WizCalifa

Trojan Backdoor and Rootkit Infection?

25 posts in this topic

I think I've been hit by both a Trojan backdoor virus, as well as rootkits(?). I have Malwarebytes Anti-Malware try and get rid of them, and each time I do another scan, they appear again. I've done almost everything that the other threads involving these two problems.

Here, I have included the DDS.txt, the Attached.txt, the RogueKiller log, and the Malwarebytes Anti-Malware Scan Results.

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Admin123 at 23:04:28 on 2012-08-04

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.1424 [GMT -4:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Tablet\Pen\Pen_TouchService.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\taskhost.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE

C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

C:\Windows\system32\Dwm.exe

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\Explorer.EXE

C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\ooVoo\ooVoo.exe

C:\Windows\System32\spool\drivers\x64\3\E_IATIFRA.EXE

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

C:\Windows\splwow64.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.deviantart.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\ooVoo.exe /minimized

uRun: [FreeScreenSharing] "C:\Users\Admin123\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1 71.242.0.12

TCP: Interfaces\{1B2E936E-E467-4AFD-9399-CEF592C23C0B} : DhcpNameServer = 192.168.1.1 71.242.0.12

TCP: Interfaces\{1B2E936E-E467-4AFD-9399-CEF592C23C0B}\9556C6C6F677D4F6F63756D27657563747 : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.33.1

TCP: Interfaces\{1B2E936E-E467-4AFD-9399-CEF592C23C0B}\C696E6B6379737F5750535F586167656 : DhcpNameServer = 75.75.75.75 75.75.76.76

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll

BHO-X64: AMD SteadyVideo BHO - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Admin123\AppData\Roaming\Mozilla\Firefox\Profiles\pbt687ag.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.deviantart.com/messages/

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]

R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-15 361984]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]

R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-3-14 197504]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-2-17 2424424]

R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-5-19 5790064]

R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-5-19 487280]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\system32\drivers\bcbtums.sys --> C:\Windows\system32\drivers\bcbtums.sys [?]

R3 btwampfl;btwampfl Bluetooth filter driver;\??\C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]

R3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\system32\DRIVERS\btwdpan.sys --> C:\Windows\system32\DRIVERS\btwdpan.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

R3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-24 250056]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-31 138912]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-26 113120]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-08-05 04:49:34 -------- d-----w- C:\FRST

2012-08-05 02:36:18 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-05 02:28:35 -------- d-sh--w- C:\$RECYCLE.BIN

2012-08-05 01:21:49 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7DF4DAD6-3021-4968-9462-8648F25D1B23}\offreg.dll

2012-08-05 01:16:11 98816 ----a-w- C:\Windows\sed.exe

2012-08-05 01:16:11 518144 ----a-w- C:\Windows\SWREG.exe

2012-08-05 01:16:11 256000 ----a-w- C:\Windows\PEV.exe

2012-08-05 01:16:11 208896 ----a-w- C:\Windows\MBR.exe

2012-08-05 00:32:06 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7DF4DAD6-3021-4968-9462-8648F25D1B23}\mpengine.dll

2012-08-05 00:29:02 -------- d-----w- C:\Users\Admin123\AppData\Local\{1D2659DA-06BB-4162-811C-3C721D09A7E2}

2012-08-05 00:28:49 -------- d-----w- C:\Users\Admin123\AppData\Local\{7CE6F2C6-0AF9-49FE-B144-9A5DABF30C97}

2012-08-04 21:38:49 -------- d-----w- C:\Program Files\GIMP 2

2012-08-04 21:24:31 -------- d-----w- C:\Users\Admin123\AppData\Roaming\OpenOffice.org

2012-08-04 18:43:13 -------- d-----w- C:\Program Files (x86)\Free Offers from Freeze.com

2012-08-04 18:42:32 -------- d-----w- C:\ProgramData\Tarma Installer

2012-08-04 18:40:19 -------- d-----w- C:\ProgramData\WeCareReminder

2012-08-04 17:36:33 -------- d-----w- C:\Users\Admin123\AppData\Local\{564BCC32-878A-4F1B-86DA-29D6E802F868}

2012-08-04 17:36:16 -------- d-----w- C:\Users\Admin123\AppData\Local\{8BEAE5EB-338B-473D-8E73-4A42BC9E9E4E}

2012-08-04 00:31:29 -------- d-----w- C:\Users\Admin123\AppData\Local\{E8E0C480-C253-4A0D-A655-0B50A5C1C89F}

2012-08-04 00:31:16 -------- d-----w- C:\Users\Admin123\AppData\Local\{1F6C5F07-4D99-40A7-9758-BE1BCED84EBE}

2012-08-01 01:48:36 -------- d-----w- C:\Users\Admin123\AppData\Local\{1D2B6A55-C7FA-49AF-9845-10A09CA2B586}

2012-08-01 01:48:23 -------- d-----w- C:\Users\Admin123\AppData\Local\{68979DA7-06C7-4A66-BDB9-1E2CD4B1CA9F}

2012-08-01 01:46:10 -------- d-----w- C:\Users\Admin123\AppData\Local\{E9E967F1-A989-4B03-A3FC-EDD18054DD3E}

2012-08-01 01:45:57 -------- d-----w- C:\Users\Admin123\AppData\Local\{DB01FF44-8DC5-4A5C-9AB5-E9554D46D6F4}

2012-07-30 21:45:55 -------- d-----w- C:\Users\Admin123\AppData\Local\{FD7BF79A-8AA6-4C17-AA3F-4F14BFD898CE}

2012-07-30 21:45:42 -------- d-----w- C:\Users\Admin123\AppData\Local\{1663D21E-A6DB-478C-B2AA-8B5D917F3E4E}

2012-07-30 06:09:15 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-07-30 03:54:27 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-07-30 03:54:27 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-07-30 02:24:13 -------- d-----w- C:\Users\Admin123\AppData\Local\Google

2012-07-30 02:05:44 -------- d-----w- C:\Users\Admin123\AppData\Local\{79A904E6-2178-461C-800D-564CCF356417}

2012-07-30 02:05:31 -------- d-----w- C:\Users\Admin123\AppData\Local\{E42C85C4-751D-48A1-AAD4-44720AAA4846}

2012-07-30 02:00:27 -------- d-----w- C:\Users\Admin123\AppData\Local\{7348F264-86B1-466C-A33C-80D1AC1B6F78}

2012-07-30 02:00:10 -------- d-----w- C:\Users\Admin123\AppData\Local\{E853D025-B9CB-4B2E-AE5D-F8D9559D4D83}

2012-07-29 19:05:13 -------- d-----w- C:\Program Files (x86)\McAfee

2012-07-29 18:59:50 -------- d-----w- C:\Users\Admin123\AppData\Local\{67AD0CD9-9497-455D-8EFB-746C90CE2C42}

2012-07-29 18:59:29 -------- d-----w- C:\Users\Admin123\AppData\Local\{A7A25F5E-E9A8-46BB-8D3E-AF50963EABEA}

2012-07-26 02:57:01 -------- d-----w- C:\Users\Admin123\AppData\Local\{F04D1DFE-7D4A-4A55-9B96-6D762F7DBA67}

2012-07-26 02:56:50 -------- d-----w- C:\Users\Admin123\AppData\Local\{E7C09A40-B4C3-44E5-BD3F-52BB26832044}

2012-07-25 14:51:56 -------- d-----w- C:\Users\Admin123\AppData\Local\{F71BE9E3-4DA1-459F-BFC9-F92CF3FCD7F3}

2012-07-25 14:51:43 -------- d-----w- C:\Users\Admin123\AppData\Local\{8D4673F7-4933-4253-8FE1-BFFBF189775A}

2012-07-24 17:40:09 -------- d-----w- C:\Users\Admin123\AppData\Local\{7027C784-72DC-4ADD-9696-47B40C5864D5}

2012-07-24 17:39:59 -------- d-----w- C:\Users\Admin123\AppData\Local\{E588D9EB-D304-46D5-A301-26964DEBCD8D}

2012-07-24 06:58:49 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-24 06:58:49 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-24 05:39:32 -------- d-----w- C:\Users\Admin123\AppData\Local\{B4018704-91A9-4731-9E03-8BCAA1585DC0}

2012-07-24 05:39:22 -------- d-----w- C:\Users\Admin123\AppData\Local\{5EFF4758-1DE3-4CF7-8BD7-B621CC953C23}

2012-07-23 22:06:44 -------- d-----w- C:\Users\Admin123\AppData\Local\Diagnostics

2012-07-23 17:42:31 -------- d-----w- C:\ProgramData\Blio

2012-07-23 17:42:28 -------- d-----w- C:\Users\Admin123\AppData\Roaming\Blio

2012-07-23 17:38:50 -------- d-----w- C:\Users\Admin123\AppData\Local\{0ABA0609-C426-40E8-B62E-69DDA8776D77}

2012-07-23 17:38:38 -------- d-----w- C:\Users\Admin123\AppData\Local\{CD06E514-7D92-4857-92C3-AF3F25BBA920}

2012-07-23 02:15:26 -------- d-----w- C:\Users\Admin123\AppData\Local\{DED9A98B-3174-4391-9985-37BF85E928A2}

2012-07-23 02:15:13 -------- d-----w- C:\Users\Admin123\AppData\Local\{3E2A64ED-BB8A-4623-8510-ECE79BD5DE25}

2012-07-21 22:54:33 -------- d-----w- C:\Users\Admin123\AppData\Local\{A8DBCF88-C524-4CE4-B2D7-C1401609C11C}

2012-07-21 22:54:20 -------- d-----w- C:\Users\Admin123\AppData\Local\{176E9C0C-F11E-42CF-AC10-5B662A5C5CE2}

2012-07-20 02:13:33 -------- d-----w- C:\Users\Admin123\AppData\Local\{4206FAD9-DB21-4F3F-9752-E9BD11BCAB91}

2012-07-20 02:13:22 -------- d-----w- C:\Users\Admin123\AppData\Local\{B77458AD-6BD2-49B3-A6A5-89B26908282F}

2012-07-18 20:38:16 -------- d-----w- C:\Users\Admin123\AppData\Local\{C6D9A22D-7ED6-48FB-BE40-353BC11C0B59}

2012-07-18 20:38:04 -------- d-----w- C:\Users\Admin123\AppData\Local\{3D1F3DA9-9EC0-4E2F-974E-6B78E43B449B}

2012-07-18 03:00:56 -------- d-----w- C:\Users\Admin123\AppData\Local\{4D6A7D49-DF48-4592-A9AD-DB48C8E5513C}

2012-07-18 03:00:45 -------- d-----w- C:\Users\Admin123\AppData\Local\{1B6C1D19-81BE-4F1B-BC31-AEC793580834}

2012-07-16 23:26:37 -------- d-----w- C:\Users\Admin123\AppData\Local\{EC6DDCB3-15AB-4C31-BB59-1A6A067813EF}

2012-07-16 23:26:24 -------- d-----w- C:\Users\Admin123\AppData\Local\{5AD8E849-D42B-4602-A380-C11DB750D3A0}

2012-07-16 05:40:19 -------- d-----w- C:\Users\Admin123\AppData\Local\CrashRpt

2012-07-16 05:40:13 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin

2012-07-16 04:50:56 -------- d-----w- C:\Users\Admin123\AppData\Roaming\Windows Live Writer

2012-07-16 04:50:56 -------- d-----w- C:\Users\Admin123\AppData\Local\Windows Live Writer

2012-07-16 04:45:30 -------- d-----w- C:\Users\Admin123\.freescreensharing

2012-07-16 04:45:15 -------- d-----w- C:\Users\Admin123\AppData\Local\FreeScreenSharing

2012-07-15 23:26:00 -------- d-----w- C:\Users\Admin123\AppData\Local\{C63E9491-3FBF-4355-B3FF-FAE3FE0F9149}

2012-07-15 23:25:48 -------- d-----w- C:\Users\Admin123\AppData\Local\{998CF935-08A1-4350-9681-356ED3F15DAF}

2012-07-14 21:29:20 -------- d-----w- C:\Users\Admin123\AppData\Local\{A5594CFC-EDC9-462D-BEEF-B0059C2951FA}

2012-07-14 21:29:08 -------- d-----w- C:\Users\Admin123\AppData\Local\{015A645A-B376-4A2D-8F69-37C144AFE9BF}

2012-07-14 01:03:36 -------- d-----w- C:\Users\Admin123\AppData\Local\{4B7A5B88-224B-403F-A97D-5E3B4543666D}

2012-07-14 01:03:22 -------- d-----w- C:\Users\Admin123\AppData\Local\{CA439C39-1245-4452-9B55-1ECA4180F398}

2012-07-12 15:52:56 -------- d-----w- C:\Users\Admin123\AppData\Local\{D0A319A9-0A87-4F4F-902C-77DDFBBB9320}

2012-07-12 15:52:42 -------- d-----w- C:\Users\Admin123\AppData\Local\{91DD9EC0-84F6-4457-8025-40A464C08641}

2012-07-12 15:47:20 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-12 02:09:25 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-07-11 19:04:54 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll

2012-07-11 19:04:54 2048 ----a-w- C:\Windows\System32\msxml3r.dll

2012-07-11 19:04:54 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-07-11 19:04:54 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-07-11 19:04:54 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-07-11 19:04:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-07-11 18:46:47 -------- d-----w- C:\Users\Admin123\AppData\Local\{C9F8894D-E03D-457A-BD56-4296F473EFCD}

2012-07-11 18:46:30 -------- d-----w- C:\Users\Admin123\AppData\Local\{64873836-03AC-45F6-AB70-6B76DF7E913B}

2012-07-11 05:10:07 -------- d-----w- C:\Users\Admin123\AppData\Local\{2395C7D7-6EE0-47A6-85C1-2D1B9E2C019C}

2012-07-11 05:09:55 -------- d-----w- C:\Users\Admin123\AppData\Local\{B3BFDB53-607C-4666-8A3D-32D2D4B8ACD9}

2012-07-11 02:31:24 -------- d-----w- C:\Users\Admin123\AppData\Roaming\Malwarebytes

2012-07-11 02:31:12 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-11 02:31:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-10 20:33:34 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-07-10 20:33:29 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-07-10 20:32:56 -------- d-----w- C:\Program Files (x86)\EpsonNet

2012-07-10 20:32:18 -------- d-----w- C:\Program Files\EpsonNet

2012-07-10 20:31:41 -------- d-----w- C:\Program Files (x86)\Common Files\EPSON

2012-07-10 20:29:59 80024 ----a-w- C:\Windows\SysWow64\PICSDK.dll

2012-07-10 20:29:59 51360 ----a-w- C:\Windows\SysWow64\EpPicPrt.dll

2012-07-10 20:29:59 501912 ----a-w- C:\Windows\SysWow64\PICSDK2.dll

2012-07-10 20:29:59 108704 ----a-w- C:\Windows\SysWow64\PICEntry.dll

2012-07-10 20:29:58 51360 ----a-w- C:\Windows\SysWow64\EpPicMgr.dll

2012-07-10 20:27:52 282624 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe

2012-07-10 20:25:18 -------- d-----w- C:\Program Files (x86)\Epson Software

2012-07-10 20:24:43 118784 ----a-w- C:\Windows\System32\E_ILMFRA.DLL

2012-07-10 20:24:40 81920 ----a-w- C:\Windows\System32\E_IBCBFRA.DLL

2012-07-10 20:24:23 -------- d-----w- C:\ProgramData\EPSON

2012-07-10 20:24:06 459776 ----a-w- C:\Windows\System32\esxwiaud.dll

2012-07-10 20:24:06 17408 ----a-w- C:\Windows\System32\esxcdev.dll

2012-07-10 20:24:06 128392 ----a-w- C:\Windows\System32\esdevapp.exe

2012-07-10 20:24:04 -------- d-----w- C:\Program Files (x86)\epson

2012-07-10 17:09:18 -------- d-----w- C:\Users\Admin123\AppData\Local\{F451B05C-6220-401B-BDF7-F8999437E72C}

2012-07-10 17:09:07 -------- d-----w- C:\Users\Admin123\AppData\Local\{82648B08-0B39-4693-9111-924C42C10EB0}

2012-07-09 18:53:19 -------- d-----w- C:\Users\Admin123\AppData\Local\{4B48AE7B-7BE6-422D-90B2-3AB304474242}

2012-07-09 18:53:06 -------- d-----w- C:\Users\Admin123\AppData\Local\{84DECF6A-76E5-40C1-A8C5-D63C248E0F38}

2012-07-08 07:26:44 -------- d-----w- C:\Users\Admin123\AppData\Local\{806A7D75-82FA-4D5A-9CB7-888A3A99EC6D}

2012-07-08 07:26:34 -------- d-----w- C:\Users\Admin123\AppData\Local\{7439D1A7-A7B9-48D4-8B0D-6B7DE77E399B}

2012-07-08 01:04:23 -------- d-----w- C:\Users\Admin123\AppData\Local\{36A69F17-B550-4BE5-8B84-990B06DF9791}

2012-07-06 16:09:45 -------- d-----w- C:\Users\Admin123\AppData\Local\{6478E291-5D3A-4707-BDCC-D566669C85BC}

2012-07-06 16:09:34 -------- d-----w- C:\Users\Admin123\AppData\Local\{F1633444-E049-4A30-96CB-B53C1BB2C923}

.

==================== Find3M ====================

.

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-05-19 17:06:35 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-05-19 17:06:35 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll

.

============= FINISH: 23:06:17.37 ===============

Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 5/11/2012 8:29:36 PM

System Uptime: 8/4/2012 8:58:48 PM (3 hours ago)

.

Motherboard: Hewlett-Packard | | 169B

Processor: AMD A4-3320M APU with Radeon HD Graphics | Socket FS1 | 2000/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 273 GiB total, 222.304 GiB free.

D: is FIXED (NTFS) - 21 GiB total, 2.257 GiB free.

E: is Removable

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP55: 7/29/2012 10:10:35 PM - Windows Update

RP57: 7/29/2012 11:55:47 PM - Windows Modules Installer

RP58: 7/29/2012 11:59:39 PM - Removed Livestream Procaster

RP59: 7/30/2012 12:01:15 AM - Removed EPSON Scan Assistant

RP60: 7/30/2012 12:01:35 AM - Removed Attach To Email

RP61: 7/30/2012 12:01:56 AM - Removed Epson Event Manager

RP62: 7/30/2012 12:23:01 AM - Removed Blio.

RP63: 7/30/2012 12:25:17 AM - Removed Adobe Photoshop.com Inspiration Browser

RP64: 8/3/2012 9:26:25 PM - Removed Java 6 Update 32

RP65: 8/4/2012 2:06:52 PM - Removed Adobe Photoshop Elements 8.0.

RP66: 8/4/2012 5:13:28 PM - Removed InstallIQ Updater

RP67: 8/4/2012 5:16:21 PM - Removed SavetheChildren Reminder by We-Care.com v4.1.17.4

RP68: 8/4/2012 8:31:30 PM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe AIR

Adobe Flash Player 11 Plugin

Adobe Photoshop Elements 8.0

Adobe Photoshop.com Inspiration Browser

Adobe Reader X (10.1.3) MUI

Adobe Shockwave Player 11.6

AMD VISION Engine Control Center

Bamboo

Bejeweled 3

Blackhawk Striker 2

Blio

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Chuzzle Deluxe

Cradle of Rome 2

CyberLink YouCam

D3DX10

Dora's World Adventure

Epson FAX Utility

Epson PC-FAX Driver

EPSON Scan

EpsonNet Setup

ESU for Microsoft Windows 7 SP1

Evernote v. 4.2.3

Farm Frenzy

Farmscapes

FATE

Final Drive Fury

FreeScreenSharing

Hewlett-Packard ACLM.NET v1.1.2.0

Hoyle Card Games

HP Customer Experience Enhancements

HP Documentation

HP Games

HP MovieStore

HP On Screen Display

HP Power Manager

HP Quick Launch

HP QuickWeb

HP Recovery Manager

HP Setup

HP Setup Manager

HP Software Framework

HP Support Assistant

IDT Audio

Java Auto Updater

Java 6 Update 32

Jewel Match 3

Jewel Quest Mysteries: The Seventh Gate Collector's Edition

John Deere Drive Green

Junk Mail filter update

K-Lite Codec Pack 7.0.0 (Standard)

Letters from Nowhere 2

Luxor HD

Mah Jong Medley

Malwarebytes Anti-Malware version 1.62.0.1300

Mesh Runtime

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Visio Professional 2003

Microsoft Office Word MUI (English) 2007

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft WSE 3.0 Runtime

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

OGA Notifier 1.7.0105.14.0

ooVoo

OpenOffice.org 3.3

opensource

Penguins!

Picasa 3

Plants vs. Zombies - Game of the Year

PlayReady PC Runtime x86

Poker Superstars III

Polar Bowler

Polar Golfer

Realtek Ethernet Controller Driver

Realtek PCIE Card Reader

RollerCoaster Tycoon 3: Platinum

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Skype Click to Call

Skype™ 5.10

swMSM

The Treasures of Mystery Island: The Ghost Ship

Torchlight

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update Installer for WildTangent Games App

Virtual Villagers 4 - The Tree of Life

WebTablet IE Plugin

WebTablet Netscape Plugin

WildTangent Games App (HP Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zuma's Revenge

.

==== Event Viewer Messages From Past Week ========

.

8/4/2012 9:31:57 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

8/4/2012 9:25:19 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

8/4/2012 9:15:22 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).

8/4/2012 9:00:23 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

8/4/2012 8:31:59 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

8/4/2012 8:27:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

8/4/2012 8:21:51 PM, Error: Microsoft-Windows-DriverFrameworks-UserMode [10101] - The driver package installation has failed. The final status was 0x45B.

8/4/2012 8:06:50 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

8/4/2012 8:06:50 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

8/4/2012 8:06:49 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

8/4/2012 7:25:53 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

8/4/2012 7:25:53 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

8/4/2012 2:03:43 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8808e539728, 0x0000000000000001, 0xfffffa8004b0e2e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080412-43118-01.

7/30/2012 9:49:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service.

7/30/2012 3:00:04 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8808c35f728, 0x0000000000000001, 0xfffffa80055472e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 073012-37221-01.

7/30/2012 12:16:16 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8808b354928, 0x0000000000000001, 0xfffffa80051f52e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 073012-57080-01.

7/30/2012 12:07:55 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8808f8b7128, 0x0000000000000001, 0xfffffa80051d62e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 073012-62369-01.

7/29/2012 9:59:36 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

7/29/2012 11:47:58 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8808bcf9328, 0x0000000000000001, 0xfffffa80051c52e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072912-41059-01.

7/29/2012 11:45:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8808ecda630, 0x0000000000000001, 0xfffffa80059132e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072912-36941-01.

7/29/2012 11:30:56 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8808ecbf328, 0x0000000000000001, 0xfffffa80052032e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072912-43867-01.

7/29/2012 10:03:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002e617ef, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072912-80605-01.

.

==== End Of File ===========================

RogueKiller Log:

RogueKiller V7.6.5 [08/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Admin123 [Admin rights]

Mode: Scan -- Date: 08/04/2012 19:25:00

¤¤¤ Bad processes: 3 ¤¤¤

[sUSP PATH] c2c_service.exe -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]

[sUSP PATH] FreeScreenSharing.exe -- C:\Users\Admin123\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe -> KILLED [TermProc]

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 4 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : FreeScreenSharing ("C:\Users\Admin123\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe") -> FOUND

[sUSP PATH] HKUS\S-1-5-21-1641636118-1598163892-1382682310-1001[...]\Run : FreeScreenSharing ("C:\Users\Admin123\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe") -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{29d9bd97-a400-c327-ec45-0e2f68899581}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{29d9bd97-a400-c327-ec45-0e2f68899581}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{29d9bd97-a400-c327-ec45-0e2f68899581}\L --> FOUND

[ZeroAccess][FILE] @ : c:\users\admin123\appdata\local\{29d9bd97-a400-c327-ec45-0e2f68899581}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\admin123\appdata\local\{29d9bd97-a400-c327-ec45-0e2f68899581}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\admin123\appdata\local\{29d9bd97-a400-c327-ec45-0e2f68899581}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

[susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> CANNOT FIX

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS543232A7A384 SATA Disk Device +++++

--- User ---

[MBR] cd1e5e7483284daf76c96c769a479412

[bSP] 4d418d3c667ba0ecd9b5e11daf380f57 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 279563 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 572954624 | Size: 21418 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 616818688 | Size: 4063 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 15253e84d3099f1e7c11d78750ef9d71

[bSP] 4d418d3c667ba0ecd9b5e11daf380f57 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo

1 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 159793152 | Size: 4000 Mo

2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167985152 | Size: 2000 Mo

3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 172081152 | Size: 25000 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

Malwarebytes Anti-Malware Scan Log:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.04.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Admin123 :: ADMIN123-HP [administrator]

Protection: Enabled

8/4/2012 7:04:02 PM

mbam-log-2012-08-04 (19-04-02).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 329029

Time elapsed: 42 minute(s), 45 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 4588 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 6

C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\179KQB38\openfreely_1296.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

C:\Users\Admin123\Downloads\SoftonicDownloader_for_picasa.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.

C:\Windows\Installer\{29d9bd97-a400-c327-ec45-0e2f68899581}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Delete on reboot.

C:\Windows\Installer\{29d9bd97-a400-c327-ec45-0e2f68899581}\U\000000cb.@ (Rootkit.0Access) -> Delete on reboot.

C:\Windows\Installer\{29d9bd97-a400-c327-ec45-0e2f68899581}\U\80000032.@ (Rootkit.0Access) -> Delete on reboot.

C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Share this post


Link to post
Share on other sites

Hello WizCalifa! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Share this post


Link to post
Share on other sites

Sorry! I didn't realize this got answered to! Thank you so much for taking your time out to help me! :)

OTL logfile created on: 8/6/2012 11:16:20 PM - Run 1

OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Admin123\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 62.54% Memory free

6.96 Gb Paging File | 5.20 Gb Available in Paging File | 74.77% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 273.01 Gb Total Space | 223.92 Gb Free Space | 82.02% Space Free | Partition Type: NTFS

Drive D: | 20.92 Gb Total Space | 2.26 Gb Free Space | 10.79% Space Free | Partition Type: NTFS

Drive E: | 3.72 Gb Total Space | 3.72 Gb Free Space | 99.96% Space Free | Partition Type: FAT32

Drive G: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.23% Space Free | Partition Type: FAT32

Computer Name: ADMIN123-HP | User Name: Admin123 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/06 23:14:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Admin123\Downloads\OTL.exe

PRC - [2012/08/05 17:47:30 | 000,830,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe

PRC - [2012/08/05 17:47:28 | 001,147,488 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe

PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe

PRC - [2012/05/29 10:37:22 | 025,249,400 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe

PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/03/14 10:28:28 | 000,197,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

PRC - [2011/11/22 05:57:16 | 002,204,488 | ---- | M] () -- C:\Users\Admin123\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe

PRC - [2011/11/03 17:20:58 | 000,803,144 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe

PRC - [2011/10/07 22:10:48 | 000,169,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe

PRC - [2011/08/22 23:40:22 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

PRC - [2011/08/19 17:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

PRC - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

PRC - [2009/06/05 00:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/05 17:47:31 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\SiteSafety.dll

MOD - [2012/08/05 17:47:28 | 001,147,488 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe

MOD - [2012/06/19 00:53:14 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/06/19 00:52:58 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2012/05/19 13:16:05 | 000,877,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll

MOD - [2011/11/22 05:57:16 | 002,204,488 | ---- | M] () -- C:\Users\Admin123\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe

MOD - [2011/11/03 17:21:06 | 000,350,024 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madExcept_.bpl

MOD - [2011/11/03 17:21:06 | 000,184,136 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madBasic_.bpl

MOD - [2011/11/03 17:21:06 | 000,050,504 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madDisAsm_.bpl

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/20 15:52:38 | 001,085,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV:64bit: - [2011/09/16 06:12:12 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2011/09/15 18:15:44 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV:64bit: - [2011/09/08 09:42:28 | 000,305,152 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)

SRV:64bit: - [2011/02/17 01:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)

SRV:64bit: - [2010/10/26 17:42:16 | 005,790,064 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)

SRV:64bit: - [2010/10/26 17:42:16 | 000,487,280 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)

SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/08/05 17:47:30 | 000,830,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe -- (vToolbarUpdater12.1.5)

SRV - [2012/08/05 16:02:17 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/20 02:44:03 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)

SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/05/19 13:39:48 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/03/14 10:28:28 | 000,197,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)

SRV - [2011/09/09 20:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2011/08/29 14:02:22 | 002,424,424 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)

SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2007/12/17 00:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)

SRV - [2007/01/11 00:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/05 17:47:32 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)

DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2012/02/17 14:02:12 | 004,729,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)

DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)

DRV:64bit: - [2011/10/25 23:53:55 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/10/25 23:53:55 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2011/09/20 21:36:50 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)

DRV:64bit: - [2011/09/20 21:36:50 | 000,133,672 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)

DRV:64bit: - [2011/09/20 21:36:50 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)

DRV:64bit: - [2011/09/20 21:36:44 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2011/09/20 21:36:44 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2011/09/20 21:36:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2011/09/20 21:36:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2011/09/16 06:51:12 | 010,206,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/09/16 05:38:42 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/09/08 09:42:28 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2011/08/29 14:02:28 | 000,339,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)

DRV:64bit: - [2011/08/18 08:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2011/06/17 07:08:26 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)

DRV:64bit: - [2011/06/17 07:08:24 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)

DRV:64bit: - [2011/06/10 18:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)

DRV:64bit: - [2011/03/30 18:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/10/11 15:19:36 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)

DRV:64bit: - [2010/10/11 15:19:28 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)

DRV:64bit: - [2010/10/11 15:19:26 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)

DRV:64bit: - [2010/07/28 13:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)

DRV:64bit: - [2010/02/18 13:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)

DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV - [2012/07/01 12:04:28 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2012/05/31 21:00:58 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{F49D5C67-6B4F-48F6-AAB4-1BB9ED7371AC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}

IE - HKLM\..\SearchScopes\{F49D5C67-6B4F-48F6-AAB4-1BB9ED7371AC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.deviantart.com/

IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes,DefaultScope = {59CE12E8-1C40-40BC-805C-F4F21E604F78}

IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{59CE12E8-1C40-40BC-805C-F4F21E604F78}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcrms}&l=dis&o=HPNTDF

IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={F96DD5A7-070E-4C0E-8DDA-08BEB83597F9}&mid=2d57263ed15e47d08182359c7b1a361b-77582ebb37624dca34eebc43c116d9fe623beda2〈=en&ds=AVG&pr=pr&d=2012-08-05 17:47:34&v=12.1.0.21&sap=dsp&q={searchTerms}

IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120521,17118,0,18,0

IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}

IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{F49D5C67-6B4F-48F6-AAB4-1BB9ED7371AC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://my.deviantart.com/messages/"

FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=%7B0dd404fe-1f66-4a03-a407-58c6b3d8f6a5%7D&mid=2d57263ed15e47d08182359c7b1a361b-77582ebb37624dca34eebc43c116d9fe623beda2&ds=AVG&v=12.1.0.21〈=en&pr=pr&d=2012-08-05%2017%3A47%3A34&sap=ku&q="

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\\npsitesafety.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found

FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/05 17:45:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.1.0.21\ [2012/08/05 17:47:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/05 20:22:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/05 20:22:11 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/05/26 08:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin123\AppData\Roaming\mozilla\Extensions

[2012/08/05 15:47:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin123\AppData\Roaming\mozilla\Firefox\Profiles\pbt687ag.default\extensions

[2012/08/05 00:18:53 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Admin123\AppData\Roaming\mozilla\Firefox\Profiles\pbt687ag.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

[2012/06/21 14:57:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/07/24 02:49:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012/08/05 17:47:38 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.1.0.21

[2012/08/05 15:47:06 | 000,004,854 | ---- | M] () (No name found) -- C:\USERS\ADMIN123\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PBT687AG.DEFAULT\EXTENSIONS\{F86E6264-E877-5FCE-C3E4-8668A7D99DA2}.XPI

[2012/07/20 02:44:03 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/08/05 17:47:28 | 000,003,750 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

[2012/06/29 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/06/29 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)

O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()

O3 - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O4:64bit: - HKLM..\Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001..\Run: [EPSON011DA5] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_S4A29.tmp" /EF "HKCU" File not found

O4 - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001..\Run: [FreeScreenSharing] C:\Users\Admin123\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe ()

O4 - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\ooVoo.exe (ooVoo LLC)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriver.com/DRHM/store?Action=DisplayProductSearchResultsPage&SiteID=hpappli&Locale=en_US&keywords=%w

O7 - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)

O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.33.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B2E936E-E467-4AFD-9399-CEF592C23C0B}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.33.1

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll ()

O18:64bit: - Protocol\Filter\text/xml - No CLSID value found

O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{c75077ed-9c03-11e1-9498-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{c75077ed-9c03-11e1-9498-806e6f6e6963}\Shell\AutoRun\command - "" = F:\SETUP.EXE

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/06 21:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/08/06 21:12:02 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/08/06 21:12:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/08/05 21:43:41 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/08/05 21:26:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer

[2012/08/05 21:20:28 | 000,000,000 | ---D | C] -- C:\Users\Admin123\temp

[2012/08/05 21:20:27 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\TeamViewer

[2012/08/05 19:03:57 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\AVG

[2012/08/05 19:02:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011

[2012/08/05 17:48:11 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\AVG2012

[2012/08/05 17:47:47 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\AVG Secure Search

[2012/08/05 17:47:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

[2012/08/05 17:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search

[2012/08/05 17:47:32 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys

[2012/08/05 17:47:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search

[2012/08/05 17:47:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search

[2012/08/05 17:46:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG

[2012/08/05 17:44:43 | 000,000,000 | -H-D | C] -- C:\$AVG

[2012/08/05 17:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012

[2012/08/05 17:44:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG

[2012/08/05 17:43:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG

[2012/08/05 17:24:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2012/08/05 17:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2012/08/05 15:40:34 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{BF53B6B7-32C5-4C80-8A46-119A00218050}

[2012/08/05 15:40:23 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{A8F26326-87D4-482D-9A33-CF2973CB06FE}

[2012/08/05 11:10:15 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{DA5E432D-9A7D-4E1F-917D-C759764C9213}

[2012/08/05 11:10:05 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{600970A0-5505-4D92-86EA-E67FFF715770}

[2012/08/05 00:49:34 | 000,000,000 | ---D | C] -- C:\FRST

[2012/08/04 21:31:18 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/08/04 21:15:36 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/08/04 21:15:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/08/04 20:29:02 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{1D2659DA-06BB-4162-811C-3C721D09A7E2}

[2012/08/04 20:28:49 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{7CE6F2C6-0AF9-49FE-B144-9A5DABF30C97}

[2012/08/04 17:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2

[2012/08/04 17:24:31 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\OpenOffice.org

[2012/08/04 14:43:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Offers from Freeze.com

[2012/08/04 14:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer

[2012/08/04 14:40:19 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder

[2012/08/04 13:36:33 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{564BCC32-878A-4F1B-86DA-29D6E802F868}

[2012/08/04 13:36:16 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{8BEAE5EB-338B-473D-8E73-4A42BC9E9E4E}

[2012/08/03 20:31:29 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{E8E0C480-C253-4A0D-A655-0B50A5C1C89F}

[2012/08/03 20:31:16 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{1F6C5F07-4D99-40A7-9758-BE1BCED84EBE}

[2012/07/31 21:48:36 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{1D2B6A55-C7FA-49AF-9845-10A09CA2B586}

[2012/07/31 21:48:23 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{68979DA7-06C7-4A66-BDB9-1E2CD4B1CA9F}

[2012/07/31 21:46:10 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{E9E967F1-A989-4B03-A3FC-EDD18054DD3E}

[2012/07/31 21:45:57 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{DB01FF44-8DC5-4A5C-9AB5-E9554D46D6F4}

[2012/07/30 17:45:55 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{FD7BF79A-8AA6-4C17-AA3F-4F14BFD898CE}

[2012/07/30 17:45:42 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{1663D21E-A6DB-478C-B2AA-8B5D917F3E4E}

[2012/07/30 02:09:15 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2012/07/29 22:24:13 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\Google

[2012/07/29 22:23:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2012/07/29 22:05:44 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{79A904E6-2178-461C-800D-564CCF356417}

[2012/07/29 22:05:31 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{E42C85C4-751D-48A1-AAD4-44720AAA4846}

[2012/07/29 22:00:27 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{7348F264-86B1-466C-A33C-80D1AC1B6F78}

[2012/07/29 22:00:10 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{E853D025-B9CB-4B2E-AE5D-F8D9559D4D83}

[2012/07/29 15:05:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee

[2012/07/29 14:59:50 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{67AD0CD9-9497-455D-8EFB-746C90CE2C42}

[2012/07/29 14:59:29 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{A7A25F5E-E9A8-46BB-8D3E-AF50963EABEA}

[2012/07/25 22:57:01 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{F04D1DFE-7D4A-4A55-9B96-6D762F7DBA67}

[2012/07/25 22:56:50 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{E7C09A40-B4C3-44E5-BD3F-52BB26832044}

[2012/07/25 10:51:56 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{F71BE9E3-4DA1-459F-BFC9-F92CF3FCD7F3}

[2012/07/25 10:51:43 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{8D4673F7-4933-4253-8FE1-BFFBF189775A}

[2012/07/24 13:40:09 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{7027C784-72DC-4ADD-9696-47B40C5864D5}

[2012/07/24 13:39:59 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{E588D9EB-D304-46D5-A301-26964DEBCD8D}

[2012/07/24 10:56:51 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2012/07/24 02:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[2012/07/24 01:39:32 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{B4018704-91A9-4731-9E03-8BCAA1585DC0}

[2012/07/24 01:39:22 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{5EFF4758-1DE3-4CF7-8BD7-B621CC953C23}

[2012/07/23 18:06:44 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\Diagnostics

[2012/07/23 13:42:31 | 000,000,000 | ---D | C] -- C:\Users\Admin123\Documents\Blio

[2012/07/23 13:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Blio

[2012/07/23 13:42:28 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\Blio

[2012/07/23 13:38:50 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{0ABA0609-C426-40E8-B62E-69DDA8776D77}

[2012/07/23 13:38:38 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{CD06E514-7D92-4857-92C3-AF3F25BBA920}

[2012/07/22 22:15:26 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{DED9A98B-3174-4391-9985-37BF85E928A2}

[2012/07/22 22:15:13 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{3E2A64ED-BB8A-4623-8510-ECE79BD5DE25}

[2012/07/21 18:54:33 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{A8DBCF88-C524-4CE4-B2D7-C1401609C11C}

[2012/07/21 18:54:20 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{176E9C0C-F11E-42CF-AC10-5B662A5C5CE2}

[2012/07/19 22:13:33 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{4206FAD9-DB21-4F3F-9752-E9BD11BCAB91}

[2012/07/19 22:13:22 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{B77458AD-6BD2-49B3-A6A5-89B26908282F}

[2012/07/18 16:38:16 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{C6D9A22D-7ED6-48FB-BE40-353BC11C0B59}

[2012/07/18 16:38:04 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{3D1F3DA9-9EC0-4E2F-974E-6B78E43B449B}

[2012/07/17 23:00:56 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{4D6A7D49-DF48-4592-A9AD-DB48C8E5513C}

[2012/07/17 23:00:45 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{1B6C1D19-81BE-4F1B-BC31-AEC793580834}

[2012/07/16 19:26:37 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{EC6DDCB3-15AB-4C31-BB59-1A6A067813EF}

[2012/07/16 19:26:24 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{5AD8E849-D42B-4602-A380-C11DB750D3A0}

[2012/07/16 01:40:19 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\CrashRpt

[2012/07/16 01:40:13 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin

[2012/07/16 00:59:02 | 000,000,000 | ---D | C] -- C:\Users\Admin123\Documents\Mikogo4

[2012/07/16 00:50:56 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\Windows Live Writer

[2012/07/16 00:50:56 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\Windows Live Writer

[2012/07/16 00:45:30 | 000,000,000 | ---D | C] -- C:\Users\Admin123\.freescreensharing

[2012/07/16 00:45:29 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeScreenSharing

[2012/07/16 00:45:15 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\FreeScreenSharing

[2012/07/15 19:26:00 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{C63E9491-3FBF-4355-B3FF-FAE3FE0F9149}

[2012/07/15 19:25:48 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{998CF935-08A1-4350-9681-356ED3F15DAF}

[2012/07/14 17:29:20 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{A5594CFC-EDC9-462D-BEEF-B0059C2951FA}

[2012/07/14 17:29:08 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{015A645A-B376-4A2D-8F69-37C144AFE9BF}

[2012/07/13 21:03:36 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{4B7A5B88-224B-403F-A97D-5E3B4543666D}

[2012/07/13 21:03:22 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{CA439C39-1245-4452-9B55-1ECA4180F398}

[2012/07/12 11:52:56 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{D0A319A9-0A87-4F4F-902C-77DDFBBB9320}

[2012/07/12 11:52:42 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{91DD9EC0-84F6-4457-8025-40A464C08641}

[2012/07/11 14:46:47 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{C9F8894D-E03D-457A-BD56-4296F473EFCD}

[2012/07/11 14:46:30 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{64873836-03AC-45F6-AB70-6B76DF7E913B}

[2012/07/11 01:10:07 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{2395C7D7-6EE0-47A6-85C1-2D1B9E2C019C}

[2012/07/11 01:09:55 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{B3BFDB53-607C-4666-8A3D-32D2D4B8ACD9}

[2012/07/10 23:48:13 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2012/07/10 22:31:24 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\Malwarebytes

[2012/07/10 22:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/07/10 21:34:14 | 000,000,000 | ---D | C] -- C:\Users\Admin123\Documents\OC Profiles

[2012/07/10 16:35:55 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\Leadertech

[2012/07/10 16:32:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpsonNet

[2012/07/10 16:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet

[2012/07/10 16:31:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON

[2012/07/10 16:30:53 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\Epson

[2012/07/10 16:29:54 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Roaming\InstallShield

[2012/07/10 16:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software

[2012/07/10 16:25:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software

[2012/07/10 16:25:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield

[2012/07/10 16:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON

[2012/07/10 16:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON

[2012/07/10 16:24:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson

[2012/07/10 13:09:18 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{F451B05C-6220-401B-BDF7-F8999437E72C}

[2012/07/10 13:09:07 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{82648B08-0B39-4693-9111-924C42C10EB0}

[2012/07/09 14:53:19 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{4B48AE7B-7BE6-422D-90B2-3AB304474242}

[2012/07/09 14:53:06 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{84DECF6A-76E5-40C1-A8C5-D63C248E0F38}

[2012/07/08 03:26:44 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{806A7D75-82FA-4D5A-9CB7-888A3A99EC6D}

[2012/07/08 03:26:34 | 000,000,000 | ---D | C] -- C:\Users\Admin123\AppData\Local\{7439D1A7-A7B9-48D4-8B0D-6B7DE77E399B}

========== Files - Modified Within 30 Days ==========

[2012/08/06 23:01:28 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/06 23:01:28 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/06 22:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/08/06 22:54:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/06 22:53:57 | 2801,983,488 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/06 22:39:56 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/08/06 22:39:56 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/08/06 22:39:56 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/08/06 21:12:04 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/06 21:00:25 | 103,125,647 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm

[2012/08/05 22:35:52 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForADMIN123-HP$.job

[2012/08/05 19:02:50 | 000,001,170 | ---- | M] () -- C:\Users\Admin123\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk

[2012/08/05 19:02:50 | 000,001,146 | ---- | M] () -- C:\Users\Admin123\Desktop\AVG PC Tuneup 2011.lnk

[2012/08/05 17:47:40 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk

[2012/08/05 17:47:32 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys

[2012/08/05 17:46:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm

[2012/08/05 17:46:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm

[2012/08/05 17:46:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm

[2012/08/05 16:54:22 | 000,000,033 | ---- | M] () -- C:\Users\Admin123\AppData\Roaming\mbam.context.scan

[2012/08/05 16:24:25 | 000,000,020 | ---- | M] () -- C:\Windows\ÈóF

[2012/07/29 23:55:25 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012/07/22 22:14:19 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAdmin123.job

[2012/07/12 11:51:33 | 000,441,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/07/10 16:31:33 | 000,000,060 | ---- | M] () -- C:\Windows\EPART810.ini

[2012/07/10 13:07:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

========== Files Created - No Company Name ==========

[2012/08/06 21:12:04 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/06 21:00:25 | 103,125,647 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm

[2012/08/05 19:02:50 | 000,001,170 | ---- | C] () -- C:\Users\Admin123\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk

[2012/08/05 19:02:50 | 000,001,146 | ---- | C] () -- C:\Users\Admin123\Desktop\AVG PC Tuneup 2011.lnk

[2012/08/05 17:47:40 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk

[2012/08/05 17:46:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm

[2012/08/05 17:46:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm

[2012/08/05 17:46:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm

[2012/08/05 16:54:22 | 000,000,033 | ---- | C] () -- C:\Users\Admin123\AppData\Roaming\mbam.context.scan

[2012/08/05 16:24:22 | 000,000,020 | ---- | C] () -- C:\Windows\ÈóF

[2012/07/29 23:55:23 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012/07/24 02:58:53 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/07/10 16:29:59 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat

[2012/07/10 16:29:59 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat

[2012/07/10 16:29:59 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat

[2012/07/10 16:29:59 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat

[2012/07/10 16:29:59 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat

[2012/07/10 16:29:59 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat

[2012/07/10 16:29:59 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat

[2012/07/10 16:29:59 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat

[2012/07/10 16:29:59 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat

[2012/07/10 16:29:59 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat

[2012/07/10 16:29:59 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat

[2012/07/10 16:29:59 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat

[2012/07/10 16:29:59 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini

[2012/07/10 16:29:58 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat

[2012/07/10 16:29:58 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat

[2012/07/10 16:29:58 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat

[2012/07/10 16:29:58 | 000,012,669 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg

[2012/07/10 16:29:58 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg

[2012/07/10 16:29:58 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg

[2012/07/10 16:29:58 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg

[2012/07/10 16:29:58 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg

[2012/07/10 16:29:58 | 000,006,226 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg

[2012/07/10 16:22:46 | 000,000,060 | ---- | C] () -- C:\Windows\EPART810.ini

[2012/07/10 13:07:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2012/05/22 20:23:34 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2012/05/11 21:20:32 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2012/05/11 21:12:27 | 000,323,072 | R--- | C] () -- C:\Windows\SysWow64\WgaTray.exe

[2012/05/11 21:12:27 | 000,190,976 | R--- | C] () -- C:\Windows\SysWow64\Wgalogon.dll

[2012/02/17 14:09:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/09/15 18:24:42 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll

[2011/09/06 16:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

[2011/03/18 05:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012/08/05 19:05:03 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\AVG

[2012/08/05 17:48:11 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\AVG2012

[2012/07/23 13:44:17 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\Blio

[2012/07/30 00:02:27 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\Epson

[2012/07/10 16:35:55 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\Leadertech

[2012/07/04 01:32:32 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\ooVoo Details

[2012/08/04 17:24:31 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\OpenOffice.org

[2012/05/11 20:33:48 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\Synaptics

[2012/05/22 19:51:54 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\SYSTEMAX Software Development

[2012/08/05 21:20:27 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\TeamViewer

[2012/07/16 00:50:56 | 000,000,000 | ---D | M] -- C:\Users\Admin123\AppData\Roaming\Windows Live Writer

[2009/07/14 01:08:49 | 000,027,662 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0B4227B4

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >

Share this post


Link to post
Share on other sites

OTL Extras logfile created on: 8/6/2012 11:16:20 PM - Run 1

OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Admin123\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 62.54% Memory free

6.96 Gb Paging File | 5.20 Gb Available in Paging File | 74.77% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 273.01 Gb Total Space | 223.92 Gb Free Space | 82.02% Space Free | Partition Type: NTFS

Drive D: | 20.92 Gb Total Space | 2.26 Gb Free Space | 10.79% Space Free | Partition Type: NTFS

Drive E: | 3.72 Gb Total Space | 3.72 Gb Free Space | 99.96% Space Free | Partition Type: FAT32

Drive G: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.23% Space Free | Partition Type: FAT32

Computer Name: ADMIN123-HP | User Name: Admin123 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0E0CE1BA-BEB3-4E85-85ED-6D4F9BF32B2A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{0EB07E7D-60CB-446E-8AB7-899A637CC2B5}" = lport=445 | protocol=6 | dir=in | app=system |

"{198D9BC0-A3F0-4692-A621-C14847A16573}" = rport=10243 | protocol=6 | dir=out | app=system |

"{1C78BEC7-9368-4022-B27A-30938A771B14}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{22E1DF5E-CA63-4F8B-BDBE-D2782C857243}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{26FA7734-5686-47E6-91F0-F2DC92682DA2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{3675E7A7-7F52-4EAE-B5A5-924658936BF7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{45F058EA-6162-40B5-9F2F-124FD7B304A6}" = lport=139 | protocol=6 | dir=in | app=system |

"{5A1D94BE-3BE1-4D77-95CC-9DDEC26432B6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{6B87D70A-8871-4F39-A2C8-BB72DB7CE27C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{6CF6F1A2-F345-4B49-A8A8-B76254005F94}" = lport=2869 | protocol=6 | dir=in | app=system |

"{7E79B05F-E929-4170-B718-F3EFE1C85063}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{81E52199-7D8D-4E96-AC29-644D664933DC}" = lport=10243 | protocol=6 | dir=in | app=system |

"{84E6E768-B193-4217-B169-C17E07503583}" = rport=445 | protocol=6 | dir=out | app=system |

"{8FDD0241-963C-4D0D-AE8F-10A2664ADF5A}" = lport=138 | protocol=17 | dir=in | app=system |

"{A5B90602-153A-41A8-AA3F-363925F9BCF9}" = rport=137 | protocol=17 | dir=out | app=system |

"{A97DE926-824E-4D56-83C5-13EBFD9C7019}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{B8B9BB92-B3E5-4150-991F-D5AC89A6B88F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{C0832662-82FB-4AA0-A13A-DD2509D16D95}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

"{C2428932-7AB9-4557-8179-A087EF7ECDC9}" = rport=139 | protocol=6 | dir=out | app=system |

"{DF83751D-AE45-426E-8396-97DC3CF49E8A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{E3893CCF-9D00-451E-B2A5-B0964A7D5870}" = rport=138 | protocol=17 | dir=out | app=system |

"{F0382F01-6C6C-4FD5-BE68-A3DB56C164D0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F9D777D4-2E96-417C-BC04-2A9A0F7F5850}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{05FA3F96-530B-40D2-8C32-9D4A40966473}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{11A97F36-3D22-409D-A7D4-2A9E7F054C8C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{1254CEA3-EABE-459C-88ED-089B05D815CD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |

"{13EF10E2-A4C1-4B7B-B948-27A2169C8CC9}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |

"{186B8448-07D7-4D3B-A616-6370D1224983}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{23E093F0-A714-460A-95F8-1DB07B0B559C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{27B3DA0D-82B4-45B3-A163-2E03BF88D811}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{2B5655B3-3B00-4447-84A1-FC7CD9E4C3F5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{2D866127-887F-4F42-AB34-A85CD8C18C67}" = protocol=6 | dir=out | app=system |

"{337803FC-897B-4AB8-B984-94C053EBB3ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{4060DBCB-E6CC-4634-AEF6-F81815C363E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{46D3F34C-F03C-4A61-9BC0-3BD3C880CD12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{49D8C27E-847E-438A-9DDE-75FF871DBF2D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |

"{4A3FC3BF-C746-42AF-9AB9-F03988505FE3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |

"{51DF0774-7139-4282-80F2-0C3D2C10D6A6}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |

"{55C195A6-3F30-4F48-808D-FEF25FCDDA84}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |

"{6E84CD72-9814-4CDD-B584-B510B84B5729}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{6EA9894E-659B-46E5-B157-0C42057BDB17}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{810E3C31-6A2C-4873-B93F-54152FD8DEEE}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |

"{82AC7309-652D-4953-9358-4264BEF5CC1A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A31E0BDC-8B62-4FEA-998A-99E325EEACE7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{A799F3CB-A53F-4795-BDAD-8C2ED65CD14D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{B1813968-63F4-4718-B64E-CA4F123DE895}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |

"{B37525C4-774F-4EB0-B9F0-8C1EBA12076F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

"{B89DB853-F5D6-412F-8803-57DB9651206E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{BAF6764A-FCE5-4400-9419-6AD6B9E2728B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{BD4391DB-714A-4033-B45A-50CC168B4F6E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |

"{C4363880-BBE2-4CA0-9B30-726A201EE93F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{CFAB7987-2722-4EAA-BA1B-369D63C8E71C}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |

"{D23D9760-3853-4552-A6F5-DF58C321B259}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{E265F2F4-5AF8-4DB6-BF37-BB9BC742B284}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |

"{E2C0CC1E-D28C-4B53-8F3C-1A068BEB12D2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

"{EA71F19F-67A5-44A8-B776-5CBEB40B8A0B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F6D9038E-2EDC-450E-83F8-95A2F733BC72}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |

"TCP Query User{6A5CD1FA-385F-4C6F-9776-451683C5F3F5}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |

"TCP Query User{9F0D4767-DCD2-4F0B-AF2B-FBB492F311DC}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |

"UDP Query User{95446DD7-2428-4F0E-8E7E-463E3F520E07}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |

"UDP Query User{E8EC780B-5EE3-4D59-962A-56D07669B397}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{006716FE-DAB7-8EA8-99B6-04EB354AC3A8}" = AMD Media Foundation Decoders

"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services

"{288591DE-4151-4E8E-A698-C6EFF5DF00F9}" = HP Security Assistant

"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro

"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6032497A-4479-462B-ADB8-A0A372BB9A23}" = HP Application Assistant

"{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}" = Broadcom Bluetooth Software

"{6ECDAC2F-12C1-E49B-448E-6002368967E0}" = AMD Steady Video Plug-In

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9795DCDC-45CB-8A98-4F01-8C4B37361BF5}" = AMD Fuel

"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012

"{A21EA495-2B09-7E39-8C55-310D6DC7DB4C}" = ccc-utility64

"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto

"{CF780466-D74B-C6E7-7E61-0C4DCA614455}" = AMD Catalyst Install Manager

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"AVG" = AVG 2012

"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter

"EPSON Artisan 810 Series" = EPSON Artisan 810 Series Printer Uninstall

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Pen Tablet Driver" = Bamboo

"SynTPDeinstKey" = Synaptics TouchPad Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{06A62CCD-4953-88D6-104D-37C20CCA8140}" = CCC Help Greek

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0AD538F8-AE22-4448-71C5-2A321D3953A3}" = CCC Help Chinese Standard

"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility

"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore

"{169FDBFF-6FA1-2A14-F5F0-EEA7C27C4AFE}" = AMD VISION Engine Control Center

"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{1AD2BBC8-8233-F193-6915-AEB19299EF69}" = CCC Help Dutch

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java 6 Update 32

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{35E81526-8A3E-FF8C-6E43-EBA7D40904CA}" = CCC Help Finnish

"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource

"{3D5C7E0E-AEC0-40EB-99D3-C40469738040}" = HP Documentation

"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup

"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch

"{579BD527-0EED-20A8-B9F4-0244FBABB085}" = CCC Help German

"{600DFD49-D7C2-9DE4-4EEA-337083E72B1F}" = CCC Help Russian

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{6DE8EE45-09DE-3288-4635-DCFA87765D84}" = CCC Help Portuguese

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0

"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant

"{6F89F8EB-16A2-E21F-A34C-CF6AB53EA7E1}" = CCC Help Hungarian

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{741006D1-7B2B-4E33-B2B0-831F282EEF64}" = Blio

"{79A21AE8-0BF2-955D-7AC3-2AFD9430C199}" = CCC Help Czech

"{7B67B74C-6942-9F20-C05A-2870D600A6EB}" = CCC Help Italian

"{8279D3BD-3A54-A6F6-E8BE-C12FADDC1064}" = CCC Help Polish

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8B4F2108-7395-4951-A7BE-86DA108A001C}" = OGA Notifier 1.7.0105.14.0

"{8D78F24E-3AA8-9D2A-3B28-CA240439B802}" = CCC Help Swedish

"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{962CB079-85E6-405F-8704-1C62365AE46F}" = HP Software Framework

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9F4532D6-62F3-4B5B-AA47-979CFC7510F5}" = CCC Help Chinese Traditional

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A7A7B78C-3EEE-5783-E2FB-218E4B40198E}" = CCC Help Spanish

"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI

"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager

"{B0E3A46B-0629-BD31-EC2B-4C96DCF7F7BB}" = Catalyst Control Center Localization All

"{B41441A0-A65C-CABF-4D1B-B1588E316F7D}" = CCC Help Korean

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B894D068-A07A-96C8-A6CB-87C5EDB97C8E}" = Catalyst Control Center Graphics Previews Common

"{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}" = HP QuickWeb

"{BDD74598-1133-68FA-CD69-6FD442759CD4}" = CCC Help Thai

"{BEA1CE9A-93E0-E131-13DF-76441B6783E6}" = Catalyst Control Center InstallProxy

"{C0E6C680-7B1D-0EE9-0D6C-AF28765FB885}" = CCC Help Turkish

"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader

"{C7D23135-04B6-1A0C-E835-42AADD00EA1F}" = CCC Help Japanese

"{CA41C92C-BEA4-5C7B-6DDE-48C7E996FE72}" = CCC Help Norwegian

"{CB841B9A-4049-E21F-1E62-49AC742C1B81}" = CCC Help English

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{D0DDF9EE-C67F-368B-EB42-ECB44FD7556D}" = Adobe Photoshop.com Inspiration Browser

"{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager

"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager

"{E12C4983-DA0E-7AFD-04E5-592EC5DF1974}" = CCC Help French

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1

"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F30403FF-0146-4633-AAC5-D5CD5C50AE70}" = Catalyst Control Center - Branding

"{F500B5DC-CCCE-CC7F-B1D1-39139AE57676}" = CCC Help Danish

"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup

"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3

"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver

"EPSON Scanner" = EPSON Scan

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Pen Tablet Driver" = Bamboo

"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser

"Picasa 3" = Picasa 3

"PROPLUS" = Microsoft Office Professional Plus 2007

"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin

"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin

"WildTangent hp Master Uninstall" = HP Games

"WTA-03eaf8a3-d4e4-4e74-81fa-9a750638440f" = Hoyle Card Games

"WTA-05baa083-98fc-4295-b0d6-ebbfde2cbaae" = Polar Bowler

"WTA-0e2af03a-115c-43b8-92cf-2e9894b75a09" = Final Drive Fury

"WTA-1013007a-e2ae-4478-a7ba-fcb5ef229d1d" = Blackhawk Striker 2

"WTA-21411c76-2cba-40b4-9f51-4d86a472e884" = Virtual Villagers 4 - The Tree of Life

"WTA-279cf681-1067-4bbb-94b5-f1157720c963" = FATE

"WTA-2f933c63-a5b8-4438-ba29-3b2167ffb329" = Letters from Nowhere 2

"WTA-38ca30e4-5ef4-48ec-b6c0-eac39d7622b2" = John Deere Drive Green

"WTA-4bd98dfa-b4b2-4568-b754-fd6fbebb6c77" = Plants vs. Zombies - Game of the Year

"WTA-596c1d88-c119-4aac-ac47-824dd7bd0092" = RollerCoaster Tycoon 3: Platinum

"WTA-7422e5c8-c1ba-4b5f-8d80-e66d5379244d" = Penguins!

"WTA-78d9a8fa-7918-4b63-b3df-c50fa13e91ad" = Luxor HD

"WTA-7be5810c-ea5e-4369-bb44-222ca40b37ca" = Bejeweled 3

"WTA-864f03ed-f2c1-4145-8110-d2725c4d5d3b" = Jewel Match 3

"WTA-89b4debd-166b-437d-bd18-2d6141046e35" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition

"WTA-93ff1273-e0b2-48f8-b5b5-5df7ee75ec68" = Cradle of Rome 2

"WTA-9493dec6-a9ec-4c16-82aa-6bc1cb0b678c" = Torchlight

"WTA-a440874a-34ea-40fe-9af4-c9cdd81dea06" = Farm Frenzy

"WTA-b1d68def-d5bd-4f0b-9690-ead73acb9a11" = Dora's World Adventure

"WTA-b24b387f-0989-4b82-99bc-c30584401ee7" = Zuma's Revenge

"WTA-c1968821-c8ac-4459-812b-75906d5c143e" = Polar Golfer

"WTA-c2714556-d482-4680-bd2b-d17b8abe75ce" = Chuzzle Deluxe

"WTA-cdcdfb51-ac34-4f64-9069-95c4d07b8738" = Farmscapes

"WTA-e2531fc0-9b5d-42e4-ad84-b227f6e379da" = Mah Jong Medley

"WTA-f6945d06-5c82-4266-8a9f-b1a296130bdd" = The Treasures of Mystery Island: The Ghost Ship

"WTA-ff3a66bc-e702-4df5-87d2-62dbd4791335" = Poker Superstars III

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1641636118-1598163892-1382682310-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"FreeScreenSharing" = FreeScreenSharing

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 7/30/2012 12:23:07 AM | Computer Name = Admin123-HP | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Cryptographic Services failed while processing the OnIdentity() call

in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image

of binary Symantec Network Security WFP Driver. System Error: The system cannot find

the file specified. .

Error - 7/30/2012 12:25:18 AM | Computer Name = Admin123-HP | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Cryptographic Services failed while processing the OnIdentity() call

in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image

of binary Symantec Iron Driver. System Error: The system cannot find the file specified.

.

Error - 7/30/2012 12:25:18 AM | Computer Name = Admin123-HP | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Cryptographic Services failed while processing the OnIdentity() call

in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image

of binary Symantec Network Security WFP Driver. System Error: The system cannot find

the file specified. .

Error - 7/30/2012 1:45:28 AM | Computer Name = Admin123-HP | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16447, time

stamp: 0x4fc9d776 Exception code: 0xc0000005 Fault offset: 0x0021d9dc Faulting process

id: 0x126c Faulting application start time: 0x01cd6e0a30357c5d Faulting application

path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll

Report

Id: c3c6c7fe-da09-11e1-8e83-e4d53dfedfe8

Error - 7/30/2012 2:53:05 AM | Computer Name = Admin123-HP | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16447, time

stamp: 0x4fc9d776 Exception code: 0xc0000005 Fault offset: 0x0021d9dc Faulting process

id: 0xaa0 Faulting application start time: 0x01cd6e16d6fc5757 Faulting application

path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll

Report

Id: 3659e46c-da13-11e1-8e83-e4d53dfedfe8

Error - 7/30/2012 3:00:13 AM | Computer Name = Admin123-HP | Source = WinMgmt | ID = 10

Description =

Error - 7/30/2012 5:44:45 PM | Computer Name = Admin123-HP | Source = WinMgmt | ID = 10

Description =

Error - 7/30/2012 6:10:36 PM | Computer Name = Admin123-HP | Source = Customer Experience Improvement Program | ID = 1008

Description =

Error - 7/31/2012 9:43:41 PM | Computer Name = Admin123-HP | Source = WinMgmt | ID = 10

Description =

Error - 7/31/2012 9:47:14 PM | Computer Name = Admin123-HP | Source = WinMgmt | ID = 10

Description =

[ Hewlett-Packard Events ]

Error - 6/15/2012 1:30:53 PM | Computer Name = Admin123-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 6/15/2012 1:32:51 PM | Computer Name = Admin123-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 6/15/2012 1:33:04 PM | Computer Name = Admin123-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 6/15/2012 1:43:16 PM | Computer Name = Admin123-HP | Source = HPSF.exe | ID = 4000

Description =

[ HP Software Framework Events ]

Error - 10/26/2011 12:38:23 AM | Computer Name = 960EC8351I5AL | Source = CaslWmi | ID = 5

Description = 2011/10/25 21:38:23.032|00000BB0|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception

occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

Error - 10/26/2011 12:38:25 AM | Computer Name = 960EC8351I5AL | Source = CaslWmi | ID = 5

Description = 2011/10/25 21:38:25.248|00000BB0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/11/2012 8:31:49 PM | Computer Name = Admin123-HP | Source = CaslWmi | ID = 5

Description = 2012/05/11 20:31:49.128|00000ECC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/11/2012 8:31:50 PM | Computer Name = Admin123-HP | Source = CaslSmBios | ID = 5

Description = 2012/05/11 20:31:50.174|00000ECC|Error |[CaslWmi]CommandDiags::A{hpCasl.enReturnCode(System.DateTime&)}|Error

attempting to parse year 2000, month 0, day 0: Year, Month, and Day parameters

describe an un-representable DateTime.

Error - 5/11/2012 8:31:56 PM | Computer Name = Admin123-HP | Source = CaslWmi | ID = 5

Description = 2012/05/11 20:31:56.324|000006C4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/11/2012 9:12:39 PM | Computer Name = Admin123-HP | Source = CaslWmi | ID = 5

Description = 2012/05/11 21:12:39.596|000003FC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/19/2012 1:14:23 PM | Computer Name = Admin123-HP | Source = CaslWmi | ID = 5

Description = 2012/05/19 13:14:23.232|000016E0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/19/2012 1:17:17 PM | Computer Name = Admin123-HP | Source = CaslWmi | ID = 5

Description = 2012/05/19 13:17:17.072|00001A64|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/19/2012 1:17:30 PM | Computer Name = Admin123-HP | Source = CaslWmi | ID = 5

Description = 2012/05/19 13:17:30.116|000014A0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/20/2012 2:22:07 PM | Computer Name = Admin123-HP | Source = CaslWmi | ID = 5

Description = 2012/05/20 14:22:07.827|00001AF0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

[ System Events ]

Error - 8/4/2012 9:15:22 PM | Computer Name = Admin123-HP | Source = Service Control Manager | ID = 7034

Description = The Skype C2C Service service terminated unexpectedly. It has done

this 1 time(s).

Error - 8/4/2012 9:21:05 PM | Computer Name = Admin123-HP | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 8/4/2012 9:25:19 PM | Computer Name = Admin123-HP | Source = Application Popup | ID = 1060

Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility

with this system. Please contact your software vendor for a compatible version

of the driver.

Error - 8/4/2012 9:31:57 PM | Computer Name = Admin123-HP | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 8/4/2012 11:17:48 PM | Computer Name = Admin123-HP | Source = DCOM | ID = 10016

Description =

Error - 8/5/2012 12:11:24 AM | Computer Name = Admin123-HP | Source = DCOM | ID = 10016

Description =

Error - 8/5/2012 1:32:16 AM | Computer Name = Admin123-HP | Source = DCOM | ID = 10016

Description =

Error - 8/5/2012 1:36:33 AM | Computer Name = Admin123-HP | Source = Service Control Manager | ID = 7022

Description = The Windows Update service hung on starting.

Error - 8/5/2012 10:59:27 AM | Computer Name = Admin123-HP | Source = DCOM | ID = 10016

Description =

Error - 8/5/2012 3:40:25 PM | Computer Name = Admin123-HP | Source = DCOM | ID = 10016

Description =

< End of report >

Share this post


Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

    :files
    C:\Windows\Installer\{29d9bd97-a400-c327-ec45-0e2f68899581}
    c:\users\admin123\appdata\local\{29d9bd97-a400-c327-ec45-0e2f68899581}
    c:\windows\assembly\gac_32\desktop.ini
    c:\windows\assembly\gac_64\desktop.ini
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Share this post


Link to post
Share on other sites

All processes killed

Error: Unable to interpret <:OTLIE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDFIE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDFIE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF:filesC:\Windows\Installer\{29d9bd97-a400-c327-ec45-0e2f68899581}c:\users\admin123\appdata\local\{29d9bd97-a400-c327-ec45-0e2f68899581}c:\windows\assembly\gac_32\desktop.inic:\windows\assembly\gac_64\desktop.iniipconfig /flushdns /c:Commands[emptytemp][clearallrestorepoints]> in the current context!

OTL by OldTimer - Version 3.2.56.0 log created on 08072012_153332

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Your script was not activated, because every entrie should be on a new line. Like this:

:OTL
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

:files
C:\Windows\Installer\{29d9bd97-a400-c327-ec45-0e2f68899581}
c:\users\admin123\appdata\local\{29d9bd97-a400-c327-ec45-0e2f68899581}
c:\windows\assembly\gac_32\desktop.ini
c:\windows\assembly\gac_64\desktop.ini
ipconfig /flushdns /c

:Commands
[emptytemp]
[clearallrestorepoints]

Share this post


Link to post
Share on other sites

Ah, I see o:

Is this right?

:OTL

IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

IE - HKU\S-1-5-21-1641636118-1598163892-1382682310-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

:files

C:\Windows\Installer\{29d9bd97-a400-c327-ec45-0e2f68899581}

c:\users\admin123\appdata\local\{29d9bd97-a400-c327-ec45-0e2f68899581}

c:\windows\assembly\gac_32\desktop.ini

c:\windows\assembly\gac_64\desktop.ini

ipconfig /flushdns /c

:Commands

[emptytemp]

[clearallrestorepoints]

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites

Are you still with me?

Yep, still with you.

All processes killed

========== OTL ==========

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.

Registry key HKEY_USERS\S-1-5-21-1641636118-1598163892-1382682310-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.

========== FILES ==========

File\Folder C:\Windows\Installer\{29d9bd97-a400-c327-ec45-0e2f68899581} not found.

File\Folder c:\users\admin123\appdata\local\{29d9bd97-a400-c327-ec45-0e2f68899581} not found.

File\Folder c:\windows\assembly\gac_32\desktop.ini not found.

File\Folder c:\windows\assembly\gac_64\desktop.ini not found.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Admin123\Desktop\cmd.bat deleted successfully.

C:\Users\Admin123\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Admin123

->Temp folder emptied: 4386767 bytes

->Temporary Internet Files folder emptied: 266307360 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 11648 bytes

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1010469 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 902 bytes

Total Files Cleaned = 259.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.57.0 log created on 08182012_021558

Files\Folders moved on Reboot...

C:\Users\Admin123\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WWWIKUEC\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully.

C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WWWIKUEC\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.

C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q1ZQJF6A\fastbutton[1].htm moved successfully.

C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PGMZTMP7\index[2].htm moved successfully.

C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

File C:\Users\Admin123\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

File C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WWWIKUEC\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot not found!

File C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WWWIKUEC\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot not found!

File C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q1ZQJF6A\fastbutton[1].htm not found!

File C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PGMZTMP7\index[2].htm not found!

File C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!

File C:\Users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Share this post


Link to post
Share on other sites

Here's the ComboFix log:

ComboFix 12-08-20.02 - Admin123 08/21/2012 0:25.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.2257 [GMT -4:00]

Running from: c:\users\Admin123\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7SCDUXP\ComboFix.exe

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Admin123\AppData\Local\Temp\{4EB39058-0184-49B1-9E48-EF6E6914BD6D}\fpb.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-07-21 to 2012-08-21 )))))))))))))))))))))))))))))))

.

.

2012-08-21 04:38 . 2012-08-21 04:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-21 04:02 . 2012-08-21 04:02 -------- d-----w- c:\program files (x86)\AVG Secure Search

2012-08-18 07:16 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys

2012-08-18 07:15 . 2012-08-18 07:15 -------- d-----w- c:\windows\PCHEALTH

2012-08-18 07:11 . 2012-06-29 03:49 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-08-18 06:15 . 2012-08-18 06:15 -------- d-----w- C:\_OTL

2012-08-17 16:37 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll

2012-08-17 16:37 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll

2012-08-17 16:37 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll

2012-08-17 16:37 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll

2012-08-17 16:37 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-17 16:37 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe

2012-08-17 16:37 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2012-08-17 16:37 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-08-17 16:37 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll

2012-08-17 16:37 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll

2012-08-17 16:36 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-08-17 16:36 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll

2012-08-09 04:50 . 2012-08-09 04:50 -------- d-----w- c:\users\Admin123\AppData\Local\PackageAware

2012-08-08 02:11 . 2012-08-08 02:11 -------- d-----w- c:\users\Admin123\AppData\Roaming\Roxio Log Files

2012-08-08 00:27 . 2012-08-09 05:05 -------- d-----w- c:\users\Admin123\AppData\Roaming\DVDVideoSoft

2012-08-07 23:38 . 2012-08-07 23:38 -------- d-----w- c:\users\Admin123\AppData\Local\Programs

2012-08-07 23:37 . 2012-08-08 01:03 -------- d-----w- c:\users\Admin123\AppData\Roaming\Apple Computer

2012-08-07 23:37 . 2012-08-07 23:37 -------- d-----w- c:\users\Admin123\AppData\Local\Apple Computer

2012-08-07 23:37 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-08-07 23:37 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-08-07 23:37 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2012-08-07 23:36 . 2012-08-07 23:36 -------- d-----w- c:\program files\iPod

2012-08-07 23:36 . 2012-08-07 23:36 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2012-08-07 23:36 . 2012-08-07 23:36 -------- d-----w- c:\program files\iTunes

2012-08-07 23:36 . 2012-08-07 23:36 -------- d-----w- c:\program files (x86)\iTunes

2012-08-07 23:36 . 2012-08-07 23:36 -------- d-----w- c:\programdata\Apple Computer

2012-08-07 23:35 . 2012-08-07 23:35 -------- d-----w- c:\users\Admin123\AppData\Local\Apple

2012-08-07 23:35 . 2012-08-07 23:35 -------- d-----w- c:\program files (x86)\Apple Software Update

2012-08-07 23:34 . 2012-08-07 23:34 -------- d-----w- c:\program files\Common Files\Apple

2012-08-07 23:34 . 2012-08-07 23:34 -------- d-----w- c:\program files (x86)\Bonjour

2012-08-07 23:34 . 2012-08-07 23:34 -------- d-----w- c:\program files\Bonjour

2012-08-07 23:34 . 2012-08-07 23:36 -------- d-----w- c:\program files (x86)\Common Files\Apple

2012-08-07 23:34 . 2012-08-07 23:35 -------- d-----w- c:\programdata\Apple

2012-08-07 20:17 . 2012-08-07 20:17 -------- d-----w- c:\program files\Google

2012-08-06 01:43 . 2012-08-06 01:43 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-06 01:26 . 2012-08-06 01:26 -------- d-----w- c:\program files (x86)\TeamViewer

2012-08-06 01:20 . 2012-08-06 01:20 -------- d-----w- c:\users\Admin123\temp

2012-08-06 01:20 . 2012-08-06 01:20 -------- d-----w- c:\users\Admin123\AppData\Roaming\TeamViewer

2012-08-05 23:03 . 2012-08-05 23:05 -------- d-----w- c:\users\Admin123\AppData\Roaming\AVG

2012-08-05 21:47 . 2012-08-05 21:47 -------- d-----w- c:\users\Admin123\AppData\Local\AVG Secure Search

2012-08-05 21:47 . 2012-08-21 04:02 -------- d-----w- c:\programdata\AVG Secure Search

2012-08-05 21:47 . 2012-08-21 04:02 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2012-08-05 21:47 . 2012-08-05 21:47 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search

2012-08-05 21:46 . 2012-08-21 04:02 -------- d-----w- c:\windows\SysWow64\drivers\AVG

2012-08-05 21:44 . 2012-08-05 21:44 -------- d-----w- C:\$AVG

2012-08-05 21:44 . 2012-08-05 22:26 -------- d-----w- c:\programdata\AVG2012

2012-08-05 21:43 . 2012-08-21 03:59 -------- d-----w- c:\program files (x86)\AVG

2012-08-05 21:24 . 2012-08-21 04:03 -------- d-----w- c:\programdata\MFAData

2012-08-05 21:24 . 2012-08-05 21:24 -------- d--h--w- c:\programdata\Common Files

2012-08-05 19:44 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F37733ED-2048-4C0A-BF88-BEA4CE3E8EB1}\mpengine.dll

2012-08-04 21:38 . 2012-08-05 04:19 -------- d-----w- c:\program files\GIMP 2

2012-08-04 21:24 . 2012-08-04 21:24 -------- d-----w- c:\users\Admin123\AppData\Roaming\OpenOffice.org

2012-08-04 18:43 . 2012-08-05 04:19 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com

2012-08-04 18:42 . 2012-08-04 21:17 -------- d-----w- c:\programdata\Tarma Installer

2012-08-04 18:40 . 2012-08-04 21:16 -------- d-----w- c:\programdata\WeCareReminder

2012-07-30 06:09 . 2012-07-30 06:09 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-07-30 03:54 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-07-30 03:54 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-07-30 02:24 . 2012-08-21 04:03 -------- d-----w- c:\users\Admin123\AppData\Local\Google

2012-07-30 02:23 . 2012-08-08 02:11 -------- d-----w- c:\program files (x86)\Google

2012-07-29 19:05 . 2012-07-29 19:05 -------- d-----w- c:\program files (x86)\McAfee

2012-07-24 14:56 . 2012-07-24 14:56 -------- d-----w- c:\windows\Sun

2012-07-24 06:58 . 2012-07-29 19:05 -------- d-----w- c:\programdata\McAfee

2012-07-24 06:58 . 2012-08-17 18:00 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-24 06:58 . 2012-08-17 18:00 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-23 22:06 . 2012-07-23 22:06 -------- d-----w- c:\users\Admin123\AppData\Local\Diagnostics

2012-07-23 17:42 . 2012-07-23 17:42 -------- d-----w- c:\programdata\Blio

2012-07-23 17:42 . 2012-07-23 17:44 -------- d-----w- c:\users\Admin123\AppData\Roaming\Blio

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-18 07:02 . 2012-05-12 02:04 62134624 ----a-w- c:\windows\system32\MRT.exe

2012-06-09 05:43 . 2012-07-11 19:05 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-06-06 06:06 . 2012-07-11 19:04 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-11 19:04 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-10 20:33 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-11 19:04 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-11 19:04 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-11 19:05 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-02 22:19 . 2012-06-19 01:39 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-19 01:39 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-19 01:39 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-19 01:39 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-19 01:39 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-19 01:39 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-19 01:39 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-19 01:39 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:15 . 2012-06-19 01:39 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 05:50 . 2012-07-11 19:05 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-11 19:05 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:48 . 2012-07-11 19:05 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:45 . 2012-07-11 19:05 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-11 19:05 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-11 19:05 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-11 19:05 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-10 20:33 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-11 19:05 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2012-05-31 16:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-08-21 04:02 2045024 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll" [2012-08-21 2045024]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ooVoo.exe"="c:\program files (x86)\ooVoo\ooVoo.exe" [2012-05-29 25249400]

"FreeScreenSharing"="c:\users\Admin123\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe" [2011-11-22 2204488]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-07 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-15 343168]

"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]

"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-08-21 1162848]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-08-21 1020512]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-9-20 1338144]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-07 136176]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-17 250056]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-01 138912]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-07 136176]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-11 18288]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-12 1255736]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-17 79488]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-17 40064]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-21 31080]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-16 204288]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-15 361984]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]

S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-03-14 197504]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-08-29 2424424]

S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-26 5790064]

S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-26 487280]

S2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [2012-08-21 927840]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-16 10206208]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-16 317952]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]

S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2011-09-21 133672]

S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-09-21 620584]

S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-09-21 89640]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-21 39976]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-08-29 339048]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-08-18 53376]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 18:00]

.

2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-07 20:16]

.

2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-07 20:16]

.

2012-08-18 c:\windows\Tasks\HPCeeScheduleForADMIN123-HP$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]

.

2012-08-18 c:\windows\Tasks\HPCeeScheduleForAdmin123.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-08 1424896]

"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.33.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll

.

- - - - ORPHANS REMOVED - - - -

.

HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-08-21 01:11:42

ComboFix-quarantined-files.txt 2012-08-21 05:11

.

Pre-Run: 236,934,184,960 bytes free

Post-Run: 236,690,210,816 bytes free

.

- - End Of File - - F2B2C39CAAB18893209A4CF50A700D3D

Share this post


Link to post
Share on other sites

Good! :)

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Share this post


Link to post
Share on other sites

I'm having trouble scanning...like it'll scan until 100%, but it'll only be in Step 3...? And I let the laptop scan since about 5 PM, and it's 12 AM now and it's only at 28%?

Share this post


Link to post
Share on other sites

Things are going smoothly I suppose, but I'm confused as to why this time it found nothing... LOL When you know how the first time I scanned to 100% but it was only at Step 3 of 4 it found 9 things.

Share this post


Link to post
Share on other sites

Okie dokies! Thank you so much, Maniac! You helped me so much and I'm so glad that you could help me so quickly and so patiently! :D <333 I will be sending you a donation very soon!

Share this post


Link to post
Share on other sites

Edit: My mother won't let me send you a donation, but I promise that when I open my own bank account, I will definitely still remember to!

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.