144-9A5DABF30C97}
[2012/08/04 17:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012/08/04 17:24:31 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\OpenOffice.org
[2012/08/04 14:43:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Offers from Freeze.com
[2012/08/04 14:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/08/04 14:40:19 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
[2012/08/04 13:36:33 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{564BCC32-878A-4F1B-86DA-29D6E802F868}
[2012/08/04 13:36:16 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{8BEAE5EB-338B-473D-8E73-4A42BC9E9E4E}
[2012/08/03 20:31:29 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{E8E0C480-C253-4A0D-A655-0B50A5C1C89F}
[2012/08/03 20:31:16 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{1F6C5F07-4D99-40A7-9758-BE1BCED84EBE}
[2012/07/31 21:48:36 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{1D2B6A55-C7FA-49AF-9845-10A09CA2B586}
[2012/07/31 21:48:23 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{68979DA7-06C7-4A66-BDB9-1E2CD4B1CA9F}
[2012/07/31 21:46:10 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{E9E967F1-A989-4B03-A3FC-EDD18054DD3E}
[2012/07/31 21:45:57 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{DB01FF44-8DC5-4A5C-9AB5-E9554D46D6F4}
[2012/07/30 17:45:55 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{FD7BF79A-8AA6-4C17-AA3F-4F14BFD898CE}
[2012/07/30 17:45:42 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{1663D21E-A6DB-478C-B2AA-8B5D917F3E4E}
[2012/07/30 02:09:15 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/29 22:24:13 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\Google
[2012/07/29 22:23:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/07/29 22:05:44 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{79A904E6-2178-461C-800D-564CCF356417}
[2012/07/29 22:05:31 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{E42C85C4-751D-48A1-AAD4-44720AAA4846}
[2012/07/29 22:00:27 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{7348F264-86B1-466C-A33C-80D1AC1B6F78}
[2012/07/29 22:00:10 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{E853D025-B9CB-4B2E-AE5D-F8D9559D4D83}
[2012/07/29 15:05:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2012/07/29 14:59:50 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{67AD0CD9-9497-455D-8EFB-746C90CE2C42}
[2012/07/29 14:59:29 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{A7A25F5E-E9A8-46BB-8D3E-AF50963EABEA}
[2012/07/25 22:57:01 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{F04D1DFE-7D4A-4A55-9B96-6D762F7DBA67}
[2012/07/25 22:56:50 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{E7C09A40-B4C3-44E5-BD3F-52BB26832044}
[2012/07/25 10:51:56 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{F71BE9E3-4DA1-459F-BFC9-F92CF3FCD7F3}
[2012/07/25 10:51:43 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{8D4673F7-4933-4253-8FE1-BFFBF189775A}
[2012/07/24 13:40:09 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{7027C784-72DC-4ADD-9696-47B40C5864D5}
[2012/07/24 13:39:59 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{E588D9EB-D304-46D5-A301-26964DEBCD8D}
[2012/07/24 10:56:51 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/07/24 02:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/24 01:39:32 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{B4018704-91A9-4731-9E03-8BCAA1585DC0}
[2012/07/24 01:39:22 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{5EFF4758-1DE3-4CF7-8BD7-B621CC953C23}
[2012/07/23 18:06:44 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\Diagnostics
[2012/07/23 13:42:31 | 000,000,000 | ---D | C] -- C:\Users\Admin123\Documents\Blio
[2012/07/23 13:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Blio
[2012/07/23 13:42:28 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\Blio
[2012/07/23 13:38:50 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{0ABA0609-C426-40E8-B62E-69DDA8776D77}
[2012/07/23 13:38:38 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{CD06E514-7D92-4857-92C3-AF3F25BBA920}
[2012/07/22 22:15:26 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{DED9A98B-3174-4391-9985-37BF85E928A2}
[2012/07/22 22:15:13 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{3E2A64ED-BB8A-4623-8510-ECE79BD5DE25}
[2012/07/21 18:54:33 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{A8DBCF88-C524-4CE4-B2D7-C1401609C11C}
[2012/07/21 18:54:20 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{176E9C0C-F11E-42CF-AC10-5B662A5C5CE2}
[2012/07/19 22:13:33 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{4206FAD9-DB21-4F3F-9752-E9BD11BCAB91}
[2012/07/19 22:13:22 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{B77458AD-6BD2-49B3-A6A5-89B26908282F}
[2012/07/18 16:38:16 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{C6D9A22D-7ED6-48FB-BE40-353BC11C0B59}
[2012/07/18 16:38:04 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{3D1F3DA9-9EC0-4E2F-974E-6B78E43B449B}
[2012/07/17 23:00:56 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{4D6A7D49-DF48-4592-A9AD-DB48C8E5513C}
[2012/07/17 23:00:45 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{1B6C1D19-81BE-4F1B-BC31-AEC793580834}
[2012/07/16 19:26:37 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{EC6DDCB3-15AB-4C31-BB59-1A6A067813EF}
[2012/07/16 19:26:24 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{5AD8E849-D42B-4602-A380-C11DB750D3A0}
[2012/07/16 01:40:19 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\CrashRpt
[2012/07/16 01:40:13 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2012/07/16 00:59:02 | 000,000,000 | ---D | C] -- C:\Users\Admin123\Documents\Mikogo4
[2012/07/16 00:50:56 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\Windows Live Writer
[2012/07/16 00:50:56 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\Windows Live Writer
[2012/07/16 00:45:30 | 000,000,000 | ---D | C] -- C:\Users\Admin123\.freescreensharing
[2012/07/16 00:45:29 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeScreenSharing
[2012/07/16 00:45:15 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\FreeScreenSharing
[2012/07/15 19:26:00 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{C63E9491-3FBF-4355-B3FF-FAE3FE0F9149}
[2012/07/15 19:25:48 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{998CF935-08A1-4350-9681-356ED3F15DAF}
[2012/07/14 17:29:20 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{A5594CFC-EDC9-462D-BEEF-B0059C2951FA}
[2012/07/14 17:29:08 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{015A645A-B376-4A2D-8F69-37C144AFE9BF}
[2012/07/13 21:03:36 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{4B7A5B88-224B-403F-A97D-5E3B4543666D}
[2012/07/13 21:03:22 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{CA439C39-1245-4452-9B55-1ECA4180F398}
[2012/07/12 11:52:56 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{D0A319A9-0A87-4F4F-902C-77DDFBBB9320}
[2012/07/12 11:52:42 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{91DD9EC0-84F6-4457-8025-40A464C08641}
[2012/07/11 14:46:47 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{C9F8894D-E03D-457A-BD56-4296F473EFCD}
[2012/07/11 14:46:30 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{64873836-03AC-45F6-AB70-6B76DF7E913B}
[2012/07/11 01:10:07 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{2395C7D7-6EE0-47A6-85C1-2D1B9E2C019C}
[2012/07/11 01:09:55 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{B3BFDB53-607C-4666-8A3D-32D2D4B8ACD9}
[2012/07/10 23:48:13 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/07/10 22:31:24 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\Malwarebytes
[2012/07/10 22:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/10 21:34:14 | 000,000,000 | ---D | C] -- C:\Users\Admin123\Documents\OC Profiles
[2012/07/10 16:35:55 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\Leadertech
[2012/07/10 16:32:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpsonNet
[2012/07/10 16:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2012/07/10 16:31:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2012/07/10 16:30:53 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\Epson
[2012/07/10 16:29:54 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\InstallShield
[2012/07/10 16:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2012/07/10 16:25:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2012/07/10 16:25:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012/07/10 16:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2012/07/10 16:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012/07/10 16:24:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2012/07/10 13:09:18 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{F451B05C-6220-401B-BDF7-F8999437E72C}
[2012/07/10 13:09:07 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{82648B08-0B39-4693-9111-924C42C10EB0}
[2012/07/09 14:53:19 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{4B48AE7B-7BE6-422D-90B2-3AB304474242}
[2012/07/09 14:53:06 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{84DECF6A-76E5-40C1-A8C5-D63C248E0F38}
[2012/07/08 03:26:44 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{806A7D75-82FA-4D5A-9CB7-888A3A99EC6D}
[2012/07/08 03:26:34 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{7439D1A7-A7B9-48D4-8B0D-6B7DE77E399B}

========== Files - Modified Within 30 Days ==========

[2012/08/06 23:01:28 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/06 23:01:28 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/06 22:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/06 22:54:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/06 22:53:57 | 2801,983,488 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/06 22:39:56 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/06 22:39:56 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/06 22:39:56 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/06 21:12:04 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/06 21:00:25 | 103,125,647 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/08/05 22:35:52 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForADMIN123-HP$.job
[2012/08/05 19:02:50 | 000,001,170 | ---- | M] () -- C:\Users\Admin123\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/08/05 19:02:50 | 000,001,146 | ---- | M] () -- C:\Users\Admin123\Desktop\AVG PC Tuneup 2011.lnk
[2012/08/05 17:47:40 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/08/05 17:47:32 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/08/05 17:46:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/08/05 17:46:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/08/05 17:46:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/08/05 16:54:22 | 000,000,033 | ---- | M] () -- C:\Users\Admin123\AppData\Roaming\mbam.context.scan
[2012/08/05 16:24:25 | 000,000,020 | ---- | M] () -- C:\Windows\ÈóF
[2012/07/29 23:55:25 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/07/22 22:14:19 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAdmin123.job
[2012/07/12 11:51:33 | 000,441,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/10 16:31:33 | 000,000,060 | ---- | M] () -- C:\Windows\EPART810.ini
[2012/07/10 13:07:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

========== Files Created - No Company Name ==========

[2012/08/06 21:12:04 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/06 21:00:25 | 103,125,647 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/08/05 19:02:50 | 000,001,170 | ---- | C] () -- C:\Users\Admin123\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/08/05 19:02:50 | 000,001,146 | ---- | C] () -- C:\Users\Admin123\Desktop\AVG PC Tuneup 2011.lnk
[2012/08/05 17:47:40 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/08/05 17:46:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/08/05 17:46:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/08/05 17:46:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/08/05 16:54:22 | 000,000,033 | ---- | C] () -- C:\Users\Admin123\AppData\Roaming\mbam.context.scan
[2012/08/05 16:24:22 | 000,000,020 | ---- | C] () -- C:\Windows\ÈóF
[2012/07/29 23:55:23 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/07/24 02:58:53 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/10 16:29:59 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012/07/10 16:29:59 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012/07/10 16:29:59 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012/07/10 16:29:59 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012/07/10 16:29:59 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012/07/10 16:29:59 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012/07/10 16:29:59 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012/07/10 16:29:59 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012/07/10 16:29:59 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012/07/10 16:29:59 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012/07/10 16:29:59 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012/07/10 16:29:59 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012/07/10 16:29:59 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012/07/10 16:29:58 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012/07/10 16:29:58 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012/07/10 16:29:58 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012/07/10 16:29:58 | 000,012,669 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
[2012/07/10 16:29:58 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
[2012/07/10 16:29:58 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
[2012/07/10 16:29:58 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
[2012/07/10 16:29:58 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
[2012/07/10 16:29:58 | 000,006,226 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
[2012/07/10 16:22:46 | 000,000,060 | ---- | C] () -- C:\Windows\EPART810.ini
[2012/07/10 13:07:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/05/22 20:23:34 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/05/11 21:20:32 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/05/11 21:12:27 | 000,323,072 | R--- | C] () -- C:\Windows\SysWow64\WgaTray.exe
[2012/05/11 21:12:27 | 000,190,976 | R--- | C] () -- C:\Windows\SysWow64\Wgalogon.dll
[2012/02/17 14:09:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/15 18:24:42 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/09/06 16:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/03/18 05:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012/08/05 19:05:03 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\AVG
[2012/08/05 17:48:11 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\AVG2012
[2012/07/23 13:44:17 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\Blio
[2012/07/30 00:02:27 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\Epson
[2012/07/10 16:35:55 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\Leadertech
[2012/07/04 01:32:32 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\ooVoo Details
[2012/08/04 17:24:31 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\OpenOffice.org
[2012/05/11 20:33:48 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\Synaptics
[2012/05/22 19:51:54 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\SYSTEMAX Software Development
[2012/08/05 21:20:27 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\TeamViewer
[2012/07/16 00:50:56 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\Windows Live Writer
[2009/07/14 01:08:49 | 000,027,662 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >

#4 WizCalifa

WizCalifa

    New Member

  • Members
  • Pip
  • 15 posts
  • Gender:Female

Posted 06 August 2012 - 10:26 PM

OTL Extras logfile created on: 8/6/2012 11:16:20 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Admin123\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 62.54% Memory free
6.96 Gb Paging File | 5.20 Gb Available in Paging File | 74.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273.01 Gb Total Space | 223.92 Gb Free Space | 82.02% Space Free | Partition Type: NTFS
Drive D: | 20.92 Gb Total Space | 2.26 Gb Free Space | 10.79% Space Free | Partition Type: NTFS
Drive E: | 3.72 Gb Total Space | 3.72 Gb Free Space | 99.96% Space Free | Partition Type: FAT32
Drive G: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.23% Space Free | Partition Type: FAT32

Computer Name: ADMIN123-HP | User Name: Admin123 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E0CE1BA-BEB3-4E85-85ED-6D4F9BF32B2A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0EB07E7D-60CB-446E-8AB7-899A637CC2B5}" = lport=445 | protocol=6 | dir=in | app=system |
"{198D9BC0-A3F0-4692-A621-C14847A16573}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1C78BEC7-9368-4022-B27A-30938A771B14}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{22E1DF5E-CA63-4F8B-BDBE-D2782C857243}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{26FA7734-5686-47E6-91F0-F2DC92682DA2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3675E7A7-7F52-4EAE-B5A5-924658936BF7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{45F058EA-6162-40B5-9F2F-124FD7B304A6}" = lport=139 | protocol=6 | dir=in | app=system |
"{5A1D94BE-3BE1-4D77-95CC-9DDEC26432B6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6B87D70A-8871-4F39-A2C8-BB72DB7CE27C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6CF6F1A2-F345-4B49-A8A8-B76254005F94}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7E79B05F-E929-4170-B718-F3EFE1C85063}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{81E52199-7D8D-4E96-AC29-644D664933DC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{84E6E768-B193-4217-B169-C17E07503583}" = rport=445 | protocol=6 | dir=out | app=system |
"{8FDD0241-963C-4D0D-AE8F-10A2664ADF5A}" = lport=138 | protocol=17 | dir=in | app=system |
"{A5B90602-153A-41A8-AA3F-363925F9BCF9}" = rport=137 | protocol=17 | dir=out | app=system |
"{A97DE926-824E-4D56-83C5-13EBFD9C7019}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B8B9BB92-B3E5-4150-991F-D5AC89A6B88F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C0832662-82FB-4AA0-A13A-DD2509D16D95}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{C2428932-7AB9-4557-8179-A087EF7ECDC9}" = rport=139 | protocol=6 | dir=out | app=system |
"{DF83751D-AE45-426E-8396-97DC3CF49E8A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E3893CCF-9D00-451E-B2A5-B0964A7D5870}" = rport=138 | protocol=17 | dir=out | app=system |
"{F0382F01-6C6C-4FD5-BE68-A3DB56C164D0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F9D777D4-2E96-417C-BC04-2A9A0F7F5850}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05FA3F96-530B-40D2-8C32-9D4A40966473}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{11A97F36-3D22-409D-A7D4-2A9E7F054C8C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1254CEA3-EABE-459C-88ED-089B05D815CD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{13EF10E2-A4C1-4B7B-B948-27A2169C8CC9}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |
"{186B8448-07D7-4D3B-A616-6370D1224983}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{23E093F0-A714-460A-95F8-1DB07B0B559C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{27B3DA0D-82B4-45B3-A163-2E03BF88D811}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2B5655B3-3B00-4447-84A1-FC7CD9E4C3F5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2D866127-887F-4F42-AB34-A85CD8C18C67}" = protocol=6 | dir=out | app=system |
"{337803FC-897B-4AB8-B984-94C053EBB3ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4060DBCB-E6CC-4634-AEF6-F81815C363E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{46D3F34C-F03C-4A61-9BC0-3BD3C880CD12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{49D8C27E-847E-438A-9DDE-75FF871DBF2D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{4A3FC3BF-C746-42AF-9AB9-F03988505FE3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{51DF0774-7139-4282-80F2-0C3D2C10D6A6}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{55C195A6-3F30-4F48-808D-FEF25FCDDA84}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{6E84CD72-9814-4CDD-B584-B510B84B5729}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6EA9894E-659B-46E5-B157-0C42057BDB17}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{810E3C31-6A2C-4873-B93F-54152FD8DEEE}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{82AC7309-652D-4953-9358-4264BEF5CC1A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A31E0BDC-8B62-4FEA-998A-99E325EEACE7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A799F3CB-A53F-4795-BDAD-8C2ED65CD14D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B1813968-63F4-4718-B64E-CA4F123DE895}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |
"{B37525C4-774F-4EB0-B9F0-8C1EBA12076F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{B89DB853-F5D6-412F-8803-57DB9651206E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BAF6764A-FCE5-4400-9419-6AD6B9E2728B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BD4391DB-714A-4033-B45A-50CC168B4F6E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{C4363880-BBE2-4CA0-9B30-726A201EE93F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CFAB7987-2722-4EAA-BA1B-369D63C8E71C}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{D23D9760-3853-4552-A6F5-DF58C321B259}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E265F2F4-5AF8-4DB6-BF37-BB9BC742B284}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{E2C0CC1E-D28C-4B53-8F3C-1A068BEB12D2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{EA71F19F-67A5-44A8-B776-5CBEB40B8A0B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F6D9038E-2EDC-450E-83F8-95A2F733BC72}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"TCP Query User{6A5CD1FA-385F-4C6F-9776-451683C5F3F5}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{9F0D4767-DCD2-4F0B-AF2B-FBB492F311DC}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{95446DD7-2428-4F0E-8E7E-463E3F520E07}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{E8EC780B-5EE3-4D59-962A-56D07669B397}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{006716FE-DAB7-8EA8-99B6-04EB354AC3A8}" = AMD Media Foundation Decoders
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{288591DE-4151-4E8E-A698-C6EFF5DF00F9}" = HP Security Assistant
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6032497A-4479-462B-ADB8-A0A372BB9A23}" = HP Application Assistant
"{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}" = Broadcom Bluetooth Software
"{6ECDAC2F-12C1-E49B-448E-6002368967E0}" = AMD Steady Video Plug-In
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9795DCDC-45CB-8A98-4F01-8C4B37361BF5}" = AMD Fuel
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{A21EA495-2B09-7E39-8C55-310D6DC7DB4C}" = ccc-utility64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CF780466-D74B-C6E7-7E61-0C4DCA614455}" = AMD Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"EPSON Artisan 810 Series" = EPSON Artisan 810 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Pen Tablet Driver" = Bamboo
"SynTPDeinstKey" = Synaptics TouchPad Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06A62CCD-4953-88D6-104D-37C20CCA8140}" = CCC Help Greek
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0AD538F8-AE22-4448-71C5-2A321D3953A3}" = CCC Help Chinese Standard
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{169FDBFF-6FA1-2A14-F5F0-EEA7C27C4AFE}" = AMD VISION Engine Control Center
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1AD2BBC8-8233-F193-6915-AEB19299EF69}" = CCC Help Dutch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 32
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{35E81526-8A3E-FF8C-6E43-EBA7D40904CA}" = CCC Help Finnish
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{3D5C7E0E-AEC0-40EB-99D3-C40469738040}" = HP Documentation
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{579BD527-0EED-20A8-B9F4-0244FBABB085}" = CCC Help German
"{600DFD49-D7C2-9DE4-4EEA-337083E72B1F}" = CCC Help Russian
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6DE8EE45-09DE-3288-4635-DCFA87765D84}" = CCC Help Portuguese
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{6F89F8EB-16A2-E21F-A34C-CF6AB53EA7E1}" = CCC Help Hungarian
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{741006D1-7B2B-4E33-B2B0-831F282EEF64}" = Blio
"{79A21AE8-0BF2-955D-7AC3-2AFD9430C199}" = CCC Help Czech
"{7B67B74C-6942-9F20-C05A-2870D600A6EB}" = CCC Help Italian
"{8279D3BD-3A54-A6F6-E8BE-C12FADDC1064}" = CCC Help Polish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B4F2108-7395-4951-A7BE-86DA108A001C}" = OGA Notifier 1.7.0105.14.0
"{8D78F24E-3AA8-9D2A-3B28-CA240439B802}" = CCC Help Swedish
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{962CB079-85E6-405F-8704-1C62365AE46F}" = HP Software Framework
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F4532D6-62F3-4B5B-AA47-979CFC7510F5}" = CCC Help Chinese Traditional
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7A7B78C-3EEE-5783-E2FB-218E4B40198E}" = CCC Help Spanish
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B0E3A46B-0629-BD31-EC2B-4C96DCF7F7BB}" = Catalyst Control Center Localization All
"{B41441A0-A65C-CABF-4D1B-B1588E316F7D}" = CCC Help Korean
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B894D068-A07A-96C8-A6CB-87C5EDB97C8E}" = Catalyst Control Center Graphics Previews Common
"{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}" = HP QuickWeb
"{BDD74598-1133-68FA-CD69-6FD442759CD4}" = CCC Help Thai
"{BEA1CE9A-93E0-E131-13DF-76441B6783E6}" = Catalyst Control Center InstallProxy
"{C0E6C680-7B1D-0EE9-0D6C-AF28765FB885}" = CCC Help Turkish
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C7D23135-04B6-1A0C-E835-42AADD00EA1F}" = CCC Help Japanese
"{CA41C92C-BEA4-5C7B-6DDE-48C7E996FE72}" = CCC Help Norwegian
"{CB841B9A-4049-E21F-1E62-49AC742C1B81}" = CCC Help English
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D0DDF9EE-C67F-368B-EB42-ECB44FD7556D}" = Adobe Photoshop.com Inspiration Browser
"{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{E12C4983-DA0E-7AFD-04E5-592EC5DF1974}" = CCC Help French
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F30403FF-0146-4633-AAC5-D5CD5C50AE70}" = Catalyst Control Center - Branding
"{F500B5DC-CCCE-CC7F-B1D1-39139AE57676}" = CCC Help Danish
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Pen Tablet Driver" = Bamboo
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WildTangent hp Master Uninstall" = HP Games
"WTA-03eaf8a3-d4e4-4e74-81fa-9a750638440f" = Hoyle Card Games
"WTA-05baa083-98fc-4295-b0d6-ebbfde2cbaae" = Polar Bowler
"WTA-0e2af03a-115c-43b8-92cf-2e9894b75a09" = Final Drive Fury
"WTA-1013007a-e2ae-4478-a7ba-fcb5ef229d1d" = Blackhawk Striker 2
"WTA-21411c76-2cba-40b4-9f51-4d86a472e884" = Virtual Villagers 4 - The Tree of Life
"WTA-279cf681-1067-4bbb-94b5-f1157720c963" = FATE
"WTA-2f933c63-a5b8-4438-ba29-3b2167ffb329" = Letters from Nowhere 2
"WTA-38ca30e4-5ef4-48ec-b6c0-eac39d7622b2" = John Deere Drive Green
"WTA-4bd98dfa-b4b2-4568-b754-fd6fbebb6c77" = Plants vs. Zombies - Game of the Year
"WTA-596c1d88-c119-4aac-ac47-824dd7bd0092" = RollerCoaster Tycoon 3: Platinum
"WTA-7422e5c8-c1ba-4b5f-8d80-e66d5379244d" = Penguins!
"WTA-78d9a8fa-7918-4b63-b3df-c50fa13e91ad" = Luxor HD
"WTA-7be5810c-ea5e-4369-bb44-222ca40b37ca" = Bejeweled 3
"WTA-864f03ed-f2c1-4145-8110-d2725c4d5d3b" = Jewel Match 3
"WTA-89b4debd-166b-437d-bd18-2d6141046e35" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-93ff1273-e0b2-48f8-b5b5-5df7ee75ec68" = Cradle of Rome 2
"WTA-9493dec6-a9ec-4c16-82aa-6bc1cb0b678c" = Torchlight
"WTA-a440874a-34ea-40fe-9af4-c9cdd81dea06" = Farm Frenzy
"WTA-b1d68def-d5bd-4f0b-9690-ead73acb9a11" = Dora's World Adventure
"WTA-b24b387f-0989-4b82-99bc-c30584401ee7" = Zuma's Revenge
"WTA-c1968821-c8ac-4459-812b-75906d5c143e" = Polar Golfer
"WTA-c2714556-d482-4680-bd2b-d17b8abe75ce" = Chuzzle Deluxe
"WTA-cdcdfb51-ac34-4f64-9069-95c4d07b8738" = Farmscapes
"WTA-e2531fc0-9b5d-42e4-ad84-b227f6e379da" = Mah Jong Medley
"WTA-f6945d06-5c82-4266-8a9f-b1a296130bdd" = The Treasures of Mystery Island: The Ghost Ship
"WTA-ff3a66bc-e702-4df5-87d2-62dbd4791335" = Poker Superstars III

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FreeScreenSharing" = FreeScreenSharing

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/30/2012 12:23:07 AM | Computer Name = Admin123-HP | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary Symantec Network Security WFP Driver. System Error: The system cannot find
the file specified. .

Error - 7/30/2012 12:25:18 AM | Computer Name = Admin123-HP | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary Symantec Iron Driver. System Error: The system cannot find the file specified.
.

Error - 7/30/2012 12:25:18 AM | Computer Name = Admin123-HP | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary Symantec Network Security WFP Driver. System Error: The system cannot find
the file specified. .

Error - 7/30/2012 1:45:28 AM | Computer Name = Admin123-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16447, time
stamp: 0x4fc9d776 Exception code: 0xc0000005 Fault offset: 0x0021d9dc Faulting process
id: 0x126c Faulting application start time: 0x01cd6e0a30357c5d Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: c3c6c7fe-da09-11e1-8e83-e4d53dfedfe8

Error - 7/30/2012 2:53:05 AM | Computer Name = Admin123-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16447, time
stamp: 0x4fc9d776 Exception code: 0xc0000005 Fault offset: 0x0021d9dc Faulting process
id: 0xaa0 Faulting application start time: 0x01cd6e16d6fc5757 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: 3659e46c-da13-11e1-8e83-e4d53dfedfe8

Error - 7/30/2012 3:00:13 AM | Computer Name = Admin123-HP | Source = WinMgmt | ID = 10
Description =

Error - 7/30/2012 5:44:45 PM | Computer Name = Admin123-HP | Source = WinMgmt | ID = 10
Description =

Error - 7/30/2012 6:10:36 PM | Computer Name = Admin123-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 7/31/2012 9:43:41 PM | Computer Name = Admin123-HP | Source = WinMgmt | ID = 10
Description =

Error - 7/31/2012 9:47:14 PM | Computer Name = Admin123-HP | Source = WinMgmt | ID = 10
Description =

[ Hewlett-Packard Events ]
Error - 6/15/2012 1:30:53 PM | Computer Name = Admin123-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 6/15/2012 1:32:51 PM | Computer Name = Admin123-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 6/15/2012 1:33:04 PM | Computer Name = Admin123-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 6/15/2012 1:43:16 PM | Computer Name = Admin123-HP | Source = HPSF.exe | ID = 4000
Description =

[ HP Software Framework Events ]
Error - 10/26/2011 12:38:23 AM | Computer Name = 960EC8351I5AL | Source = CaslWmi | ID = 5
Description = 2011/10/25 21:38:23.032|00000BB0|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

Error - 10/26/2011 12:38:25 AM | Computer Name = 960EC8351I5AL | Source = CaslWmi | ID = 5
Description = 2011/10/25 21:38:25.248|00000BB0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/11/2012 8:31:49 PM | Computer Name = Admin123-HP | Source = CaslWmi | ID = 5
Description = 2012/05/11 20:31:49.128|00000ECC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/11/2012 8:31:50 PM | Computer Name = Admin123-HP | Source = CaslSmBios | ID = 5
Description = 2012/05/11 20:31:50.174|00000ECC|Error |[CaslWmi]CommandDiags::A{hpCasl.enReturnCode(System.DateTime&)}|Error
attempting to parse year 2000, month 0, day 0: Year, Month, and Day parameters
describe an un-representable DateTime.

Error - 5/11/2012 8:31:56 PM | Computer Name = Admin123-HP | Source = CaslWmi | ID = 5
Description = 2012/05/11 20:31:56.324|000006C4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/11/2012 9:12:39 PM | Computer Name = Admin123-HP | Source = CaslWmi | ID = 5
Description = 2012/05/11 21:12:39.596|000003FC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/19/2012 1:14:23 PM | Computer Name = Admin123-HP | Source = CaslWmi | ID = 5
Description = 2012/05/19 13:14:23.232|000016E0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/19/2012 1:17:17 PM | Computer Name = Admin123-HP | Source = CaslWmi | ID = 5
Description = 2012/05/19 13:17:17.072|00001A64|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/19/2012 1:17:30 PM | Computer Name = Admin123-HP | Source = CaslWmi | ID = 5
Description = 2012/05/19 13:17:30.116|000014A0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/20/2012 2:22:07 PM | Computer Name = Admin123-HP | Source = CaslWmi | ID = 5
Description = 2012/05/20 14:22:07.827|00001AF0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

[ System Events ]
Error - 8/4/2012 9:15:22 PM | Computer Name = Admin123-HP | Source = Service Control Manager | ID = 7034
Description = The Skype C2C Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/4/2012 9:21:05 PM | Computer Name = Admin123-HP | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/4/2012 9:25:19 PM | Computer Name = Admin123-HP | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 8/4/2012 9:31:57 PM | Computer Name = Admin123-HP | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/4/2012 11:17:48 PM | Computer Name = Admin123-HP | Source = DCOM | ID = 10016
Description =

Error - 8/5/2012 12:11:24 AM | Computer Name = Admin123-HP | Source = DCOM | ID = 10016
Description =

Error - 8/5/2012 1:32:16 AM | Computer Name = Admin123-HP | Source = DCOM | ID = 10016
Description =

Error - 8/5/2012 1:36:33 AM | Computer Name = Admin123-HP | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 8/5/2012 10:59:27 AM | Computer Name = Admin123-HP | Source = DCOM | ID = 10016
Description =

Error - 8/5/2012 3:40:25 PM | Computer Name = Admin123-HP | Source = DCOM | ID = 10016
Description =


< End of report >

#5 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 07 August 2012 - 05:14 AM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    
    :files
    C:\Windows\Installer\{29d9bd97-a400-c327-ec45-0e2f68899581}
    c:\users\admin123\appdata\local\{29d9bd97-a400-c327-ec45-0e2f68899581}
    c:\windows\assembly\gac_32\desktop.ini
    c:\windows\assembly\gac_64\desktop.ini
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [clearallrestorepoints]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#6 WizCalifa

WizCalifa

    New Member

  • Members
  • Pip
  • 15 posts
  • Gender:Female

Posted 07 August 2012 - 02:37 PM

All processes killed
Error: Unable to interpret <:OTLIE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...=dis&o=HPNTDFIE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...=dis&o=HPNTDFIE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...top.iniipconfig /flushdns /c:Commands[emptytemp][clearallrestorepoints]> in the current context!

OTL by OldTimer - Version 3.2.56.0 log created on 08072012_153332
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

#7 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 08 August 2012 - 06:11 AM

Your script was not activated, because every entrie should be on a new line. Like this:

:OTL
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

:files
C:\Windows\Installer\{29d9bd97-a400-c327-ec45-0e2f68899581}
c:\users\admin123\appdata\local\{29d9bd97-a400-c327-ec45-0e2f68899581}
c:\windows\assembly\gac_32\desktop.ini
c:\windows\assembly\gac_64\desktop.ini
ipconfig /flushdns /c

:Commands
[emptytemp]
[clearallrestorepoints]

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#8 WizCalifa

WizCalifa

    New Member

  • Members
  • Pip
  • 15 posts
  • Gender:Female

Posted 08 August 2012 - 09:06 PM

Ah, I see o:

Is this right?

:OTL
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
:files
C:\Windows\Installer\{29d9bd97-a400-c327-ec45-0e2f68899581}
c:\users\admin123\appdata\local\{29d9bd97-a400-c327-ec45-0e2f68899581}
c:\windows\assembly\gac_32\desktop.ini
c:\windows\assembly\gac_64\desktop.ini
ipconfig /flushdns /c
:Commands
[emptytemp]
[clearallrestorepoints]

#9 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 09 August 2012 - 07:29 AM

Yes, it is better. Please run it.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#10 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 14 August 2012 - 07:43 AM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#11 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 19 August 2012 - 08:06 AM

Are you still with me?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#12 WizCalifa

WizCalifa

    New Member

  • Members
  • Pip
  • 15 posts
  • Gender:Female

Posted 20 August 2012 - 04:20 PM

Are you still with me?

Yep, still with you.

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_USERS\S-1-5-21-1641636118-1598163892-1382682310-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
========== FILES ==========
File\Folder C:\Windows\Installer\{29d9bd97-a400-c327-ec45-0e2f68899581} not found.
File\Folder c:\users\admin123\appdata\local\{29d9bd97-a400-c327-ec45-0e2f68899581} not found.
File\Folder c:\windows\assembly\gac_32\desktop.ini not found.
File\Folder c:\windows\assembly\gac_64\desktop.ini not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Admin123\Desktop\cmd.bat deleted successfully.
C:\Users\Admin123\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin123
->Temp folder emptied: 4386767 bytes
->Temporary Internet Files folder emptied: 266307360 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 11648 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1010469 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 902 bytes

Total Files Cleaned = 259.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.57.0 log created on 08182012_021558
Files\Folders moved on Reboot...
C:\Users\Admin123\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WWWIKUEC\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully.
C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WWWIKUEC\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.
C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q1ZQJF6A\fastbutton[1].htm moved successfully.
C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PGMZTMP7\index[2].htm moved successfully.
C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
PendingFileRenameOperations files...
File C:\Users\Admin123\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WWWIKUEC\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot not found!
File C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WWWIKUEC\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot not found!
File C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q1ZQJF6A\fastbutton[1].htm not found!
File C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PGMZTMP7\index[2].htm not found!
File C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!
Registry entries deleted on Reboot...

#13 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 20 August 2012 - 04:57 PM

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#14 WizCalifa

WizCalifa

    New Member

  • Members
  • Pip
  • 15 posts
  • Gender:Female

Posted 21 August 2012 - 12:13 AM

Here's the ComboFix log:

ComboFix 12-08-20.02 - Admin123 08/21/2012 0:25.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.2257 [GMT -4:00]
Running from: c:\users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7SCDUXP\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Admin123\AppData\Local\Temp\{4EB39058-0184-49B1-9E48-EF6E6914BD6D}\fpb.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-21 to 2012-08-21 )))))))))))))))))))))))))))))))
.
.
2012-08-21 04:38 . 2012-08-21 04:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-21 04:02 . 2012-08-21 04:02 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-08-18 07:16 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-18 07:15 . 2012-08-18 07:15 -------- d-----w- c:\windows\PCHEALTH
2012-08-18 07:11 . 2012-06-29 03:49 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-18 06:15 . 2012-08-18 06:15 -------- d-----w- C:\_OTL
2012-08-17 16:37 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-17 16:37 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-17 16:37 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-17 16:37 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-17 16:37 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-17 16:37 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-17 16:37 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-17 16:37 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-17 16:37 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-17 16:37 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-17 16:36 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-17 16:36 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-09 04:50 . 2012-08-09 04:50 -------- d-----w- c:\users\Admin123\AppData\Local\PackageAware
2012-08-08 02:11 . 2012-08-08 02:11 -------- d-----w- c:\users\Admin123\AppData\Roaming\Roxio Log Files
2012-08-08 00:27 . 2012-08-09 05:05 -------- d-----w- c:\users\Admin123\AppData\Roaming\DVDVideoSoft
2012-08-07 23:38 . 2012-08-07 23:38 -------- d-----w- c:\users\Admin123\AppData\Local\Programs
2012-08-07 23:37 . 2012-08-08 01:03 -------- d-----w- c:\users\Admin123\AppData\Roaming\Apple Computer
2012-08-07 23:37 . 2012-08-07 23:37 -------- d-----w- c:\users\Admin123\AppData\Local\Apple Computer
2012-08-07 23:37 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-07 23:37 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-07 23:37 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-07 23:36 . 2012-08-07 23:36 -------- d-----w- c:\program files\iPod
2012-08-07 23:36 . 2012-08-07 23:36 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-08-07 23:36 . 2012-08-07 23:36 -------- d-----w- c:\program files\iTunes
2012-08-07 23:36 . 2012-08-07 23:36 -------- d-----w- c:\program files (x86)\iTunes
2012-08-07 23:36 . 2012-08-07 23:36 -------- d-----w- c:\programdata\Apple Computer
2012-08-07 23:35 . 2012-08-07 23:35 -------- d-----w- c:\users\Admin123\AppData\Local\Apple
2012-08-07 23:35 . 2012-08-07 23:35 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-08-07 23:34 . 2012-08-07 23:34 -------- d-----w- c:\program files\Common Files\Apple
2012-08-07 23:34 . 2012-08-07 23:34 -------- d-----w- c:\program files (x86)\Bonjour
2012-08-07 23:34 . 2012-08-07 23:34 -------- d-----w- c:\program files\Bonjour
2012-08-07 23:34 . 2012-08-07 23:36 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-08-07 23:34 . 2012-08-07 23:35 -------- d-----w- c:\programdata\Apple
2012-08-07 20:17 . 2012-08-07 20:17 -------- d-----w- c:\program files\Google
2012-08-06 01:43 . 2012-08-06 01:43 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-06 01:26 . 2012-08-06 01:26 -------- d-----w- c:\program files (x86)\TeamViewer
2012-08-06 01:20 . 2012-08-06 01:20 -------- d-----w- c:\users\Admin123\temp
2012-08-06 01:20 . 2012-08-06 01:20 -------- d-----w- c:\users\Admin123\AppData\Roaming\TeamViewer
2012-08-05 23:03 . 2012-08-05 23:05 -------- d-----w- c:\users\Admin123\AppData\Roaming\AVG
2012-08-05 21:47 . 2012-08-05 21:47 -------- d-----w- c:\users\Admin123\AppData\Local\AVG Secure Search
2012-08-05 21:47 . 2012-08-21 04:02 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-05 21:47 . 2012-08-21 04:02 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-05 21:47 . 2012-08-05 21:47 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-08-05 21:46 . 2012-08-21 04:02 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-08-05 21:44 . 2012-08-05 21:44 -------- d-----w- C:\$AVG
2012-08-05 21:44 . 2012-08-05 22:26 -------- d-----w- c:\programdata\AVG2012
2012-08-05 21:43 . 2012-08-21 03:59 -------- d-----w- c:\program files (x86)\AVG
2012-08-05 21:24 . 2012-08-21 04:03 -------- d-----w- c:\programdata\MFAData
2012-08-05 21:24 . 2012-08-05 21:24 -------- d--h--w- c:\programdata\Common Files
2012-08-05 19:44 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F37733ED-2048-4C0A-BF88-BEA4CE3E8EB1}\mpengine.dll
2012-08-04 21:38 . 2012-08-05 04:19 -------- d-----w- c:\program files\GIMP 2
2012-08-04 21:24 . 2012-08-04 21:24 -------- d-----w- c:\users\Admin123\AppData\Roaming\OpenOffice.org
2012-08-04 18:43 . 2012-08-05 04:19 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com
2012-08-04 18:42 . 2012-08-04 21:17 -------- d-----w- c:\programdata\Tarma Installer
2012-08-04 18:40 . 2012-08-04 21:16 -------- d-----w- c:\programdata\WeCareReminder
2012-07-30 06:09 . 2012-07-30 06:09 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-30 03:54 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-30 03:54 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-30 02:24 . 2012-08-21 04:03 -------- d-----w- c:\users\Admin123\AppData\Local\Google
2012-07-30 02:23 . 2012-08-08 02:11 -------- d-----w- c:\program files (x86)\Google
2012-07-29 19:05 . 2012-07-29 19:05 -------- d-----w- c:\program files (x86)\McAfee
2012-07-24 14:56 . 2012-07-24 14:56 -------- d-----w- c:\windows\Sun
2012-07-24 06:58 . 2012-07-29 19:05 -------- d-----w- c:\programdata\McAfee
2012-07-24 06:58 . 2012-08-17 18:00 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-24 06:58 . 2012-08-17 18:00 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-23 22:06 . 2012-07-23 22:06 -------- d-----w- c:\users\Admin123\AppData\Local\Diagnostics
2012-07-23 17:42 . 2012-07-23 17:42 -------- d-----w- c:\programdata\Blio
2012-07-23 17:42 . 2012-07-23 17:44 -------- d-----w- c:\users\Admin123\AppData\Roaming\Blio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-18 07:02 . 2012-05-12 02:04 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-06-09 05:43 . 2012-07-11 19:05 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 19:04 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 19:04 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-10 20:33 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 19:04 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 19:04 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 19:05 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-19 01:39 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 01:39 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 01:39 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 01:39 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 01:39 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 01:39 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 01:39 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-19 01:39 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-19 01:39 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 19:05 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 19:05 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 19:05 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 19:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 19:05 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 19:05 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 19:05 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-10 20:33 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 19:05 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 16:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-21 04:02 2045024 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll" [2012-08-21 2045024]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ooVoo.exe"="c:\program files (x86)\ooVoo\ooVoo.exe" [2012-05-29 25249400]
"FreeScreenSharing"="c:\users\Admin123\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe" [2011-11-22 2204488]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-07 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-15 343168]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-08-21 1162848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-08-21 1020512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-9-20 1338144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-07 136176]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-17 250056]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-01 138912]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-07 136176]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-11 18288]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-12 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-17 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-17 40064]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-21 31080]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-16 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-15 361984]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-03-14 197504]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-08-29 2424424]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-26 5790064]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-26 487280]
S2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [2012-08-21 927840]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-16 10206208]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-16 317952]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2011-09-21 133672]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-09-21 620584]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-09-21 89640]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-21 39976]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-08-29 339048]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-08-18 53376]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 18:00]
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-07 20:16]
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-07 20:16]
.
2012-08-18 c:\windows\Tasks\HPCeeScheduleForADMIN123-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
2012-08-18 c:\windows\Tasks\HPCeeScheduleForAdmin123.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-08 1424896]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.33.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-21 01:11:42
ComboFix-quarantined-files.txt 2012-08-21 05:11
.
Pre-Run: 236,934,184,960 bytes free
Post-Run: 236,690,210,816 bytes free
.
- - End Of File - - F2B2C39CAAB18893209A4CF50A700D3D

#15 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 21 August 2012 - 05:46 AM

Good! :)

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#16 WizCalifa

WizCalifa

    New Member

  • Members
  • Pip
  • 15 posts
  • Gender:Female

Posted 22 August 2012 - 11:16 PM

I'm having trouble scanning...like it'll scan until 100%, but it'll only be in Step 3...? And I let the laptop scan since about 5 PM, and it's 12 AM now and it's only at 28%?

#17 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 23 August 2012 - 07:47 AM

Stop the scan and try again in Safe mode with Networking:
http://windows.micro...er-in-safe-mode
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#18 WizCalifa

WizCalifa

    New Member

  • Members
  • Pip
  • 15 posts
  • Gender:Female

Posted 25 August 2012 - 10:12 PM

It says that it doesn't find anything in the scan??

#19 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 26 August 2012 - 03:47 PM

Good! :)

How are things now?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#20 WizCalifa

WizCalifa

    New Member

  • Members
  • Pip
  • 15 posts
  • Gender:Female

Posted 27 August 2012 - 05:06 AM

Things are going smoothly I suppose, but I'm confused as to why this time it found nothing... LOL When you know how the first time I scanned to 100% but it was only at Step 3 of 4 it found 9 things.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users