C:\Windows\svchost.exe

Solved
By brandetwine
Nov 18, 2012
  1. PC was operating fine and then without warning it just showed a blue screen with white writing and shut down. After it booted back up same thing once again. Ultimately once the computer stayed on long enough I downloaded Malwarebytes Anti-Malware along with AVG 2013 and ran both of those while in safe mode. I kept the text log of the results saved to my desktop. After rebooting PC normally the message from Malwarebytes Anti-Malware informing me that it had encountered a potential threat from C:\Windows\svchost.exe and gave me the option to quarantine it, which I did and rebooted again. Same Error. Please Can someone help me with this!
  2. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. brandetwine

    brandetwine Newcomer, in training Topic Starter Posts: 37

    DDS.txt
    DDS (Ver_2012-11-07.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16455
    Run by Carol at 13:48:12 on 2012-11-18
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.6367 [GMT -5:00]
    .
    AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
    C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\Explorer.EXE
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
    EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
    uRun: [Google Update] "C:\Users\Carol\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [AdobeBridge] <no file>
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [Conime] C:\Windows\System32\conime.exe
    mRun: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    StartupFolder: C:\Users\Carol\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    TCP: NameServer = 208.180.42.68 208.180.42.100 192.168.1.1
    TCP: Interfaces\{B05EEB29-6F1C-476D-A84F-3F1591495A49} : DHCPNameServer = 208.180.42.68 208.180.42.100 192.168.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j64d1ggv.default\
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Carol\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-7-1 53488]
    R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-28 361984]
    R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
    R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-11-2 1340976]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
    R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200]
    R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-18 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-18 676936]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
    R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-9-2 2735528]
    R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-9-22 46136]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-18 25928]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2009-7-1 1152000]
    R3 VST64_DPV;VST64_DPV;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    R3 VST64HWBS2;VST64HWBS2;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136]
    S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-2 1255736]
    S4 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2009-7-1 226832]
    .
    =============== Created Last 30 ================
    .
    2012-11-18 18:38:5820480----a-w-C:\Windows\svchost.exe
    2012-11-18 15:16:47--------d-----w-C:\Users\Carol\AppData\Roaming\AVG2013
    2012-11-18 15:13:21--------d-----w-C:\Users\Carol\AppData\Roaming\TuneUp Software
    2012-11-18 15:11:51--------d--h--w-C:\$AVG
    2012-11-18 15:11:51--------d-----w-C:\ProgramData\AVG2013
    2012-11-18 15:10:42--------d-----w-C:\Program Files (x86)\AVG
    2012-11-18 15:08:27--------d--h--w-C:\ProgramData\Common Files
    2012-11-18 15:08:27--------d-----w-C:\Users\Carol\AppData\Local\MFAData
    2012-11-18 15:08:27--------d-----w-C:\Users\Carol\AppData\Local\Avg2013
    2012-11-18 15:08:27--------d-----w-C:\ProgramData\MFAData
    2012-11-18 15:00:25--------d-----w-C:\Users\Carol\AppData\Roaming\Malwarebytes
    2012-11-18 15:00:1325928----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-11-18 15:00:13--------d-----w-C:\ProgramData\Malwarebytes
    2012-11-18 15:00:13--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-18 14:50:20--------d-----w-C:\Program Files (x86)\Phoenix Viewer
    2012-11-17 08:09:099728----a-w-C:\Windows\System32\Wdfres.dll
    2012-11-17 08:09:09785512----a-w-C:\Windows\System32\drivers\Wdf01000.sys
    2012-11-17 08:09:0954376----a-w-C:\Windows\System32\drivers\WdfLdr.sys
    2012-11-17 08:09:092560----a-w-C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2012-11-17 08:00:5387040----a-w-C:\Windows\System32\drivers\WUDFPf.sys
    2012-11-17 08:00:5384992----a-w-C:\Windows\System32\WUDFSvc.dll
    2012-11-17 08:00:5345056----a-w-C:\Windows\System32\WUDFCoinstaller.dll
    2012-11-17 08:00:53198656----a-w-C:\Windows\System32\drivers\WUDFRd.sys
    2012-11-17 08:00:53194048----a-w-C:\Windows\System32\WUDFPlatform.dll
    2012-11-17 08:00:51744448----a-w-C:\Windows\System32\WUDFx.dll
    2012-11-17 08:00:51229888----a-w-C:\Windows\System32\WUDFHost.exe
    2012-11-16 17:55:289291768----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4A0A6016-6DCD-4BCA-AE24-7C8E00D89510}\mpengine.dll
    2012-11-14 02:33:26--------d-----w-C:\Users\Carol\AppData\Local\avinationviewer
    2012-11-12 04:18:24159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-11-12 04:18:24159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-11-12 04:18:24159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-11-12 04:18:24159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-11-12 04:18:24159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-11-12 04:18:24159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-11-12 04:18:24159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-11-10 19:38:25--------d-----w-C:\Program Files (x86)\QAvimator
    2012-11-10 03:09:41--------d-----w-C:\Program Files (x86)\Firestorm-Release
    2012-10-30 20:25:15--------d-----w-C:\Users\Carol\AppData\Roaming\Blender Foundation
    2012-10-30 20:14:15--------d-----w-C:\Program Files\Blender Foundation
    2012-10-29 01:23:21--------d-----w-C:\ProgramData\Visan
    2012-10-29 01:23:21--------d-----w-C:\ProgramData\PrintProjects
    2012-10-29 01:23:21--------d-----w-C:\Program Files (x86)\PrintProjects
    2012-10-29 01:21:30--------d-----w-C:\Windows\SysWow64\kodak
    2012-10-29 00:29:50--------d-----w-C:\Users\Carol\AppData\Local\Mozilla
    2012-10-29 00:29:06--------d-----w-C:\Program Files (x86)\Cisco Systems
    2012-10-29 00:27:14--------d-----w-C:\ProgramData\Cisco Systems
    2012-10-25 08:12:2694208----a-w-C:\Windows\SysWow64\QuickTimeVR.qtx
    2012-10-25 08:12:2669632----a-w-C:\Windows\SysWow64\QuickTime.qts
    2012-10-22 18:02:44154464----a-w-C:\Windows\System32\drivers\avgidsdrivera.sys
    .
    ==================== Find3M ====================
    .
    2012-11-07 03:54:5573656----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-07 03:54:55697272----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-10-18 18:25:583149824----a-w-C:\Windows\System32\win32k.sys
    2012-10-15 13:50:12122368----a-w-C:\Windows\System32\EKaio2WiaCoInst.dll
    2012-10-15 13:50:1010240----a-w-C:\Windows\System32\EKaio2WiaCoInstRes.dll
    2012-10-15 08:48:5063328----a-w-C:\Windows\System32\drivers\avgidsha.sys
    2012-10-09 18:17:1355296----a-w-C:\Windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13226816----a-w-C:\Windows\System32\dhcpcore6.dll
    2012-10-09 17:40:3144032----a-w-C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31193536----a-w-C:\Windows\SysWow64\dhcpcore6.dll
    2012-10-08 11:31:032312704----a-w-C:\Windows\System32\jscript9.dll
    2012-10-08 11:23:521392128----a-w-C:\Windows\System32\wininet.dll
    2012-10-08 11:22:551494528----a-w-C:\Windows\System32\inetcpl.cpl
    2012-10-08 11:18:22173056----a-w-C:\Windows\System32\ieUnatt.exe
    2012-10-08 11:17:35599040----a-w-C:\Windows\System32\vbscript.dll
    2012-10-08 11:13:332382848----a-w-C:\Windows\System32\mshtml.tlb
    2012-10-08 07:56:241800704----a-w-C:\Windows\SysWow64\jscript9.dll
    2012-10-08 07:48:031129472----a-w-C:\Windows\SysWow64\wininet.dll
    2012-10-08 07:47:441427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2012-10-08 07:44:05142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2012-10-08 07:43:21420864----a-w-C:\Windows\SysWow64\vbscript.dll
    2012-10-08 07:40:562382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-10-05 08:32:50111456----a-w-C:\Windows\System32\drivers\avgmfx64.sys
    2012-10-03 17:56:541914248----a-w-C:\Windows\System32\drivers\tcpip.sys
    2012-10-03 17:44:2170656----a-w-C:\Windows\System32\nlaapi.dll
    2012-10-03 17:44:21303104----a-w-C:\Windows\System32\nlasvc.dll
    2012-10-03 17:44:17246272----a-w-C:\Windows\System32\netcorehc.dll
    2012-10-03 17:44:1718944----a-w-C:\Windows\System32\netevent.dll
    2012-10-03 17:44:16216576----a-w-C:\Windows\System32\ncsi.dll
    2012-10-03 17:42:16569344----a-w-C:\Windows\System32\iphlpsvc.dll
    2012-10-03 16:42:2418944----a-w-C:\Windows\SysWow64\netevent.dll
    2012-10-03 16:42:24175104----a-w-C:\Windows\SysWow64\netcorehc.dll
    2012-10-03 16:42:23156672----a-w-C:\Windows\SysWow64\ncsi.dll
    2012-10-03 16:07:2645568----a-w-C:\Windows\System32\drivers\tcpipreg.sys
    2012-10-02 08:30:38185696----a-w-C:\Windows\System32\drivers\avgldx64.sys
    2012-09-29 18:48:361793536----a-w-C:\Windows\System32\EKAiO2MON.dll
    2012-09-29 18:48:24183808----a-w-C:\Windows\System32\EKAiO2COI10.dll
    2012-09-25 22:47:4378336----a-w-C:\Windows\SysWow64\synceng.dll
    2012-09-25 22:46:1795744----a-w-C:\Windows\System32\synceng.dll
    2012-09-21 08:46:04200032----a-w-C:\Windows\System32\drivers\avgtdia.sys
    2012-09-21 08:46:00225120----a-w-C:\Windows\System32\drivers\avgloga.sys
    2012-09-14 19:19:292048----a-w-C:\Windows\System32\tzres.dll
    2012-09-14 18:28:532048----a-w-C:\Windows\SysWow64\tzres.dll
    2012-09-14 08:05:1840800----a-w-C:\Windows\System32\drivers\avgrkx64.sys
    2012-09-04 15:39:3250296----a-w-C:\Windows\System32\drivers\avgfwd6a.sys
    2012-08-31 18:19:351659760----a-w-C:\Windows\System32\drivers\ntfs.sys
    2012-08-30 18:03:455559664----a-w-C:\Windows\System32\ntoskrnl.exe
    2012-08-30 17:12:023968880----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12:023914096----a-w-C:\Windows\SysWow64\ntoskrnl.exe
    2012-08-24 18:05:07220160----a-w-C:\Windows\System32\wintrust.dll
    2012-08-24 16:57:48172544----a-w-C:\Windows\SysWow64\wintrust.dll
    2012-08-22 18:12:40950128----a-w-C:\Windows\System32\drivers\ndis.sys
    2012-08-22 18:12:40376688----a-w-C:\Windows\System32\drivers\netio.sys
    2012-08-22 18:12:33288624----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-08-21 21:01:00245760----a-w-C:\Windows\System32\OxpsConverter.exe
    2012-08-20 18:48:44362496----a-w-C:\Windows\System32\wow64win.dll
    2012-08-20 18:48:44243200----a-w-C:\Windows\System32\wow64.dll
    2012-08-20 18:48:4413312----a-w-C:\Windows\System32\wow64cpu.dll
    2012-08-20 18:48:43215040----a-w-C:\Windows\System32\winsrv.dll
    2012-08-20 18:48:3716384----a-w-C:\Windows\System32\ntvdm64.dll
    2012-08-20 18:48:35424448----a-w-C:\Windows\System32\KernelBase.dll
    .
    ============= FINISH: 13:48:43.24 ===============

    attach.txt
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-07.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 9/22/2011 3:14:44 PM
    System Uptime: 11/18/2012 1:36:51 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0F896N
    Processor: AMD Phenom(tm) 8450e Triple-Core Processor | AM2 | 2100/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 581 GiB total, 448.402 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 7.959 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Realtek RTL8102E/8103E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
    Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_02E21028&REV_02\4&9CB6A98&0&0038
    Manufacturer: Realtek
    Name: Realtek RTL8102E/8103E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
    PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_02E21028&REV_02\4&9CB6A98&0&0038
    Service: RTL8169
    .
    ==== System Restore Points ===================
    .
    RP71: 8/24/2012 5:34:43 PM - Windows Update
    RP72: 8/24/2012 9:01:27 PM - Windows Update
    RP73: 8/28/2012 8:25:15 PM - Windows Update
    RP74: 9/1/2012 1:54:55 AM - Windows Update
    RP75: 9/4/2012 9:23:10 PM - Windows Update
    RP76: 9/5/2012 3:00:10 AM - Windows Update
    RP77: 9/12/2012 3:02:26 AM - Windows Update
    RP78: 9/12/2012 10:36:07 PM - Installed Microsoft Visual C++ 2005 Redistributable
    RP79: 9/13/2012 3:00:11 AM - Windows Update
    RP80: 9/18/2012 12:00:11 AM - Restore Operation
    RP81: 9/18/2012 12:07:23 AM - Windows Update
    RP82: 9/18/2012 12:24:01 AM - Removed QuickTime
    RP83: 9/18/2012 12:27:26 AM - Installed QuickTime
    RP84: 9/18/2012 2:12:19 AM - Removed QuickTime
    RP85: 9/18/2012 2:16:27 AM - Installed QuickTime
    RP86: 9/18/2012 3:00:25 AM - Windows Update
    RP87: 9/21/2012 9:19:55 PM - Windows Update
    RP88: 9/22/2012 3:00:11 AM - Windows Update
    RP89: 9/26/2012 1:36:58 AM - Windows Update
    RP90: 9/26/2012 3:00:11 AM - Windows Update
    RP91: 9/29/2012 1:08:24 PM - Windows Update
    RP92: 10/3/2012 7:24:28 PM - Windows Update
    RP93: 10/9/2012 8:43:20 PM - Windows Update
    RP94: 10/10/2012 3:00:13 AM - Windows Update
    RP95: 10/13/2012 9:29:29 PM - Removed HP Update.
    RP96: 10/16/2012 5:11:34 PM - Windows Update
    RP97: 10/19/2012 6:24:42 PM - Windows Update
    RP98: 10/29/2012 1:22:14 AM - Windows Update
    RP99: 11/2/2012 3:23:52 PM - Windows Update
    RP100: 11/6/2012 4:59:04 PM - Windows Update
    RP101: 11/9/2012 9:34:48 PM - Windows Update
    RP102: 11/13/2012 9:32:01 PM - Installed Avination Viewer 0.3.2 FL III
    RP103: 11/16/2012 6:16:23 AM - Windows Update
    RP104: 11/17/2012 3:00:13 AM - Windows Update
    RP105: 11/18/2012 9:46:16 AM - Removed Avination Viewer 0.3.2 FL III
    RP106: 11/18/2012 10:10:22 AM - Installed AVG 2013
    RP107: 11/18/2012 10:10:58 AM - Installed AVG 2013
    .
    ==== Installed Programs ======================
    .
    64 Bit HP CIO Components Installer
    AC3Filter 1.63b
    Acrobat.com
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Community Help
    Adobe CSI CS4
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Photoshop CS4
    Adobe Photoshop CS5
    Adobe Reader 9
    Adobe Setup
    aioscnnr
    AMD Catalyst Install Manager
    AMD Fuel
    AMD VISION Engine Control Center
    Apple Application Support
    Apple Software Update
    ArcSoft Panorama Maker 6
    AVG 2013
    Blender
    C4USelfUpdater
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help English
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Spanish
    center
    Choice Guard
    Cisco Connect
    Compatibility Pack for the 2007 Office system
    Conexant D850 PCI V.92 Modem
    Dell-eBay
    Dell Dock
    Dell Driver Download Manager
    Dell Edoc Viewer
    Dell Getting Started Guide
    Digital Line Detect
    essentials
    Firestorm-Release (remove only)
    GIMP 2.8.2
    Google Chrome
    HP Update
    Java Auto Updater
    Java(TM) 6 Update 13 (64-bit)
    Java(TM) 6 Update 32
    Junk Mail filter update
    Kodak AIO Printer
    KODAK AiO Software
    Malwarebytes Anti-Malware version 1.65.1.1000
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Works
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_ATL_x86_x64
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFC_x86_x64
    Mozilla Firefox 16.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NetWaiting
    Nikon Message Center 2
    Nikon Movie Editor
    ocr
    PDF Settings CS5
    Phoenix Viewer 1.6.0.1691
    Picture Control Utility x64
    Platform
    PowerDVD
    PreReq
    PrintProjects
    QuickTime
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Skype Click to Call
    Skype™ 5.10
    Suite Shared Configuration CS4
    TeamViewer 7
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    VIA Platform Device Manager
    ViewNX 2
    Visual Studio 2010 x64 Redistributables
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    WinRAR 4.20 (32-bit)
    XP Codec Pack
    Yahoo! Detect
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/18/2012 10:24:21 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    11/18/2012 10:24:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    11/18/2012 10:24:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    11/18/2012 10:24:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    11/18/2012 10:24:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    11/18/2012 10:24:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/18/2012 10:23:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    11/18/2012 10:23:39 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002e7266b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111812-33212-01.
    11/18/2012 10:23:33 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgfwfd AVGIDSDriver Avgldx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
    11/18/2012 10:23:32 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    11/18/2012 10:23:32 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/18/2012 10:23:32 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/18/2012 10:23:32 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/18/2012 10:23:32 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/18/2012 10:23:31 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/18/2012 10:23:31 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/18/2012 10:23:31 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    11/18/2012 10:23:31 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/18/2012 10:23:31 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/18/2012 10:23:31 AM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/18/2012 1:37:41 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    11/17/2012 12:52:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002ec90c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111712-27144-01.
    11/17/2012 12:49:10 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002f020c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111712-27034-01.
    11/17/2012 12:34:39 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x000000007fefe213, 0x0000000000000002, 0x0000000000000001, 0xfffff80002ece0c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111712-24336-01.
    11/16/2012 10:36:29 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Carol-PC\Carol SID (S-1-5-21-3734378697-4225080175-1229890197-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    11/12/2012 2:37:18 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    .
    ==== End Of File ===========================

    Malware report:
    Malwarebytes Anti-Malware (Trial) 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.18.02

    Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
    Internet Explorer 9.0.8112.16421
    Carol :: CAROL-PC [administrator]

    Protection: Disabled

    11/18/2012 10:51:36 AM
    mbam-log-2012-11-18 (10-51-36).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 422657
    Time elapsed: 44 minute(s), 52 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 1188 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)
  4. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ********************************************

    Download Malwarebytes Anti-Rootkit from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  5. brandetwine

    brandetwine Newcomer, in training Topic Starter Posts: 37

    I downloaded the Malwarebytes Anti-Rootkit and when I extracted it to my desktop and tried to run it I received this error : The program can't start because QtGui4.dll is missing from your computer. Try reinstalling the program to fix this problem.
  6. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  7. brandetwine

    brandetwine Newcomer, in training Topic Starter Posts: 37

    Ok on after the scan I did have 1 thing that needed to be cured and then I had to reboot. On startup I did not have to quarantine the svchost.exe so Im assuming thats a good sign :) and if I am not mistaken this is what you need to see

    15:17:16.0565 5056 WinRM - ok
    15:17:16.0611 5056 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    15:17:16.0612 5056 WinUsb - ok
    15:17:16.0640 5056 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    15:17:16.0665 5056 Wlansvc - ok
    15:17:16.0671 5056 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    15:17:16.0672 5056 WmiAcpi - ok
    15:17:16.0702 5056 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    15:17:16.0706 5056 wmiApSrv - ok
    15:17:16.0722 5056 WMPNetworkSvc - ok
    15:17:16.0733 5056 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    15:17:16.0737 5056 WPCSvc - ok
    15:17:16.0750 5056 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    15:17:16.0753 5056 WPDBusEnum - ok
    15:17:16.0785 5056 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    15:17:16.0786 5056 ws2ifsl - ok
    15:17:16.0795 5056 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    15:17:16.0799 5056 wscsvc - ok
    15:17:16.0803 5056 WSearch - ok
    15:17:16.0871 5056 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    15:17:16.0915 5056 wuauserv - ok
    15:17:16.0963 5056 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    15:17:16.0964 5056 WudfPf - ok
    15:17:17.0066 5056 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    15:17:17.0093 5056 WUDFRd - ok
    15:17:17.0117 5056 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    15:17:17.0120 5056 wudfsvc - ok
    15:17:17.0135 5056 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    15:17:17.0141 5056 WwanSvc - ok
    15:17:17.0149 5056 ================ Scan global ===============================
    15:17:17.0175 5056 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    15:17:17.0208 5056 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    15:17:17.0224 5056 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    15:17:17.0250 5056 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    15:17:17.0283 5056 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    15:17:17.0286 5056 [Global] - ok
    15:17:17.0287 5056 ================ Scan MBR ==================================
    15:17:17.0301 5056 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    15:17:17.0302 5056 Suspicious mbr (Forged): \Device\Harddisk0\DR0
    15:17:17.0368 5056 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    15:17:17.0368 5056 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    15:17:17.0369 5056 ================ Scan VBR ==================================
    15:17:17.0384 5056 [ 7916EC1EFA4CD21B962FA8AC00FDC056 ] \Device\Harddisk0\DR0\Partition1
    15:17:17.0385 5056 \Device\Harddisk0\DR0\Partition1 - ok
    15:17:17.0389 5056 [ 2D0B1D17B2AFE2F8814F63972FC56674 ] \Device\Harddisk0\DR0\Partition2
    15:17:17.0390 5056 \Device\Harddisk0\DR0\Partition2 - ok
    15:17:17.0391 5056 ============================================================
    15:17:17.0391 5056 Scan finished
    15:17:17.0391 5056 ============================================================
    15:17:17.0402 3752 Detected object count: 1
    15:17:17.0402 3752 Actual detected object count: 1
    15:19:07.0569 3752 \Device\Harddisk0\DR0\# - copied to quarantine
    15:19:07.0571 3752 \Device\Harddisk0\DR0 - copied to quarantine
    15:19:07.0601 3752 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    15:19:07.0603 3752 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    15:19:07.0615 3752 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    15:19:07.0621 3752 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    15:19:07.0622 3752 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    15:19:07.0623 3752 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    15:19:07.0625 3752 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    15:19:07.0627 3752 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    15:19:07.0629 3752 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    15:19:07.0631 3752 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    15:19:07.0633 3752 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    15:19:07.0634 3752 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    15:19:07.0637 3752 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    15:19:07.0638 3752 \Device\Harddisk0\DR0 - ok
    15:19:07.0667 3752 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    15:19:13.0563 0180 Deinitialize success
  8. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    Very well :)

    Re-run MBAM and post new log.

    Download fresh copy of Malwarebytes Anti-Rootkit and see if it'll run.
  9. brandetwine

    brandetwine Newcomer, in training Topic Starter Posts: 37

    Ok downloaded a new copy and tried it again and same error on my last post I attempted to locate the file manually in my computer and there is a file called QtGui4.dll on my PC even though I am receiving this error and when I attempted to view the file my PC immediately went to a blue screen with some crash report and shut down. I don't know if you want this but I kept a text log of my AVG scan because there was 1 infected item at the top that will not resolve the information may be of value to what is going on. I have highlighted it in bold.

    AVG LOG
    "";"The file is signed with a broken digital signature, issued by: Dell Inc., C:\Users\Carol\Documents\Modem Diagnostic Tool";"Infected"
    "";"IRP hook, \Driver\atapi IRP_MJ_WRITE -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
    "";"IRP hook, \Driver\atapi IRP_MJ_SYSTEM_CONTROL -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
    "";"IRP hook, \Driver\atapi IRP_MJ_SHUTDOWN -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
    "";"IRP hook, \Driver\atapi IRP_MJ_SET_VOLUME_INFORMATION -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
    "";"IRP hook, \Driver\atapi IRP_MJ_SET_SECURITY -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
    "";"IRP hook, \Driver\atapi IRP_MJ_SET_QUOTA -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
    "";"IRP hook, \Driver\atapi IRP_MJ_SET_INFORMATION -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
    "";"IRP hook, \Driver\atapi IRP_MJ_SET_EA -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
    "";"IRP hook, \Driver\atapi IRP_MJ_QUERY_VOLUME_INFORMATION -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
    "";"IRP hook, \Driver\atapi IRP_MJ_QUERY_SECURITY -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
    "";"IRP hook, \Driver\atapi IRP_MJ_QUERY_QUOTA -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
    "";"IRP hook, \Driver\atapi IRP_MJ_QUERY_INFORMATION -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
    "";"IRP hook, \Driver\atapi IRP_MJ_POWER -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
    "";"IRP hook, \Driver\atapi IRP_MJ_PNP -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
    "";"IRP hook, \Driver\atapi IRP_MJ_LOCK_CONTROL -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
    "";"IRP hook, \Driver\atapi IRP_MJ_FLUSH_BUFFERS -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
    "";"IRP hook, \Driver\atapi IRP_MJ_FILE_SYSTEM_CONTROL -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
    "";"IRP hook, \Driver\atapi IRP_MJ_DIRECTORY_CONTROL -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
    "";"IRP hook, \Driver\atapi IRP_MJ_DEVICE_CONTROL -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
    "";"IRP hook, \Driver\atapi IRP_MJ_DEVICE_CHANGE -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
    "";"IRP hook, \Driver\atapi IRP_MJ_CREATE_NAMED_PIPE -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
    "";"IRP hook, \Driver\atapi IRP_MJ_CREATE_MAILSLOT -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
    "";"IRP hook, \Driver\atapi IRP_MJ_CREATE -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
    "";"IRP hook, \Driver\atapi IRP_MJ_CLOSE -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
    "";"Trojan horse Generic30.WAV, C:\Windows\System32\csrss.exe (616)";"Secured"
    "";"Trojan horse Generic30.WAV, C:\Windows\System32\csrss.exe (696)";"Secured"
    "";"Trojan horse Generic30.WAV, C:\Windows\System32\svchost.exe (1084)";"Secured"
    "";"Trojan horse Generic30.WAV, C:\Windows\System32\smss.exe (276)";"Secured"
  10. Broni

    Broni Malware Annihilator Posts: 45,208   +243

  11. brandetwine

    brandetwine Newcomer, in training Topic Starter Posts: 37

    Sorry I didn't make it very clear when I went back and read my post but I am still receiving the same error "The program can't start because QtGui4.dll is missing from your computer. Try reinstalling the program to fix this problem." when trying to run this file. And what my program is called is mbar.exe is that the same thing?
  12. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    LOL...I'm talking about re-running MBAM not MBAR.
  13. brandetwine

    brandetwine Newcomer, in training Topic Starter Posts: 37

    KK lol... doing that now... MBAM & MBAR my head is spinning
     
  14. brandetwine

    brandetwine Newcomer, in training Topic Starter Posts: 37

    Malwarebytes Anti-Malware (Trial) 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.18.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Carol :: CAROL-PC [administrator]

    Protection: Enabled

    11/18/2012 4:05:47 PM
    mbam-log-2012-11-18 (17-04-00).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 414742
    Time elapsed: 57 minute(s), 47 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\TDSSKiller_Quarantine\18.11.2012_15.16.58\mbr0000\tdlfs0000\tsk0002.dta (Trojan.Agent.MRGGen) -> No action taken.
    C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

    (end)
  15. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    Your log says "No action taken".
    Re-run MBAM, FIX all issues and post new log.

    Now, regarding MBAR error...
    I asked at MBAM forum and...
    Please let me know.
  16. brandetwine

    brandetwine Newcomer, in training Topic Starter Posts: 37

    Ok the scan is halfway thru and I re-downloaded a new version of the MBAR can I go ahead with it while this scan is in progress or do I need to wait>
  17. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    Wait.

    I need to know..
    Previously did you try to run unzipped file?
  18. brandetwine

    brandetwine Newcomer, in training Topic Starter Posts: 37

    Yes my exact steps were to open the folder and extract it to my desktop... The only way I got it working was to get my friend to send me this file we both use about the same programs and I knew more than likely she would have it... Once she sent it to me through skype and I saved it, I re-downloaded a fresh version of MBAR and did the exact same steps and it now gives me no errors... this file was associated with Qavimatior she said
  19. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    I'm very confused as what you're saying but since it'll work go ahead with fresh MBAM and then MBAR.
  20. brandetwine

    brandetwine Newcomer, in training Topic Starter Posts: 37

    Ok well my MBAM just finished this was the full scan and it reported no threats so I will go ahead with the MBAR now
  21. brandetwine

    brandetwine Newcomer, in training Topic Starter Posts: 37

    Finished running the MBAR and it said no cleanup necessary
  22. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    Always post logs no matter what they say.
  23. brandetwine

    brandetwine Newcomer, in training Topic Starter Posts: 37

    It didnt give me a log
  24. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  25. brandetwine

    brandetwine Newcomer, in training Topic Starter Posts: 37

    ComboFix 12-11-16.02 - Carol 11/18/2012 18:48:52.1.3 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.5852 [GMT -5:00]
    Running from: c:\users\Carol\Desktop\ComboFix.exe
    AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
    SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-18 to 2012-11-18 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-18 23:53 . 2012-11-18 23:53--------d-----w-c:\users\Default\AppData\Local\temp
    2012-11-18 20:19 . 2012-11-18 20:19--------d-----w-C:\TDSSKiller_Quarantine
    2012-11-18 18:56 . 2012-11-18 18:56--------d-----w-c:\users\Carol\AppData\Local\ElevatedDiagnostics
    2012-11-18 15:16 . 2012-11-18 15:16--------d-----w-c:\users\Carol\AppData\Roaming\AVG2013
    2012-11-18 15:13 . 2012-11-18 15:13--------d-----w-c:\users\Carol\AppData\Roaming\TuneUp Software
    2012-11-18 15:11 . 2012-11-18 18:26--------d-----w-c:\programdata\AVG2013
    2012-11-18 15:11 . 2012-11-18 15:11--------d-----w-C:\$AVG
    2012-11-18 15:10 . 2012-11-18 15:10--------d-----w-c:\program files (x86)\AVG
    2012-11-18 15:08 . 2012-11-18 22:01--------d-----w-c:\programdata\MFAData
    2012-11-18 15:08 . 2012-11-18 15:26--------d-----w-c:\users\Carol\AppData\Local\Avg2013
    2012-11-18 15:08 . 2012-11-18 15:08--------d--h--w-c:\programdata\Common Files
    2012-11-18 15:08 . 2012-11-18 15:08--------d-----w-c:\users\Carol\AppData\Local\MFAData
    2012-11-18 15:00 . 2012-11-18 15:00--------d-----w-c:\users\Carol\AppData\Roaming\Malwarebytes
    2012-11-18 15:00 . 2012-11-18 15:00--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-11-18 15:00 . 2012-11-18 15:00--------d-----w-c:\programdata\Malwarebytes
    2012-11-18 15:00 . 2012-09-30 00:5425928----a-w-c:\windows\system32\drivers\mbam.sys
    2012-11-18 14:50 . 2012-11-18 14:50--------d-----w-c:\program files (x86)\Phoenix Viewer
    2012-11-17 08:09 . 2012-07-26 04:55785512----a-w-c:\windows\system32\drivers\Wdf01000.sys
    2012-11-17 08:09 . 2012-07-26 04:5554376----a-w-c:\windows\system32\drivers\WdfLdr.sys
    2012-11-17 08:09 . 2012-07-26 04:472560----a-w-c:\windows\system32\drivers\en-US\wdf01000.sys.mui
    2012-11-17 08:09 . 2012-07-26 02:369728----a-w-c:\windows\system32\Wdfres.dll
    2012-11-17 08:00 . 2012-07-26 03:0884992----a-w-c:\windows\system32\WUDFSvc.dll
    2012-11-17 08:00 . 2012-07-26 03:0845056----a-w-c:\windows\system32\WUDFCoinstaller.dll
    2012-11-17 08:00 . 2012-07-26 03:08194048----a-w-c:\windows\system32\WUDFPlatform.dll
    2012-11-17 08:00 . 2012-07-26 02:2687040----a-w-c:\windows\system32\drivers\WUDFPf.sys
    2012-11-17 08:00 . 2012-07-26 02:26198656----a-w-c:\windows\system32\drivers\WUDFRd.sys
    2012-11-17 08:00 . 2012-07-26 03:08229888----a-w-c:\windows\system32\WUDFHost.exe
    2012-11-17 08:00 . 2012-07-26 03:08744448----a-w-c:\windows\system32\WUDFx.dll
    2012-11-16 17:55 . 2012-10-12 07:199291768----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A0A6016-6DCD-4BCA-AE24-7C8E00D89510}\mpengine.dll
    2012-11-14 02:33 . 2012-11-17 03:57--------d-----w-c:\users\Carol\AppData\Local\avinationviewer
    2012-11-12 04:18 . 2012-11-12 04:18159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-11-12 04:18 . 2012-11-12 04:18159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-11-12 04:18 . 2012-11-12 04:18159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-11-12 04:18 . 2012-11-12 04:18159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-11-12 04:18 . 2012-11-12 04:18159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-11-12 04:18 . 2012-11-12 04:18159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-11-12 04:18 . 2012-11-12 04:18159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-11-12 04:18 . 2012-11-12 04:18--------d-----w-c:\program files (x86)\QuickTime
    2012-11-12 04:18 . 2012-11-12 04:18--------d-----w-c:\programdata\Apple Computer
    2012-11-10 19:38 . 2012-11-10 19:38--------d-----w-c:\program files (x86)\QAvimator
    2012-11-10 03:09 . 2012-11-10 03:10--------d-----w-c:\program files (x86)\Firestorm-Release
    2012-10-30 20:25 . 2012-10-30 20:25--------d-----w-c:\users\Carol\AppData\Roaming\Blender Foundation
    2012-10-30 20:14 . 2012-10-30 20:14--------d-----w-c:\program files\Blender Foundation
    2012-10-29 01:23 . 2012-10-29 01:23--------d-----w-c:\programdata\Visan
    2012-10-29 01:23 . 2012-10-29 01:23--------d-----w-c:\programdata\PrintProjects
    2012-10-29 01:23 . 2012-10-29 01:23--------d-----w-c:\program files (x86)\PrintProjects
    2012-10-29 01:21 . 2012-10-29 01:21--------d-----w-c:\windows\SysWow64\kodak
    2012-10-29 00:29 . 2012-10-29 00:29--------d-----w-c:\users\Carol\AppData\Local\Mozilla
    2012-10-29 00:29 . 2012-10-29 00:29--------d-----w-c:\program files (x86)\Cisco Systems
    2012-10-29 00:27 . 2012-10-29 00:27--------d-----w-c:\programdata\Cisco Systems
    2012-10-25 08:12 . 2012-10-25 08:1294208----a-w-c:\windows\SysWow64\QuickTimeVR.qtx
    2012-10-25 08:12 . 2012-10-25 08:1269632----a-w-c:\windows\SysWow64\QuickTime.qts
    2012-10-22 18:02 . 2012-10-22 18:02154464----a-w-c:\windows\system32\drivers\avgidsdrivera.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-17 08:01 . 2011-10-08 05:3566395536----a-w-c:\windows\system32\MRT.exe
    2012-11-07 03:54 . 2012-06-28 04:49697272----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-11-07 03:54 . 2011-10-07 03:2773656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-15 13:50 . 2012-10-15 13:50122368----a-w-c:\windows\system32\EKaio2WiaCoInst.dll
    2012-10-15 13:50 . 2012-10-15 13:5010240----a-w-c:\windows\system32\EKaio2WiaCoInstRes.dll
    2012-10-15 08:48 . 2012-10-15 08:4863328----a-w-c:\windows\system32\drivers\avgidsha.sys
    2012-10-05 08:32 . 2012-10-05 08:32111456----a-w-c:\windows\system32\drivers\avgmfx64.sys
    2012-10-02 08:30 . 2012-10-02 08:30185696----a-w-c:\windows\system32\drivers\avgldx64.sys
    2012-09-29 18:48 . 2012-09-29 18:481793536----a-w-c:\windows\system32\EKAiO2MON.dll
    2012-09-29 18:48 . 2012-09-29 18:48183808----a-w-c:\windows\system32\EKAiO2COI10.dll
    2012-09-21 08:46 . 2012-09-21 08:46200032----a-w-c:\windows\system32\drivers\avgtdia.sys
    2012-09-21 08:46 . 2012-09-21 08:46225120----a-w-c:\windows\system32\drivers\avgloga.sys
    2012-09-14 19:19 . 2012-10-10 00:432048----a-w-c:\windows\system32\tzres.dll
    2012-09-14 18:28 . 2012-10-10 00:432048----a-w-c:\windows\SysWow64\tzres.dll
    2012-09-14 08:05 . 2012-09-14 08:0540800----a-w-c:\windows\system32\drivers\avgrkx64.sys
    2012-09-04 15:39 . 2012-09-04 15:3950296----a-w-c:\windows\system32\drivers\avgfwd6a.sys
    2012-08-31 18:19 . 2012-10-10 00:441659760----a-w-c:\windows\system32\drivers\ntfs.sys
    2012-08-30 18:03 . 2012-10-10 00:445559664----a-w-c:\windows\system32\ntoskrnl.exe
    2012-08-30 17:12 . 2012-10-10 00:443968880----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12 . 2012-10-10 00:443914096----a-w-c:\windows\SysWow64\ntoskrnl.exe
    2012-08-24 18:05 . 2012-10-10 00:43220160----a-w-c:\windows\system32\wintrust.dll
    2012-08-24 16:57 . 2012-10-10 00:43172544----a-w-c:\windows\SysWow64\wintrust.dll
    2012-08-22 18:12 . 2012-09-18 04:09950128----a-w-c:\windows\system32\drivers\ndis.sys
    2012-08-22 18:12 . 2012-09-18 04:09376688----a-w-c:\windows\system32\drivers\netio.sys
    2012-08-22 18:12 . 2012-09-18 04:09288624----a-w-c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-21 21:01 . 2012-09-26 05:36245760----a-w-c:\windows\system32\OxpsConverter.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
    "Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2012-10-15 2844608]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
    "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
    .
    c:\users\Carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-25 1255736]
    R4 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [2009-01-13 226832]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
    S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
    S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-11-14 53488]
    S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
    S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
    S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2012-11-02 1340976]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
    S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200]
    S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
    S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-24 2735528]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-04-28 1152000]
    S3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    S3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-28 03:54]
    .
    2012-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3734378697-4225080175-1229890197-1000Core.job
    - c:\users\Carol\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-25 20:24]
    .
    2012-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3734378697-4225080175-1229890197-1000UA.job
    - c:\users\Carol\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-25 20:24]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.yahoo.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    Trusted Zone: microsoft.com\oas.support
    Trusted Zone: microsoft.com\support
    TCP: DhcpNameServer = 208.180.42.68 208.180.42.100 192.168.1.1
    FF - ProfilePath - c:\users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j64d1ggv.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
    Wow6432Node-HKLM-RunOnce-Z1 - c:\users\Carol\AppData\Local\Temp\Rar$EXa0.960\mbar\mbar.exe
    SafeBoot-41546512.sys
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-11-18 18:55:58
    ComboFix-quarantined-files.txt 2012-11-18 23:55
    .
    Pre-Run: 483,131,633,664 bytes free
    Post-Run: 484,843,253,760 bytes free
    .
    - - End Of File - - 8466DDDD9E44A72415259784FAF3B6CF


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.