TechSpot

Win64/Patched.A virus..urgent help needed by desperate novice

Solved
By LadyhawkeX
Nov 21, 2012
  1. LadyhawkeX

    LadyhawkeX TS Rookie Topic Starter Posts: 60

    Ok done here is the log part 1


    ComboFix 12-11-24.02 - Cecilia 24/11/2012 18:05:00.1.4 - x64

    Microsoft Windows 7 Professional 6.1.7601.1.1252.353.1033.18.4012.2102 [GMT 0:00]

    Running from: c:\users\Cecilia\Desktop\ComboFix.exe

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\programdata\Roaming

    .

    .

    ((((((((((((((((((((((((( Files Created from 2012-10-24 to 2012-11-24 )))))))))))))))))))))))))))))))

    .

    .

    2012-11-24 18:11 . 2012-11-24 18:11 -------- d-----w- c:\users\Default\AppData\Local\temp

    2012-11-22 22:42 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

    2012-11-22 22:42 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

    2012-11-22 22:42 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

    2012-11-22 22:42 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

    2012-11-22 18:43 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

    2012-11-21 17:45 . 2012-11-21 17:45 -------- d-----w- C:\FRST

    2012-11-20 18:06 . 2012-11-20 21:26 -------- d-----w- c:\program files (x86)\Mega Codec Pack

    2012-11-20 18:05 . 2012-11-20 18:05 -------- d-----w- c:\users\Cecilia\AppData\Roaming\Media Player Classic

    2012-11-13 21:03 . 2012-11-20 21:23 -------- d-----w- c:\program files (x86)\Essentials Codec Pack

    2012-11-13 21:02 . 2012-11-13 21:02 -------- d-----w- c:\program files (x86)\Yontoo

    2012-11-13 21:01 . 2012-11-13 21:01 -------- d-----w- c:\windows\SysWow64\C2MP

    2012-11-11 20:57 . 2012-11-11 20:57 39904 ----a-w- c:\windows\SysWow64\dischandler.exe

    2012-11-11 17:46 . 2012-11-11 17:46 4012544 ----a-w- c:\windows\system32\ffmpeg.dll

    2012-11-11 17:45 . 2012-11-11 17:45 474624 ----a-w- c:\windows\system32\ff_kernelDeint.dll

    2012-11-11 17:45 . 2012-11-11 17:45 127488 ----a-w- c:\windows\system32\ff_vfw.dll

    2012-11-11 17:45 . 2012-11-11 17:45 4376576 ----a-w- c:\windows\system32\ffdshow.ax

    2012-11-11 17:45 . 2012-11-11 17:45 156672 ----a-w- c:\windows\system32\ff_libmad.dll

    2012-11-11 17:44 . 2012-11-11 17:44 631296 ----a-w- c:\windows\system32\TomsMoComp_ff.dll

    2012-11-11 17:44 . 2012-11-11 17:44 114688 ----a-w- c:\windows\system32\ff_wmv9.dll

    2012-11-11 17:44 . 2012-11-11 17:44 223232 ----a-w- c:\windows\system32\ff_libdts.dll

    2012-11-11 17:44 . 2012-11-11 17:44 183296 ----a-w- c:\windows\system32\ff_unrar.dll

    2012-11-11 17:44 . 2012-11-11 17:44 1532928 ----a-w- c:\windows\system32\ff_samplerate.dll

    2012-11-11 17:44 . 2012-11-11 17:44 116224 ----a-w- c:\windows\system32\ff_liba52.dll

    2012-11-11 17:42 . 2012-11-11 17:42 3915776 ----a-w- c:\windows\SysWow64\ffmpeg.dll

    2012-11-11 17:41 . 2012-11-11 17:41 112640 ----a-w- c:\windows\SysWow64\ff_vfw.dll

    2012-11-11 17:41 . 2012-11-11 17:41 3504128 ----a-w- c:\windows\SysWow64\ffdshow.ax

    2012-11-11 17:41 . 2012-11-11 17:41 271360 ----a-w- c:\windows\SysWow64\TomsMoComp_ff.dll

    2012-11-11 17:40 . 2012-11-11 17:40 99840 ----a-w- c:\windows\SysWow64\ff_wmv9.dll

    2012-11-11 17:40 . 2012-11-11 17:40 157184 ----a-w- c:\windows\SysWow64\ff_unrar.dll

    2012-11-11 17:40 . 2012-11-11 17:40 211968 ----a-w- c:\windows\SysWow64\ff_libdts.dll

    2012-11-11 17:40 . 2012-11-11 17:40 1525760 ----a-w- c:\windows\SysWow64\ff_samplerate.dll

    2012-11-11 17:40 . 2012-11-11 17:40 147456 ----a-w- c:\windows\SysWow64\ff_libmad.dll

    2012-11-11 17:40 . 2012-11-11 17:40 114688 ----a-w- c:\windows\SysWow64\ff_liba52.dll

    2012-11-11 13:34 . 2012-11-11 13:34 503464 ----a-w- c:\windows\system32\LAVSplitter.ax

    2012-11-11 13:34 . 2012-11-11 13:34 405200 ----a-w- c:\windows\system32\swscale-lav-2.dll

    2012-11-11 13:34 . 2012-11-11 13:34 364712 ----a-w- c:\windows\system32\IntelQuickSyncDecoder.dll

    2012-11-11 13:34 . 2012-11-11 13:34 274600 ----a-w- c:\windows\system32\LAVAudio.ax

    2012-11-11 13:34 . 2012-11-11 13:34 252792 ----a-w- c:\windows\system32\avutil-lav-52.dll

    2012-11-11 13:34 . 2012-11-11 13:34 215720 ----a-w- c:\windows\system32\libbluray.dll

    2012-11-11 13:34 . 2012-11-11 13:34 178472 ----a-w- c:\windows\system32\avresample-lav-1.dll

    2012-11-11 13:34 . 2012-11-11 13:34 1497768 ----a-w- c:\windows\system32\LAVVideo.ax

    2012-11-11 13:34 . 2012-11-11 13:34 8000584 ----a-w- c:\windows\system32\avcodec-lav-54.dll

    2012-11-11 13:34 . 2012-11-11 13:34 181568 ----a-w- c:\windows\system32\avfilter-lav-3.dll

    2012-11-11 13:34 . 2012-11-11 13:34 1137384 ----a-w- c:\windows\system32\avformat-lav-54.dll

    2012-11-11 13:32 . 2012-11-11 13:32 7870928 ----a-w- c:\windows\SysWow64\avcodec-lav-54.dll

    2012-11-11 13:32 . 2012-11-11 13:32 413864 ----a-w- c:\windows\SysWow64\LAVSplitter.ax

    2012-11-11 13:32 . 2012-11-11 13:32 382120 ----a-w- c:\windows\SysWow64\swscale-lav-2.dll

    2012-11-11 13:32 . 2012-11-11 13:32 281768 ----a-w- c:\windows\SysWow64\IntelQuickSyncDecoder.dll

    2012-11-11 13:32 . 2012-11-11 13:32 241832 ----a-w- c:\windows\SysWow64\LAVAudio.ax

    2012-11-11 13:32 . 2012-11-11 13:32 238528 ----a-w- c:\windows\SysWow64\avutil-lav-52.dll

    2012-11-11 13:32 . 2012-11-11 13:32 183976 ----a-w- c:\windows\SysWow64\libbluray.dll

    2012-11-11 13:32 . 2012-11-11 13:32 167728 ----a-w- c:\windows\SysWow64\avfilter-lav-3.dll

    2012-11-11 13:32 . 2012-11-11 13:32 158096 ----a-w- c:\windows\SysWow64\avresample-lav-1.dll

    2012-11-11 13:32 . 2012-11-11 13:32 1182696 ----a-w- c:\windows\SysWow64\avformat-lav-54.dll

    2012-11-11 13:32 . 2012-11-11 13:32 1172648 ----a-w- c:\windows\SysWow64\LAVVideo.ax

    2012-11-08 18:21 . 2012-11-08 18:21 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software

    2012-11-08 12:45 . 2012-11-08 12:45 -------- d-----w- c:\users\Cecilia\AppData\Roaming\TuneUp Software

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-11-22 22:31 . 2011-11-26 16:43 66395536 ----a-w- c:\windows\system32\MRT.exe

    2012-10-20 10:47 . 2012-10-20 10:47 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

    2012-10-20 10:47 . 2012-10-20 10:47 161792 ----a-w- c:\windows\SysWow64\msls31.dll

    2012-10-20 10:47 . 2012-10-20 10:47 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

    2012-10-20 10:47 . 2012-10-20 10:47 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

    2012-10-20 10:47 . 2012-10-20 10:47 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

    2012-10-20 10:47 . 2012-10-20 10:47 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

    2012-10-20 10:47 . 2012-10-20 10:47 367104 ----a-w- c:\windows\SysWow64\html.iec

    2012-10-20 10:47 . 2012-10-20 10:47 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

    2012-10-20 10:47 . 2012-10-20 10:47 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

    2012-10-20 10:47 . 2012-10-20 10:47 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

    2012-10-20 10:47 . 2012-10-20 10:47 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

    2012-10-20 10:47 . 2012-10-20 10:47 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

    2012-10-20 10:47 . 2012-10-20 10:47 222208 ----a-w- c:\windows\system32\msls31.dll

    2012-10-20 10:47 . 2012-10-20 10:47 197120 ----a-w- c:\windows\system32\msrating.dll

    2012-10-20 10:47 . 2012-10-20 10:47 152064 ----a-w- c:\windows\SysWow64\wextract.exe

    2012-10-20 10:47 . 2012-10-20 10:47 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

    2012-10-20 10:47 . 2012-10-20 10:47 11776 ----a-w- c:\windows\SysWow64\mshta.exe

    2012-10-20 10:47 . 2012-10-20 10:47 101888 ----a-w- c:\windows\SysWow64\admparse.dll

    2012-10-20 10:47 . 2012-10-20 10:47 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

    2012-10-20 10:47 . 2012-10-20 10:47 89088 ----a-w- c:\windows\system32\ie4uinit.exe

    2012-10-20 10:47 . 2012-10-20 10:47 85504 ----a-w- c:\windows\system32\iesetup.dll

    2012-10-20 10:47 . 2012-10-20 10:47 82432 ----a-w- c:\windows\system32\icardie.dll

    2012-10-20 10:47 . 2012-10-20 10:47 76800 ----a-w- c:\windows\system32\tdc.ocx

    2012-10-20 10:47 . 2012-10-20 10:47 65024 ----a-w- c:\windows\system32\pngfilt.dll

    2012-10-20 10:47 . 2012-10-20 10:47 55296 ----a-w- c:\windows\system32\msfeedsbs.dll

    2012-10-20 10:47 . 2012-10-20 10:47 534528 ----a-w- c:\windows\system32\ieapfltr.dll

    2012-10-20 10:47 . 2012-10-20 10:47 49664 ----a-w- c:\windows\system32\imgutil.dll

    2012-10-20 10:47 . 2012-10-20 10:47 48640 ----a-w- c:\windows\system32\mshtmler.dll

    2012-10-20 10:47 . 2012-10-20 10:47 452608 ----a-w- c:\windows\system32\dxtmsft.dll

    2012-10-20 10:47 . 2012-10-20 10:47 448512 ----a-w- c:\windows\system32\html.iec

    2012-10-20 10:47 . 2012-10-20 10:47 403248 ----a-w- c:\windows\system32\iedkcs32.dll

    2012-10-20 10:47 . 2012-10-20 10:47 39936 ----a-w- c:\windows\system32\iernonce.dll

    2012-10-20 10:47 . 2012-10-20 10:47 3695416 ----a-w- c:\windows\system32\ieapfltr.dat

    2012-10-20 10:47 . 2012-10-20 10:47 30720 ----a-w- c:\windows\system32\licmgr10.dll

    2012-10-20 10:47 . 2012-10-20 10:47 282112 ----a-w- c:\windows\system32\dxtrans.dll

    2012-10-20 10:47 . 2012-10-20 10:47 267776 ----a-w- c:\windows\system32\ieaksie.dll

    2012-10-20 10:47 . 2012-10-20 10:47 249344 ----a-w- c:\windows\system32\webcheck.dll

    2012-10-20 10:47 . 2012-10-20 10:47 163840 ----a-w- c:\windows\system32\ieakui.dll

    2012-10-20 10:47 . 2012-10-20 10:47 160256 ----a-w- c:\windows\system32\wextract.exe

    2012-10-20 10:47 . 2012-10-20 10:47 160256 ----a-w- c:\windows\system32\ieakeng.dll

    2012-10-20 10:47 . 2012-10-20 10:47 149504 ----a-w- c:\windows\system32\occache.dll

    2012-10-20 10:47 . 2012-10-20 10:47 145920 ----a-w- c:\windows\system32\iepeers.dll

    2012-10-20 10:47 . 2012-10-20 10:47 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

    2012-10-20 10:47 . 2012-10-20 10:47 12288 ----a-w- c:\windows\system32\mshta.exe

    2012-10-20 10:47 . 2012-10-20 10:47 114176 ----a-w- c:\windows\system32\admparse.dll

    2012-10-20 10:47 . 2012-10-20 10:47 111616 ----a-w- c:\windows\system32\iesysprep.dll

    2012-10-20 10:47 . 2012-10-20 10:47 10752 ----a-w- c:\windows\system32\msfeedssync.exe

    2012-10-20 10:47 . 2012-10-20 10:47 103936 ----a-w- c:\windows\system32\inseng.dll

    2012-10-20 10:47 . 2012-10-20 10:47 165888 ----a-w- c:\windows\system32\iexpress.exe

    2012-10-16 08:36 . 2012-10-16 08:36 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin

    2012-10-10 19:06 . 2012-04-02 11:28 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

    2012-10-10 19:06 . 2011-12-02 12:02 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2012-09-24 00:03 . 2012-09-24 00:03 1289728 ----a-w- c:\windows\SysWow64\VSFilter.dll

    2012-09-14 19:19 . 2012-10-09 20:11 2048 ----a-w- c:\windows\system32\tzres.dll

    2012-09-14 18:28 . 2012-10-09 20:11 2048 ----a-w- c:\windows\SysWow64\tzres.dll

    2012-08-31 18:19 . 2012-10-09 20:11 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

    2012-08-30 18:03 . 2012-10-09 20:11 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

    2012-08-30 17:12 . 2012-10-09 20:11 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

    2012-08-30 17:12 . 2012-10-09 20:11 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
     
  2. LadyhawkeX

    LadyhawkeX TS Rookie Topic Starter Posts: 60

    Part 2


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

    2012-10-24 00:36 194928 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "VoipBuster"="c:\program files (x86)\VoipBuster.com\VoipBuster\voipbuster.exe" [2012-09-11 23069600]

    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-11-17 673168]

    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

    "VAIO Boot Manager"="c:\program files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe" [2010-12-08 734608]

    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

    "MMReminderService"="c:\program files (x86)\Mindjet\MindManager 10\MMReminderService.exe" [2011-11-10 38248]

    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]

    "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    "PromptOnSecureDesktop"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

    "LoadAppInit_DLLs"=1 (0x1)

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

    "aux3"=wdmaud.drv

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

    @=""

    .

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

    R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-11-03 344616]

    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-11-03 39464]

    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]

    R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-11-04 133632]

    R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-11-04 114304]

    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]

    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-01-03 340072]

    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-26 1255736]

    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

    S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]

    S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]

    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-22 204288]

    S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]

    S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]

    S2 FPLService;TrueSuiteService;c:\program files\TrueSuite\TrueSuite.Service.exe [2010-12-13 290632]

    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]

    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-07 2429544]

    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

    S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]

    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-05 2656280]

    S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-12-06 584080]

    S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-12-09 923024]

    S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys [2010-12-10 894240]

    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]

    S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2012-05-25 12312832]

    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]

    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-11-01 80384]

    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-11-01 180736]

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-30 425064]

    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-04-26 12032]

    S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]

    S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]

    S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]

    .

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB}]

    2011-11-10 12:14 1409 ----a-r- c:\program files (x86)\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbs

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 19:06]

    .

    2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-30 05:47]

    .

    2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-30 05:47]

    .

    2012-11-24 c:\windows\Tasks\SDMsgUpdate (TE).job

    - c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2012-04-12 18:22]
     
  3. LadyhawkeX

    LadyhawkeX TS Rookie Topic Starter Posts: 60

    Part 3


    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-03 11490408]

    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-03 2179688]

    "ClientAppLogon"="c:\program files\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2010-12-13 421192]

    "ClientAppLogon32"="c:\program files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe" [2010-12-13 308040]

    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-25 167744]

    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-25 417088] CFB3B6278FB1

    .

    ------- Supplementary Scan -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    uStart Page = hxxp://www.searchnu.com/406

    mLocal Page = c:\windows\SysWOW64\blank.htm

    uInternet Settings,ProxyOverride = <local>;*.local

    IE:

    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

    IE: Send Image To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201

    IE: Send Link To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203

    IE: Send Page To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204

    IE: Send Text To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202

    TCP: DhcpNameServer = 192.168.15.1

    FF - ProfilePath - c:\users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\

    FF - prefs.js: browser.search.selectedEngine - Google

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/

    FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=394&systemid=406&sr=0&q=

    FF - user.js: extentions.y2layers.installId - a3b41b51-1749-4bc0-84c1-5a23a13a3be2

    FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,ezLooker,pagerage,buzzdock,toprelatedtopics

    FF - user.js: extensions.autoDisableScopes - 14

    FF - user.js: extensions.incredibar_i.newTab - false

    FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQF2OoGpg&loc=IB_TB&I=26&search=

    FF - user.js: extensions.incredibar_i.id - c8fc4ae90000000000008ca9825b7235

    FF - user.js: extensions.incredibar_i.instlDay - 15551

    FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

    FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

    FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1416:04

    FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

    FF - user.js: extensions.incredibar_i.prdct - incredibar

    FF - user.js: extensions.incredibar_i.aflt - orgnl

    FF - user.js: extensions.incredibar_i.smplGrp - none

    FF - user.js: extensions.incredibar_i.tlbrId - base

    FF - user.js: extensions.incredibar_i.instlRef -

    FF - user.js: extensions.incredibar_i.dfltLng -

    FF - user.js: extensions.incredibar_i.excTlbr - false

    FF - user.js: extensions.incredibar_i.ms_url_id -

    FF - user.js: extensions.incredibar_i.upn2 - 6PQF2OoGpg

    FF - user.js: extensions.incredibar_i.upn2n - 92543320008558118

    FF - user.js: extensions.incredibar_i.productid - 26

    FF - user.js: extensions.incredibar_i.installerproductid - 26

    FF - user.js: extensions.incredibar_i.did - 10658

    FF - user.js: extensions.incredibar_i.ppd -

    FF - user.js: extentions.y2layers.installId - a046e4e2-bb98-405a-bc9d-bb325126bceb

    FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers

    .

    - - - - ORPHANS REMOVED - - - -

    .

    BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll

    Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll

    Toolbar-10 - (no file)

    Toolbar-10 - (no file)

    HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe

    .

    .

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]

    "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.11"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\McAfee]

    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    Completion time: 2012-11-24 18:14:06

    ComboFix-quarantined-files.txt 2012-11-24 18:14

    .

    Pre-Run: 269,963,243,520 bytes free

    Post-Run: 269,466,918,912 bytes free

    .
    - - End Of File - - DFFDF7A1F54FB21CC1F3
     
  4. LadyhawkeX

    LadyhawkeX TS Rookie Topic Starter Posts: 60

    Lletme know when I can reinstall my anti virus... feeling a bit exposed here !-( and tahanks so much again for your support!!!
     
  5. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Combofix log looks good.

    Any current issues?

    You can reinstall AVG now.

    ==========================

    Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    ==========================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  6. LadyhawkeX

    LadyhawkeX TS Rookie Topic Starter Posts: 60

    Here is the log from ADW...should I do the 2nd part of this(the uninstall now? wasn't sure if you had to look at the log first... told you I was a novice..

    # AdwCleaner v2.009 - Logfile created 11/24/2012 at 21:04:18
    # Updated 24/11/2012 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (64 bits)
    # User : Cecilia - SILVER
    # Boot Mode : Normal
    # Running from : C:\Users\Cecilia\Desktop\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****
    Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
    File Deleted : C:\Users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\searchplugins\MyStart Search.xml
    File Deleted : C:\Users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\searchplugins\Search_Results.xml
    Folder Deleted : C:\Program Files (x86)\AVG Secure Search
    Folder Deleted : C:\Program Files (x86)\Yontoo
    Folder Deleted : C:\Program Files\Web Assistant
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\ProgramData\Partner
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Users\Cecilia\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Cecilia\AppData\Local\Ilivid Player
    Folder Deleted : C:\Users\Cecilia\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\Cecilia\AppData\LocalLow\searchquband
    Folder Deleted : C:\Users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\extensions\ffxtlbr@incredibar.com
    Folder Deleted : C:\Users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\extensions\plugin@yontoo.com
    Folder Deleted : C:\Users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\Searchqutoolbar
    ***** [Registry] *****
    Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16421
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/406 --> hxxp://www.google.com
    -\\ Mozilla Firefox v16.0.2 (en-GB)
    Profile name : default
    File : C:\Users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\prefs.js
    C:\Users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\user.js ... Deleted !
    Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\13.2.0.4");
    Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Deleted : user_pref("browser.search.order.1", "Search Results");
    Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
    Deleted : user_pref("extensions.5027cbc9e6d77.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
    Deleted : user_pref("extensions.enabledAddons", "ffxtlbr@incredibar.com:1.5.0,plugin@yontoo.com:1.20.00,avg@to[...]
    Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
    Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
    Deleted : user_pref("extensions.incredibar_i.did", "10658");
    Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
    Deleted : user_pref("extensions.incredibar_i.id", "c8fc4ae90000000000008ca9825b7235");
    Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
    Deleted : user_pref("extensions.incredibar_i.instlDay", "15551");
    Deleted : user_pref("extensions.incredibar_i.instlRef", "");
    Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
    Deleted : user_pref("extensions.incredibar_i.newTab", false);
    Deleted : user_pref("extensions.incredibar_i.ppd", "");
    Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
    Deleted : user_pref("extensions.incredibar_i.productid", "26");
    Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
    Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
    Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
    Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQF2OoGpg&loc=IB[...]
    Deleted : user_pref("extensions.incredibar_i.upn2", "6PQF2OoGpg");
    Deleted : user_pref("extensions.incredibar_i.upn2n", "92543320008558118");
    Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
    Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1416:04:00");
    Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
    Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={DC82B78D-E5A6-4FFD-9E8A-966FE3A3DB7F}&m[...]
    -\\ Google Chrome v [Unable to get version]
    File : C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Preferences
    Deleted [l.4] : homepage = "hxxp://www.searchnu.com/406",
    Deleted [l.8] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ]
    Deleted [l.46] : homepage = "hxxp://www.searchnu.com/406",
    Deleted [l.61] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ]
    *************************
    AdwCleaner[S1].txt - [7521 octets] - [24/11/2012 21:04:18]
    ########## EOF - C:\AdwCleaner[S1].txt - [7581 octets] ##########
     
  7. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Yes. Uninstall AdwCleaner.

     
  8. LadyhawkeX

    LadyhawkeX TS Rookie Topic Starter Posts: 60

    Unisatlled it... here is the OTL Extra log

    OTL Extras logfile created on: 24/11/2012 23:09:56 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cecilia\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    3.92 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 32.90% Memory free
    7.83 Gb Paging File | 5.27 Gb Available in Paging File | 67.28% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.33 Gb Total Space | 249.45 Gb Free Space | 55.27% Space Free | Partition Type: NTFS

    Computer Name: SILVER | User Name: Cecilia | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-2489319110-3914873036-576177692-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01A1BF2C-922D-4725-9AD3-E74EED6D5F5B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{07115FAB-A29E-4E3D-AE50-C71B5CFD441E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{091D062F-BC40-484C-9B94-252CDF7D13AC}" = lport=139 | protocol=6 | dir=in | app=system |
    "{1A3EBDC2-4CCC-42AA-9240-2FFAE2BC8FFC}" = rport=445 | protocol=6 | dir=out | app=system |
    "{21A846AB-4B38-4C8D-86A0-8268692C0F47}" = rport=138 | protocol=17 | dir=out | app=system |
    "{3D110CE4-E6C0-4D6E-8529-1DD45D6126AC}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{56D30B4E-7850-4E40-8CAD-090B472D6FC1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{5A9164AF-DC0F-4742-B2AF-3BEFA046968D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{6091F3AB-8070-4208-BC85-ECF4AD19D535}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{6C5EDB9F-81FB-41E3-9BCF-91E6EE1C8B82}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6D4E4DCF-C7B5-49E8-8AD4-24BBAB9387EB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{708FE1FA-AF73-4293-8F86-2F70060569F7}" = rport=139 | protocol=6 | dir=out | app=system |
    "{77264DF4-C228-4869-ACAF-DD4F45B5DF0C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{8147A994-A722-4F3C-8554-016BD1FF77FD}" = lport=445 | protocol=6 | dir=in | app=system |
    "{821D59AB-F5C6-4FB3-9F14-4021799CFB93}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{926B7BA2-D5B8-4D3B-B543-CDCD24363A5E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{944CC722-D9CE-4A17-94DE-8C5C6E5BE855}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{9632863B-A495-4EF5-AF41-1875EC51B9F6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{A0D35EC9-76CF-4A63-8991-1072F591A572}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A547457A-F6A6-4B4D-80CD-864358F38F67}" = lport=137 | protocol=17 | dir=in | app=system |
    "{AA66AE14-F2F3-4031-BE79-3826A4D1EC36}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{AD32CDFC-0616-4843-8B26-F8B0479152FC}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{CA08D1C3-F7AC-42A9-A158-FF17EF366442}" = lport=138 | protocol=17 | dir=in | app=system |
    "{CC278859-EAA0-45A2-AB37-825384B61526}" = rport=137 | protocol=17 | dir=out | app=system |
    "{DBDC8770-B7CC-4929-903E-25EE04174C67}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E12884E1-E5AA-4B26-91C5-637F220FA710}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00F2DDE1-D67A-4E14-8326-EDFDD51300E5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{047C78EA-C910-49BE-AE07-3252F69B27CA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{0EAAE4CD-9DB0-478E-A0E9-F39043332176}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{0F2E35D0-AB6F-486D-AE2E-110AAA944A08}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{0FBFD8C8-7347-48A7-BAF7-79D4325B2B7C}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
    "{1392A926-0ACD-454D-9002-D656140C7B6B}" = protocol=6 | dir=in | app=c:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe |
    "{139593FA-38A7-4147-9E72-9696CCC02C92}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{21A648DD-B1FF-4CED-BDB5-99CC719EBE1B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{24435E97-A49C-4A79-B05F-8DEDC14DFDC7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{27A9E0B3-EB20-4616-8677-F51E212756C8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{2A214838-D425-46EF-A85E-0D8039302BA3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{2AC08A30-E554-4E3F-ACFC-6A920D9F86EA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{324D3EA8-10A4-4058-A3A1-0AD46DA3414D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{347423CD-8B85-4136-B5C4-8847232EA299}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{3831A6D6-C188-4C42-92B4-3708D93805BC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{39A1E818-E56F-4605-A165-74D3C2460767}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{4205C6EB-8471-485B-841A-7F1E964382F6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{448DB2EF-F829-4D9C-A37C-256CE1BBA1A7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{4ABFD4BC-3B96-49F4-A275-6AECA3A0FF8F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{4F60BA12-31B0-476C-91C9-7455EA307A03}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{51DAE64F-6FF9-463E-B1CF-EBFD77335093}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{5AED60A7-F112-42B4-89DD-91743101291E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62506E26-03C7-49A8-A41F-2D9C836003F0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{6C364DAE-3F1A-4EEA-A95F-F7EF961B19B9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{6DCFDC92-E6FB-470C-ADAF-91911658DA73}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{721AF09A-7356-42EA-8AB4-47D06C7E5EAE}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{7240BDE3-94AA-4D73-AA8E-D479E9F9B99C}" = protocol=17 | dir=in | app=c:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe |
    "{73EFC116-05CE-47E7-8996-58C3FF4AA543}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{7F9C0CA4-1693-4FD5-9861-95D4DCAD920D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{7FA0F9EE-B2FA-444C-A5F2-EFD63F7D525A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{83497747-C91C-48FE-8FE7-FEAB406ED110}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
    "{8980B25D-F8CB-4F2B-AE92-CC44904924B1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{8F1EB679-BF09-4B1B-8420-A02BEB6FC73E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{937E81C4-3E3D-490E-AFA0-22DC0D75B893}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{95521C2C-4F08-4379-A5AD-63CFEB3B15D4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{9C639952-07EE-4AA5-BFDE-7A9E1D069A09}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{9E900F6E-C6AF-4AA3-8B78-44AF9109E526}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{A16D8703-C07C-440C-AE5B-1D8457F4478F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{AD3DAB04-D4BF-405D-A23B-4F9DA00F0097}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B6E8E116-60A1-4E2F-BD5C-D6D4162A624D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{BAF3BAD7-334A-4EFF-9B7F-265ADC0A210A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{D1848F30-99C4-417F-9B77-9075B7FD424E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{D2F1BA71-797F-41BF-B490-1BC06B298657}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{D8848C7F-9869-4BA4-AC3F-3D5F3795F488}" = protocol=6 | dir=out | app=system |
    "{E17B229B-DBA9-47E4-A66A-A9BB7711BA0A}" = protocol=17 | dir=in | app=c:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe |
    "{E5CC50E9-67B3-4568-9D96-ECD8700A5479}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{E739E9F6-246B-410F-A422-A75CCDFE5A99}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{EB6F2D88-02C6-4344-8DD3-C374836B9365}" = protocol=6 | dir=in | app=c:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe |
    "{ECD22C23-098E-4F81-A2EA-34F8A3657800}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
    "{FDF20519-566B-4B76-94DD-CD54A0103DB9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{FF27AAC6-F5FC-4562-AB45-03885C86D0F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64
    "{158BEEC4-CC30-BF2F-248D-B52AF953E9C1}" = ATI Catalyst Install Manager
    "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
    "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
    "{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5CB648C9-78CC-D03E-65E4-B4AF6127CEFC}" = ccc-utility64
    "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
    "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
    "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7BF570D4-D060-165D-64AA-4C96DBC08671}" = AMD Media Foundation Decoders
    "{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64
    "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
    "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B305FB9-297D-4F86-BC8B-740E7A1EF200}" = AVG 2013
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
    "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
    "{AF162E20-417F-4946-A06D-65734984957F}" = Intel(R) PROSet/Wireless WiFi Software
    "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
    "{BB0CAB96-2EDE-4DDF-B6F3-AEE02C0F1CA4}" = AVG 2013
    "{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
    "{C5D9F032-E965-426E-93B7-E0CF273036A3}" = AuthenTec TrueSuite
    "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
    "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
    "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "AVG" = AVG 2013
    "EPSON SX420W Series" = EPSON SX420W Series Printer Uninstall
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "PDF-XChange 3_is1" = PDF-XChange 3
    "ProInst" = Intel PROSet Wireless

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
    "{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
    "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
    "{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
    "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
    "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
    "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
    "{06676957-7563-8D90-1212-6B58F8B724D9}" = CCC Help Spanish
    "{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{13EC74A6-4707-4D26-B9B9-E173403F3B08}" = Quick Web Access
    "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
    "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
    "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{223767A9-2A17-8F5D-A08A-BE720E51C2D6}" = CCC Help Norwegian
    "{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2FFD2FF0-8D1F-7CF0-B389-C2FE3B0BD745}" = CCC Help Czech
    "{31ABC808-794B-4710-B3E4-85F77784882E}" = VAIO Hardware Diagnostics
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
    "{3705D53F-BB01-4BEE-8585-289E71CAC4B4}" = Компаньон Messenger
    "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
    "{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
    "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
    "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
    "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
    "{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
    "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
    "{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{489D3997-0A51-54BD-591E-AD6A15EB8190}" = CCC Help English
    "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{52018CB0-FD4F-C746-C950-1F40B00BC0C5}" = CCC Help Greek
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{547F3077-EBD6-9D0A-4C9C-A729E5AD6A76}" = CCC Help Korean
    "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
    "{59312BC4-CA09-88A4-3CA2-A96FF21B4604}" = CCC Help Chinese Standard
    "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
    "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
    "{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
    "{6007FDAD-CBF0-4B15-6235-93F358273066}" = CCC Help Hungarian
    "{60E333E5-93AF-E75A-3A22-A10B0DD351BE}" = CCC Help German
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{662E4107-92BC-228F-3BEE-6140BDF17BD7}" = Catalyst Control Center InstallProxy
    "{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
    "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
    "{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
    "{70991E0A-1108-437E-BA7D-085702C670C0}" =
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
    "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
    "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
    "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
    "{7C9B54C7-7777-41E4-8508-E78A6CE3BCE5}" = Catalyst Control Center - Branding
    "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
    "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
    "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
    "{803E4FA5-A940-4420-B89D-A8BC2E160247}" =
    "{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
    "{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
    "{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
    "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
    "{862AE653-4E32-087E-BA55-C11B853D4DF6}" = CCC Help Thai
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8CF4B62E-2ED0-0950-FA54-A46D59A93636}" = Catalyst Control Center Localization All
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{930A4D1B-AA42-D8DC-08F1-27CB7F6F6A13}" = CCC Help Danish
    "{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
    "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
    "{94650E3B-CCD1-AE32-46A1-3890787B3488}" = CCC Help Polish
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
    "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
    "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" =
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
    "{ADFAD16F-D86E-D4E2-3E0A-A94F54544DE9}" = Catalyst Control Center Profiles Mobile
    "{AFE462CB-8D7D-1E68-1D3A-071E485CAF58}" = PX Profile Update
    "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
    "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
    "{B1482DE6-FF00-2968-0155-57A643DCA7CB}" = CCC Help Portuguese
    "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
    "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
    "{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
    "{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
    "{C0357E79-BAED-48F4-8AFE-A5E71AFC2658}" =
    "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
    "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
    "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
    "{C4040489-0C6A-6361-3270-CE574016BE0F}" = CCC Help Chinese Traditional
    "{C4BD6ECC-FF0E-5AAC-8CB3-EA92B20D77A3}" = CCC Help Japanese
    "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
    "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO Manual
    "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" =
    "{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4
    "{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
    "{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
    "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
    "{D2F6976A-1935-F625-ACB4-CBF5C067C746}" = CCC Help Italian
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
    "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
    "{E085406A-685B-481C-9459-7B9049150534}" = Mindjet MindManager 2012
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
    "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
    "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
    "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
    "{E8A943BA-C038-B562-92AE-7C5A99C972A0}" = CCC Help French
    "{EA441422-6D6A-6E91-A973-492BB9BFB0D6}" = Catalyst Control Center Graphics Previews Common
    "{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
    "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{EFBEE79D-E49D-9451-459E-F776AC857F99}" = PX Profile Update
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F21A6101-3E12-32AE-AB8D-51F11005B55B}" = CCC Help Swedish
    "{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
    "{F63FFE40-4F62-0F8C-5C97-7C66A2D7500A}" = CCC Help Turkish
    "{F69CE215-9CE8-48DB-6943-9003B6AE5142}" = Catalyst Control Center
    "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
    "{F8B48758-410A-4B09-A734-C5DEA282C7C9}" = VAIO Data Restore Tool
    "{F8DD58A9-2A6A-5004-8740-D4E50FBF726C}" = CCC Help Finnish
    "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
    "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
    "{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FED5269F-EAAA-5D64-AE23-3478C747A1F1}" = CCC Help Russian
    "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
    "{FF5B1EEA-8766-4D05-A985-08610A21A739}" = CCC Help Dutch
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
    "BitTorrent" = BitTorrent
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "CleanUp!" = CleanUp!
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "EPSON Scanner" = EPSON Scan
    "EPSON SX420W Series Manual" = EPSON SX420W Series Manual
    "EPSON SX420W Series Network Guide" = EPSON SX420W Series Network Guide
    "Google Chrome" = Google Chrome
    "ImTOO DVD Ripper Ultimate 6" = ImTOO DVD Ripper Ultimate 6
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Media Player - Codec Pack" = Media Player Codec Pack 4.2.4
    "Mozilla Firefox 16.0.2 (x86 en-GB)" = Mozilla Firefox 16.0.2 (x86 en-GB)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MWSnap 3" = MWSnap 3
    "PDF Password Remover v3.1_is1" = PDF Password Remover v3.1
    "PremElem90" = Adobe Premiere Elements 9
    "SmartDraw 2012" = SmartDraw 2012
    "splashtop" = Quick Web Access
    "VAIO Help and Support" =
    "VoipBuster_is1" = VoipBuster
    "Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 4.0 [64-Bit]
    "WinLiveSuite" = Windows Live Essentials
    "Wise Registry Cleaner_is1" = Wise Registry Cleaner 6.14

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2489319110-3914873036-576177692-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 5.1.0.880

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 20/11/2012 05:27:54 | Computer Name = Silver | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 20/11/2012 15:19:26 | Computer Name = Silver | Source = VMCService | ID = 0
    Description = conflictManagerTypeValue

    Error - 20/11/2012 16:25:00 | Computer Name = Silver | Source = VMCService | ID = 0
    Description = conflictManagerTypeValue

    Error - 20/11/2012 16:56:15 | Computer Name = Silver | Source = VMCService | ID = 0
    Description = conflictManagerTypeValue

    Error - 20/11/2012 16:57:12 | Computer Name = Silver | Source = System Restore | ID = 8210
    Description =

    Error - 20/11/2012 17:02:31 | Computer Name = Silver | Source = VMCService | ID = 0
    Description = conflictManagerTypeValue

    Error - 20/11/2012 17:03:56 | Computer Name = Silver | Source = VMCService | ID = 0
    Description = conflictManagerTypeValue

    Error - 20/11/2012 17:05:43 | Computer Name = Silver | Source = VMCService | ID = 0
    Description = conflictManagerTypeValue

    Error - 20/11/2012 17:14:05 | Computer Name = Silver | Source = Microsoft-Windows-CAPI2 | ID = 512
    Description = The Cryptographic Services service failed to initialize the VSS backup
    "System Writer" object. Details: Could not query the status of the EventSystem service.
    System
    Error: A system shutdown is in progress. .

    Error - 20/11/2012 17:15:09 | Computer Name = Silver | Source = VMCService | ID = 0
    Description = conflictManagerTypeValue

    [ System Events ]
    Error - 24/11/2012 16:47:20 | Computer Name = Silver | Source = DCOM | ID = 10010
    Description =

    Error - 24/11/2012 16:47:25 | Computer Name = Silver | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 24/11/2012 16:48:23 | Computer Name = Silver | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 24/11/2012 16:48:33 | Computer Name = Silver | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 24/11/2012 16:49:25 | Computer Name = Silver | Source = DCOM | ID = 10016
    Description =

    Error - 24/11/2012 17:05:38 | Computer Name = Silver | Source = DCOM | ID = 10010
    Description =

    Error - 24/11/2012 17:05:41 | Computer Name = Silver | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 24/11/2012 17:06:38 | Computer Name = Silver | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 24/11/2012 17:06:49 | Computer Name = Silver | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 24/11/2012 17:07:40 | Computer Name = Silver | Source = DCOM | ID = 10016
    Description =


    < End of report >
     
  9. LadyhawkeX

    LadyhawkeX TS Rookie Topic Starter Posts: 60

    OTL txt part 1

    OTL logfile created on: 24/11/2012 23:09:56 - Run 1

    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cecilia\Desktop

    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

    Internet Explorer (Version = 9.0.8112.16421)

    Locale: 00000809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy



    3.92 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 32.90% Memory free

    7.83 Gb Paging File | 5.27 Gb Available in Paging File | 67.28% Paging File free

    Paging file location(s): ?:\pagefile.sys [binary data]



    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

    Drive C: | 451.33 Gb Total Space | 249.45 Gb Free Space | 55.27% Space Free | Partition Type: NTFS



    Computer Name: SILVER | User Name: Cecilia | Logged in as Administrator.

    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days



    ========== Processes (SafeList) ==========



    PRC - [2012/11/24 20:57:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cecilia\Desktop\OTL.exe

    PRC - [2012/11/24 20:45:29 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

    PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe

    PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

    PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

    PRC - [2012/10/09 20:06:37 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe

    PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

    PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

    PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

    PRC - [2012/09/11 17:04:38 | 023,069,600 | ---- | M] (VoipBuster) -- C:\Program Files (x86)\VoipBuster.com\VoipBuster\voipbuster.exe

    PRC - [2012/07/27 20:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    PRC - [2011/11/10 12:17:16 | 000,038,248 | ---- | M] (Mindjet) -- C:\Program Files (x86)\Mindjet\MindManager 10\MmReminderService.exe

    PRC - [2011/11/03 16:20:58 | 000,803,144 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe

    PRC - [2011/02/14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe

    PRC - [2011/01/29 05:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe

    PRC - [2011/01/05 06:11:44 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

    PRC - [2011/01/05 06:10:33 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

    PRC - [2010/12/23 15:24:52 | 000,206,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

    PRC - [2010/12/23 15:24:52 | 000,095,632 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

    PRC - [2010/12/13 02:41:14 | 000,308,040 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe

    PRC - [2010/11/17 17:30:12 | 000,673,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

    PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

    PRC - [2010/11/05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

    PRC - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

    PRC - [2009/12/03 09:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

    PRC - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

    PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe





    ========== Modules (No Company Name) ==========



    MOD - [2012/11/23 17:12:42 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3343dd79a8a8fc1befde1635a3532e0c\IAStorCommon.ni.dll

    MOD - [2012/11/23 17:12:41 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\df85a94db4f59fa483bce708f4a54643\IAStorUtil.ni.dll

    MOD - [2012/11/22 22:40:33 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll

    MOD - [2012/11/22 22:40:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll

    MOD - [2012/11/22 22:39:56 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll

    MOD - [2012/11/22 22:39:44 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll

    MOD - [2012/11/22 22:39:39 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll

    MOD - [2012/11/22 22:39:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll

    MOD - [2012/11/22 22:39:36 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll

    MOD - [2012/11/22 22:39:29 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll

    MOD - [2011/11/10 12:16:32 | 000,151,376 | ---- | M] () -- C:\Program Files (x86)\Mindjet\MindManager 10\zlib.dll

    MOD - [2011/11/03 16:21:06 | 000,350,024 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madExcept_.bpl

    MOD - [2011/11/03 16:21:06 | 000,184,136 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madBasic_.bpl

    MOD - [2011/11/03 16:21:06 | 000,050,504 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madDisAsm_.bpl

    MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

    MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll





    ========== Services (SafeList) ==========



    SRV:64bit: - [2012/01/13 09:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)

    SRV:64bit: - [2011/12/22 06:54:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

    SRV:64bit: - [2011/02/14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)

    SRV:64bit: - [2011/01/29 05:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)

    SRV:64bit: - [2010/12/13 02:40:44 | 000,290,632 | ---- | M] (AuthenTec, Inc) [Auto | Running] -- C:\Program Files\TrueSuite\TrueSuite.Service.exe -- (FPLService)

    SRV:64bit: - [2010/12/09 15:26:26 | 000,923,024 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)

    SRV:64bit: - [2010/12/06 08:14:50 | 000,584,080 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)

    SRV:64bit: - [2010/11/02 12:49:46 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

    SRV:64bit: - [2010/11/02 12:39:08 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

    SRV:64bit: - [2010/11/02 12:34:14 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

    SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

    SRV:64bit: - [2010/07/29 18:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

    SRV:64bit: - [2009/09/14 04:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)

    SRV:64bit: - [2009/09/14 04:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)

    SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

    SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

    SRV - [2012/11/24 20:45:29 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)

    SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)

    SRV - [2012/10/30 12:40:03 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

    SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)

    SRV - [2012/10/10 19:06:38 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

    SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

    SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

    SRV - [2012/07/27 20:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

    SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

    SRV - [2011/12/07 06:38:10 | 002,429,544 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)

    SRV - [2011/01/05 06:11:44 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)

    SRV - [2011/01/05 06:10:33 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)

    SRV - [2010/12/23 15:24:52 | 000,095,632 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)

    SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

    SRV - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)

    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

    SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

    SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

    SRV - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)

    SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)





    ========== Driver Services (SafeList) ==========



    DRV:64bit: - [2012/11/24 20:45:30 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)

    DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)

    DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)

    DRV:64bit: - [2012/10/05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)

    DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)

    DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

    DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)

    DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)

    DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)

    DRV:64bit: - [2012/05/25 01:01:44 | 012,312,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)

    DRV:64bit: - [2012/05/25 01:01:44 | 012,312,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

    DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

    DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

    DRV:64bit: - [2012/01/03 02:21:44 | 000,340,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)

    DRV:64bit: - [2011/12/22 07:30:24 | 009,360,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

    DRV:64bit: - [2011/12/22 06:12:40 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

    DRV:64bit: - [2011/08/23 09:12:56 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

    DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

    DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

    DRV:64bit: - [2011/01/30 01:19:52 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

    DRV:64bit: - [2011/01/05 06:10:11 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

    DRV:64bit: - [2010/12/10 09:57:42 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

    DRV:64bit: - [2010/12/10 08:57:42 | 000,894,240 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)

    DRV:64bit: - [2010/12/06 20:38:55 | 000,316,024 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)

    DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

    DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

    DRV:64bit: - [2010/11/20 09:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

    DRV:64bit: - [2010/11/09 02:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)

    DRV:64bit: - [2010/11/03 22:35:22 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

    DRV:64bit: - [2010/11/03 22:35:21 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)

    DRV:64bit: - [2010/11/03 22:35:21 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

    DRV:64bit: - [2010/11/03 22:35:21 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

    DRV:64bit: - [2010/11/03 22:34:50 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

    DRV:64bit: - [2010/11/01 20:09:19 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

    DRV:64bit: - [2010/11/01 20:09:19 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

    DRV:64bit: - [2010/04/26 20:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)

    DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

    DRV:64bit: - [2009/11/04 15:59:36 | 000,133,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)

    DRV:64bit: - [2009/11/04 15:59:36 | 000,117,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)

    DRV:64bit: - [2009/11/04 15:59:36 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)

    DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

    DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

    DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

    DRV:64bit: - [2009/07/14 00:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

    DRV:64bit: - [2009/07/14 00:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)

    DRV:64bit: - [2009/07/13 23:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

    DRV:64bit: - [2009/06/10 21:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

    DRV:64bit: - [2009/06/10 21:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

    DRV:64bit: - [2009/06/10 21:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

    DRV:64bit: - [2009/06/10 20:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)

    DRV:64bit: - [2009/06/10 20:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)

    DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

    DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

    DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

    DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

    DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)





    ========== Standard Registry (SafeList) ==========





    ========== Internet Explorer ==========



    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    IE - HKLM\..\SearchScopes,DefaultScope =

    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}





    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =



    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =



    IE - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

    IE - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\..\SearchScopes,DefaultScope = {4559CED3-E780-48B7-AE5E-1B80895996BF}

    IE - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\..\SearchScopes\{4559CED3-E780-48B7-AE5E-1B80895996BF}: "URL" = http://services.zinio.com/search?s={searchTerms}&rf=sonyslices

    IE - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7SVEF_enIE459

    IE - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...9c6951c95e9&lang=en&ds=AVG&pr=pr&d=2012-11-24 20:45:36&v=13.2.0.4&sap=dsp&q={searchTerms}

    IE - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}

    IE - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\..\SearchScopes\{B3A3F390-208B-479D-9D0E-0BEC026626E1}: "URL" = http://rover.ebay.com/rover/1//4?satitle={searchTerms}

    IE - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local



    ========== FireFox ==========



    FF - prefs.js..browser.startup.homepage: "http://www.google.ie/"

    FF - user.js - File not found



    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/30 12:40:03 | 000,000,000 | ---D | M]

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins



    [2012/08/12 15:03:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cecilia\AppData\Roaming\Mozilla\Extensions

    [2012/11/24 21:04:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\extensions

    [2012/10/09 20:11:25 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\extensions\OneClickDownload@OneClickDownload.com

    [2012/08/12 15:29:59 | 000,005,138 | ---- | M] () (No name found) -- C:\Users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\c0qdt302.default\extensions\5027cbc9e6cca@5027cbc9e6d03.info.xpi

    [2012/10/30 12:40:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

    [2012/10/30 12:40:00 | 000,000,000 | ---D | M] (TrueSuite Website Log On) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com

    [2012/10/30 12:40:01 | 000,000,000 | ---D | M] (TrueSuite WebStore) -- C:\Program Files (x86)\Mozilla Firefox\extensions\webstore@truesuite.com

    File not found (No name found) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\13.2.0.4

    File not found (No name found) -- C:\USERS\CECILIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C0QDT302.DEFAULT\EXTENSIONS\FFXTLBR@INCREDIBAR.COM

    File not found (No name found) -- C:\USERS\CECILIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C0QDT302.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM

    [2012/10/30 12:40:03 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

    [2012/06/28 16:38:51 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml

    [2012/08/31 20:49:38 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

    [2012/06/28 16:38:51 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml

    [2012/06/28 16:38:51 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml

    [2012/10/17 13:35:08 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    [2012/06/28 16:38:51 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml



    ========== Chrome ==========



    CHR - homepage: http://www.google.com/

    CHR - homepage: http://www.google.com/



    O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

    O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

    O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll (AuthenTec Inc.)

    O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

    O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)

    O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll (AuthenTec Inc.)

    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll File not found

    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found

    O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found

    O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll File not found

    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found

    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
     
  10. LadyhawkeX

    LadyhawkeX TS Rookie Topic Starter Posts: 60

    Part 2


    O4:64bit: - HKLM..\Run: [ClientAppLogon] C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe (AuthenTec, Inc.)

    O4:64bit: - HKLM..\Run: [ClientAppLogon32] C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe (AuthenTec, Inc.)

    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

    O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

    O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)

    O4 - HKLM..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 10\MmReminderService.exe (Mindjet)

    O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found

    O4 - HKLM..\Run: [VAIO Boot Manager] C:\Program Files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe (Sony Corporation)

    O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found

    O4 - HKU\S-1-5-21-2489319110-3914873036-576177692-1001..\Run: [EPSON14FFC7 (Epson Stylus SX420W)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Users\Cecilia\AppData\Local\Temp\E_S7483.tmp" /EF "HKCU" File not found

    O4 - HKU\S-1-5-21-2489319110-3914873036-576177692-1001..\Run: [VoipBuster] C:\Program Files (x86)\VoipBuster.com\VoipBuster\voipbuster.exe (VoipBuster)

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

    O7 - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found

    O8:64bit: - Extra context menu item: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)

    O8:64bit: - Extra context menu item: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)

    O8:64bit: - Extra context menu item: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)

    O8:64bit: - Extra context menu item: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)

    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found

    O8 - Extra context menu item: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)

    O8 - Extra context menu item: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)

    O8 - Extra context menu item: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)

    O8 - Extra context menu item: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)

    O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)

    O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)

    O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)

    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

    O13 - gopher Prefix: missing

    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A37695B-FB06-49EA-8D47-825699C92FB7}: DhcpNameServer = 89.19.64.164 89.19.64.36

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94D4E75C-BEEE-4126-8BF7-C538965B9200}: DhcpNameServer = 192.168.15.1

    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

    O18:64bit: - Protocol\Handler\livecall - No CLSID value found

    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

    O18:64bit: - Protocol\Handler\msnim - No CLSID value found

    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

    O18 - Protocol\Handler\gopher - No CLSID value found

    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

    O32 - HKLM CDRom: AutoRun - 1

    O34 - HKLM BootExecute: (autocheck autochk *)

    O35:64bit: - HKLM\..comfile [open] -- "%1" %*

    O35:64bit: - HKLM\..exefile [open] -- "%1" %*

    O35 - HKLM\..comfile [open] -- "%1" %*

    O35 - HKLM\..exefile [open] -- "%1" %*

    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

    O37 - HKLM\...com [@ = ComFile] -- "%1" %*

    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)



    ========== Files/Folders - Created Within 30 Days ==========



    [2012/11/24 20:57:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Cecilia\Desktop\OTL.exe

    [2012/11/24 20:47:13 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Roaming\AVG2013

    [2012/11/24 20:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

    [2012/11/24 20:45:35 | 000,030,568 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys

    [2012/11/24 20:45:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search

    [2012/11/24 20:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013

    [2012/11/24 20:32:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

    [2012/11/24 20:30:00 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Local\MFAData

    [2012/11/24 20:30:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

    [2012/11/24 20:30:00 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Local\Avg2013

    [2012/11/24 18:34:20 | 004,411,440 | ---- | C] (AVG Technologies) -- C:\Users\Cecilia\Desktop\avg_avct_stb_all_2013_2667_cm10.exe

    [2012/11/24 18:14:08 | 000,000,000 | ---D | C] -- C:\Windows\temp

    [2012/11/24 18:03:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

    [2012/11/24 18:03:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

    [2012/11/24 18:03:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

    [2012/11/24 18:03:15 | 000,000,000 | ---D | C] -- C:\Qoobox

    [2012/11/24 18:02:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

    [2012/11/24 17:47:28 | 003,222,280 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Cecilia\Desktop\avg_remover_stf_x64_2013_2706.exe

    [2012/11/24 16:44:52 | 005,006,466 | R--- | C] (Swearware) -- C:\Users\Cecilia\Desktop\ComboFix.exe

    [2012/11/22 18:54:27 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Cecilia\Desktop\dds.com

    [2012/11/22 17:16:38 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Cecilia\Desktop\aswMBR.exe

    [2012/11/21 17:45:51 | 000,000,000 | ---D | C] -- C:\FRST

    [2012/11/21 14:10:46 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\Desktop\MW problem

    [2012/11/21 08:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

    [2012/11/21 08:57:23 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

    [2012/11/20 19:17:34 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Roaming\Malwarebytes

    [2012/11/20 19:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

    [2012/11/20 19:17:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

    [2012/11/20 18:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mega Codec Pack

    [2012/11/20 18:05:17 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Roaming\Media Player Classic

    [2012/11/20 12:13:57 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\Desktop\NEO exp 2011 & 2012

    [2012/11/15 12:13:52 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\Documents\Exp Neo

    [2012/11/13 21:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Essentials Codec Pack

    [2012/11/13 21:03:12 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Essentials Codec Pack

    [2012/11/13 21:03:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Essentials Codec Pack

    [2012/11/13 21:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack

    [2012/11/13 21:01:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\C2MP

    [2012/11/13 20:55:34 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Local\{0BAEF352-9A02-44CE-A574-DD55AF3C863A}

    [2012/11/11 13:34:54 | 001,497,768 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysNative\LAVVideo.ax

    [2012/11/11 13:34:54 | 000,503,464 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysNative\LAVSplitter.ax

    [2012/11/11 13:34:54 | 000,274,600 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysNative\LAVAudio.ax

    [2012/11/11 13:32:34 | 001,172,648 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysWow64\LAVVideo.ax

    [2012/11/11 13:32:34 | 000,413,864 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysWow64\LAVSplitter.ax

    [2012/11/11 13:32:34 | 000,241,832 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysWow64\LAVAudio.ax

    [2012/11/08 13:05:25 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\Documents\AGV

    [2012/11/08 12:45:15 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Roaming\TuneUp Software

    [2012/11/08 12:01:08 | 004,418,888 | ---- | C] (AVG Technologies) -- C:\Users\Cecilia\Documents\avg_avc_stb_all_2013_2742.exe

    [2012/10/30 12:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

    [2012/10/30 11:34:04 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\Desktop\Today

    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]



    ========== Files - Modified Within 30 Days ==========



    [2012/11/24 23:06:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

    [2012/11/24 23:05:03 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

    [2012/11/24 21:14:03 | 000,013,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

    [2012/11/24 21:14:03 | 000,013,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

    [2012/11/24 21:11:08 | 000,730,512 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

    [2012/11/24 21:11:08 | 000,631,778 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

    [2012/11/24 21:11:08 | 000,111,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

    [2012/11/24 21:07:09 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

    [2012/11/24 21:07:03 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job

    [2012/11/24 21:06:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

    [2012/11/24 21:06:29 | 3155,054,592 | -HS- | M] () -- C:\hiberfil.sys

    [2012/11/24 20:57:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cecilia\Desktop\OTL.exe

    [2012/11/24 20:45:41 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk

    [2012/11/24 20:45:30 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys

    [2012/11/24 18:35:24 | 004,411,440 | ---- | M] (AVG Technologies) -- C:\Users\Cecilia\Desktop\avg_avct_stb_all_2013_2667_cm10.exe

    [2012/11/24 17:47:29 | 003,222,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Cecilia\Desktop\avg_remover_stf_x64_2013_2706.exe

    [2012/11/24 17:25:53 | 000,000,009 | ---- | M] () -- C:\END

    [2012/11/24 16:48:37 | 015,122,608 | ---- | M] () -- C:\Users\Cecilia\Desktop\AppRemover.exe

    [2012/11/24 16:45:18 | 005,006,466 | R--- | M] (Swearware) -- C:\Users\Cecilia\Desktop\ComboFix.exe

    [2012/11/23 16:34:51 | 000,444,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

    [2012/11/22 20:33:34 | 000,750,080 | ---- | M] () -- C:\Users\Cecilia\Desktop\RogueKiller.exe

    [2012/11/22 18:54:27 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Cecilia\Desktop\dds.com

    [2012/11/22 17:17:38 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Cecilia\Desktop\aswMBR.exe

    [2012/11/21 15:04:45 | 000,172,110 | ---- | M] () -- C:\Users\Cecilia\Desktop\JFN CV-1112 (OverviewMC).pdf

    [2012/11/21 10:41:46 | 000,001,133 | ---- | M] () -- C:\Users\Cecilia\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk

    [2012/11/21 08:57:25 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

    [2012/11/21 08:51:57 | 000,001,284 | ---- | M] () -- C:\Users\Cecilia\Desktop\mbam-setup-1.65.1.1000.exe - Shortcut.lnk

    [2012/11/20 11:07:46 | 000,000,868 | ---- | M] () -- C:\Users\Cecilia\Documents\ChatLog Various FAST and TIP meetings _DO NOT DELETE THIS MEETING_ 2012_11_20 11_07.rtf

    [2012/11/13 21:03:19 | 000,001,188 | ---- | M] () -- C:\Users\Cecilia\Desktop\Media Player Classic.lnk

    [2012/11/11 20:57:30 | 000,039,904 | ---- | M] () -- C:\Windows\SysWow64\dischandler.exe

    [2012/11/11 17:46:06 | 004,012,544 | ---- | M] () -- C:\Windows\SysNative\ffmpeg.dll

    [2012/11/11 17:45:22 | 000,474,624 | ---- | M] () -- C:\Windows\SysNative\ff_kernelDeint.dll

    [2012/11/11 17:45:12 | 000,127,488 | ---- | M] () -- C:\Windows\SysNative\ff_vfw.dll

    [2012/11/11 17:45:08 | 004,376,576 | ---- | M] () -- C:\Windows\SysNative\ffdshow.ax

    [2012/11/11 17:45:04 | 000,156,672 | ---- | M] () -- C:\Windows\SysNative\ff_libmad.dll

    [2012/11/11 17:44:38 | 000,631,296 | ---- | M] () -- C:\Windows\SysNative\TomsMoComp_ff.dll

    [2012/11/11 17:44:12 | 000,114,688 | ---- | M] () -- C:\Windows\SysNative\ff_wmv9.dll

    [2012/11/11 17:44:08 | 001,532,928 | ---- | M] () -- C:\Windows\SysNative\ff_samplerate.dll

    [2012/11/11 17:44:08 | 000,223,232 | ---- | M] () -- C:\Windows\SysNative\ff_libdts.dll

    [2012/11/11 17:44:08 | 000,183,296 | ---- | M] () -- C:\Windows\SysNative\ff_unrar.dll

    [2012/11/11 17:44:08 | 000,116,224 | ---- | M] () -- C:\Windows\SysNative\ff_liba52.dll

    [2012/11/11 17:42:32 | 003,915,776 | ---- | M] () -- C:\Windows\SysWow64\ffmpeg.dll

    [2012/11/11 17:41:46 | 000,112,640 | ---- | M] () -- C:\Windows\SysWow64\ff_vfw.dll

    [2012/11/11 17:41:40 | 003,504,128 | ---- | M] () -- C:\Windows\SysWow64\ffdshow.ax

    [2012/11/11 17:41:14 | 000,271,360 | ---- | M] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll

    [2012/11/11 17:40:50 | 000,157,184 | ---- | M] () -- C:\Windows\SysWow64\ff_unrar.dll

    [2012/11/11 17:40:50 | 000,099,840 | ---- | M] () -- C:\Windows\SysWow64\ff_wmv9.dll

    [2012/11/11 17:40:48 | 001,525,760 | ---- | M] () -- C:\Windows\SysWow64\ff_samplerate.dll

    [2012/11/11 17:40:48 | 000,211,968 | ---- | M] () -- C:\Windows\SysWow64\ff_libdts.dll

    [2012/11/11 17:40:48 | 000,147,456 | ---- | M] () -- C:\Windows\SysWow64\ff_libmad.dll

    [2012/11/11 17:40:48 | 000,114,688 | ---- | M] () -- C:\Windows\SysWow64\ff_liba52.dll

    [2012/11/11 13:34:54 | 001,497,768 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysNative\LAVVideo.ax

    [2012/11/11 13:34:54 | 000,503,464 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysNative\LAVSplitter.ax

    [2012/11/11 13:34:54 | 000,405,200 | ---- | M] () -- C:\Windows\SysNative\swscale-lav-2.dll

    [2012/11/11 13:34:54 | 000,274,600 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysNative\LAVAudio.ax

    [2012/11/11 13:34:54 | 000,252,792 | ---- | M] () -- C:\Windows\SysNative\avutil-lav-52.dll

    [2012/11/11 13:34:54 | 000,215,720 | ---- | M] () -- C:\Windows\SysNative\libbluray.dll

    [2012/11/11 13:34:54 | 000,178,472 | ---- | M] () -- C:\Windows\SysNative\avresample-lav-1.dll

    [2012/11/11 13:34:52 | 008,000,584 | ---- | M] () -- C:\Windows\SysNative\avcodec-lav-54.dll

    [2012/11/11 13:34:52 | 001,137,384 | ---- | M] () -- C:\Windows\SysNative\avformat-lav-54.dll

    [2012/11/11 13:34:52 | 000,181,568 | ---- | M] () -- C:\Windows\SysNative\avfilter-lav-3.dll

    [2012/11/11 13:32:34 | 007,870,928 | ---- | M] () -- C:\Windows\SysWow64\avcodec-lav-54.dll

    [2012/11/11 13:32:34 | 001,182,696 | ---- | M] () -- C:\Windows\SysWow64\avformat-lav-54.dll

    [2012/11/11 13:32:34 | 001,172,648 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysWow64\LAVVideo.ax

    [2012/11/11 13:32:34 | 000,413,864 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysWow64\LAVSplitter.ax

    [2012/11/11 13:32:34 | 000,382,120 | ---- | M] () -- C:\Windows\SysWow64\swscale-lav-2.dll

    [2012/11/11 13:32:34 | 000,241,832 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysWow64\LAVAudio.ax

    [2012/11/11 13:32:34 | 000,238,528 | ---- | M] () -- C:\Windows\SysWow64\avutil-lav-52.dll

    [2012/11/11 13:32:34 | 000,183,976 | ---- | M] () -- C:\Windows\SysWow64\libbluray.dll

    [2012/11/11 13:32:34 | 000,167,728 | ---- | M] () -- C:\Windows\SysWow64\avfilter-lav-3.dll

    [2012/11/11 13:32:34 | 000,158,096 | ---- | M] () -- C:\Windows\SysWow64\avresample-lav-1.dll

    [2012/11/09 15:46:47 | 000,040,727 | ---- | M] () -- C:\test.xml

    [2012/11/08 12:01:08 | 004,418,888 | ---- | M] (AVG Technologies) -- C:\Users\Cecilia\Documents\avg_avc_stb_all_2013_2742.exe
     
  11. LadyhawkeX

    LadyhawkeX TS Rookie Topic Starter Posts: 60

    Part 3

    [2012/11/06 11:01:11 | 000,000,660 | ---- | M] () -- C:\Users\Cecilia\Documents\ChatLog Various FAST and TIP meetings _DO NOT DELETE THIS MEETING_ 2012_11_06 11_01.rtf

    [2012/10/30 17:42: O4:64bit: - HKLM..\Run: [ClientAppLogon] C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe (AuthenTec, Inc.)

    O4:64bit: - HKLM..\Run: [ClientAppLogon32] C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe (AuthenTec, Inc.)

    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

    O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

    O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)

    O4 - HKLM..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 10\MmReminderService.exe (Mindjet)

    O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found

    O4 - HKLM..\Run: [VAIO Boot Manager] C:\Program Files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe (Sony Corporation)

    O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found

    O4 - HKU\S-1-5-21-2489319110-3914873036-576177692-1001..\Run: [EPSON14FFC7 (Epson Stylus SX420W)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Users\Cecilia\AppData\Local\Temp\E_S7483.tmp" /EF "HKCU" File not found

    O4 - HKU\S-1-5-21-2489319110-3914873036-576177692-1001..\Run: [VoipBuster] C:\Program Files (x86)\VoipBuster.com\VoipBuster\voipbuster.exe (VoipBuster)

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

    O7 - HKU\S-1-5-21-2489319110-3914873036-576177692-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found

    O8:64bit: - Extra context menu item: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)

    O8:64bit: - Extra context menu item: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)

    O8:64bit: - Extra context menu item: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)

    O8:64bit: - Extra context menu item: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)

    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found

    O8 - Extra context menu item: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)

    O8 - Extra context menu item: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)

    O8 - Extra context menu item: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)

    O8 - Extra context menu item: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)

    O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)

    O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)

    O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)

    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

    O13 - gopher Prefix: missing

    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A37695B-FB06-49EA-8D47-825699C92FB7}: DhcpNameServer = 89.19.64.164 89.19.64.36

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94D4E75C-BEEE-4126-8BF7-C538965B9200}: DhcpNameServer = 192.168.15.1

    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

    O18:64bit: - Protocol\Handler\livecall - No CLSID value found

    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

    O18:64bit: - Protocol\Handler\msnim - No CLSID value found

    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

    O18 - Protocol\Handler\gopher - No CLSID value found

    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

    O32 - HKLM CDRom: AutoRun - 1

    O34 - HKLM BootExecute: (autocheck autochk *)

    O35:64bit: - HKLM\..comfile [open] -- "%1" %*

    O35:64bit: - HKLM\..exefile [open] -- "%1" %*

    O35 - HKLM\..comfile [open] -- "%1" %*

    O35 - HKLM\..exefile [open] -- "%1" %*

    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

    O37 - HKLM\...com [@ = ComFile] -- "%1" %*

    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)



    ========== Files/Folders - Created Within 30 Days ==========



    [2012/11/24 20:57:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Cecilia\Desktop\OTL.exe

    [2012/11/24 20:47:13 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Roaming\AVG2013

    [2012/11/24 20:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

    [2012/11/24 20:45:35 | 000,030,568 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys

    [2012/11/24 20:45:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search

    [2012/11/24 20:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013

    [2012/11/24 20:32:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

    [2012/11/24 20:30:00 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Local\MFAData

    [2012/11/24 20:30:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

    [2012/11/24 20:30:00 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Local\Avg2013

    [2012/11/24 18:34:20 | 004,411,440 | ---- | C] (AVG Technologies) -- C:\Users\Cecilia\Desktop\avg_avct_stb_all_2013_2667_cm10.exe

    [2012/11/24 18:14:08 | 000,000,000 | ---D | C] -- C:\Windows\temp

    [2012/11/24 18:03:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

    [2012/11/24 18:03:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

    [2012/11/24 18:03:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

    [2012/11/24 18:03:15 | 000,000,000 | ---D | C] -- C:\Qoobox

    [2012/11/24 18:02:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

    [2012/11/24 17:47:28 | 003,222,280 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Cecilia\Desktop\avg_remover_stf_x64_2013_2706.exe

    [2012/11/24 16:44:52 | 005,006,466 | R--- | C] (Swearware) -- C:\Users\Cecilia\Desktop\ComboFix.exe

    [2012/11/22 18:54:27 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Cecilia\Desktop\dds.com

    [2012/11/22 17:16:38 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Cecilia\Desktop\aswMBR.exe

    [2012/11/21 17:45:51 | 000,000,000 | ---D | C] -- C:\FRST

    [2012/11/21 14:10:46 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\Desktop\MW problem

    [2012/11/21 08:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

    [2012/11/21 08:57:23 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

    [2012/11/20 19:17:34 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Roaming\Malwarebytes

    [2012/11/20 19:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

    [2012/11/20 19:17:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

    [2012/11/20 18:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mega Codec Pack

    [2012/11/20 18:05:17 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Roaming\Media Player Classic

    [2012/11/20 12:13:57 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\Desktop\NEO exp 2011 & 2012

    [2012/11/15 12:13:52 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\Documents\Exp Neo

    [2012/11/13 21:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Essentials Codec Pack

    [2012/11/13 21:03:12 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Essentials Codec Pack

    [2012/11/13 21:03:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Essentials Codec Pack

    [2012/11/13 21:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack

    [2012/11/13 21:01:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\C2MP

    [2012/11/13 20:55:34 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Local\{0BAEF352-9A02-44CE-A574-DD55AF3C863A}

    [2012/11/11 13:34:54 | 001,497,768 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysNative\LAVVideo.ax

    [2012/11/11 13:34:54 | 000,503,464 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysNative\LAVSplitter.ax

    [2012/11/11 13:34:54 | 000,274,600 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysNative\LAVAudio.ax

    [2012/11/11 13:32:34 | 001,172,648 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysWow64\LAVVideo.ax

    [2012/11/11 13:32:34 | 000,413,864 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysWow64\LAVSplitter.ax

    [2012/11/11 13:32:34 | 000,241,832 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysWow64\LAVAudio.ax

    [2012/11/08 13:05:25 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\Documents\AGV

    [2012/11/08 12:45:15 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\AppData\Roaming\TuneUp Software

    [2012/11/08 12:01:08 | 004,418,888 | ---- | C] (AVG Technologies) -- C:\Users\Cecilia\Documents\avg_avc_stb_all_2013_2742.exe

    [2012/10/30 12:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

    [2012/10/30 11:34:04 | 000,000,000 | ---D | C] -- C:\Users\Cecilia\Desktop\Today

    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]



    ========== Files - Modified Within 30 Days ==========



    [2012/11/24 23:06:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

    [2012/11/24 23:05:03 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

    [2012/11/24 21:14:03 | 000,013,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

    [2012/11/24 21:14:03 | 000,013,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

    [2012/11/24 21:11:08 | 000,730,512 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

    [2012/11/24 21:11:08 | 000,631,778 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

    [2012/11/24 21:11:08 | 000,111,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

    [2012/11/24 21:07:09 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

    [2012/11/24 21:07:03 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job

    [2012/11/24 21:06:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

    [2012/11/24 21:06:29 | 3155,054,592 | -HS- | M] () -- C:\hiberfil.sys

    [2012/11/24 20:57:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cecilia\Desktop\OTL.exe

    [2012/11/24 20:45:41 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk

    [2012/11/24 20:45:30 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys

    [2012/11/24 18:35:24 | 004,411,440 | ---- | M] (AVG Technologies) -- C:\Users\Cecilia\Desktop\avg_avct_stb_all_2013_2667_cm10.exe

    [2012/11/24 17:47:29 | 003,222,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Cecilia\Desktop\avg_remover_stf_x64_2013_2706.exe

    [2012/11/24 17:25:53 | 000,000,009 | ---- | M] () -- C:\END

    [2012/11/24 16:48:37 | 015,122,608 | ---- | M] () -- C:\Users\Cecilia\Desktop\AppRemover.exe

    [2012/11/24 16:45:18 | 005,006,466 | R--- | M] (Swearware) -- C:\Users\Cecilia\Desktop\ComboFix.exe

    [2012/11/23 16:34:51 | 000,444,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

    [2012/11/22 20:33:34 | 000,750,080 | ---- | M] () -- C:\Users\Cecilia\Desktop\RogueKiller.exe

    [2012/11/22 18:54:27 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Cecilia\Desktop\dds.com

    [2012/11/22 17:17:38 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Cecilia\Desktop\aswMBR.exe

    [2012/11/21 15:04:45 | 000,172,110 | ---- | M] () -- C:\Users\Cecilia\Desktop\JFN CV-1112 (OverviewMC).pdf

    [2012/11/21 10:41:46 | 000,001,133 | ---- | M] () -- C:\Users\Cecilia\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk

    [2012/11/21 08:57:25 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

    [2012/11/21 08:51:57 | 000,001,284 | ---- | M] () -- C:\Users\Cecilia\Desktop\mbam-setup-1.65.1.1000.exe - Shortcut.lnk

    [2012/11/20 11:07:46 | 000,000,868 | ---- | M] () -- C:\Users\Cecilia\Documents\ChatLog Various FAST and TIP meetings _DO NOT DELETE THIS MEETING_ 2012_11_20 11_07.rtf

    [2012/11/13 21:03:19 | 000,001,188 | ---- | M] () -- C:\Users\Cecilia\Desktop\Media Player Classic.lnk

    [2012/11/11 20:57:30 | 000,039,904 | ---- | M] () -- C:\Windows\SysWow64\dischandler.exe

    [2012/11/11 17:46:06 | 004,012,544 | ---- | M] () -- C:\Windows\SysNative\ffmpeg.dll
     
     
  12. LadyhawkeX

    LadyhawkeX TS Rookie Topic Starter Posts: 60

    Part 4


    [2012/11/11 17:45:22 | 000,474,624 | ---- | M] () -- C:\Windows\SysNative\ff_kernelDeint.dll

    [2012/11/11 17:45:12 | 000,127,488 | ---- | M] () -- C:\Windows\SysNative\ff_vfw.dll

    [2012/11/11 17:45:08 | 004,376,576 | ---- | M] () -- C:\Windows\SysNative\ffdshow.ax

    [2012/11/11 17:45:04 | 000,156,672 | ---- | M] () -- C:\Windows\SysNative\ff_libmad.dll

    [2012/11/11 17:44:38 | 000,631,296 | ---- | M] () -- C:\Windows\SysNative\TomsMoComp_ff.dll

    [2012/11/11 17:44:12 | 000,114,688 | ---- | M] () -- C:\Windows\SysNative\ff_wmv9.dll

    [2012/11/11 17:44:08 | 001,532,928 | ---- | M] () -- C:\Windows\SysNative\ff_samplerate.dll

    [2012/11/11 17:44:08 | 000,223,232 | ---- | M] () -- C:\Windows\SysNative\ff_libdts.dll

    [2012/11/11 17:44:08 | 000,183,296 | ---- | M] () -- C:\Windows\SysNative\ff_unrar.dll

    [2012/11/11 17:44:08 | 000,116,224 | ---- | M] () -- C:\Windows\SysNative\ff_liba52.dll

    [2012/11/11 17:42:32 | 003,915,776 | ---- | M] () -- C:\Windows\SysWow64\ffmpeg.dll

    [2012/11/11 17:41:46 | 000,112,640 | ---- | M] () -- C:\Windows\SysWow64\ff_vfw.dll

    [2012/11/11 17:41:40 | 003,504,128 | ---- | M] () -- C:\Windows\SysWow64\ffdshow.ax

    [2012/11/11 17:41:14 | 000,271,360 | ---- | M] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll

    [2012/11/11 17:40:50 | 000,157,184 | ---- | M] () -- C:\Windows\SysWow64\ff_unrar.dll

    [2012/11/11 17:40:50 | 000,099,840 | ---- | M] () -- C:\Windows\SysWow64\ff_wmv9.dll

    [2012/11/11 17:40:48 | 001,525,760 | ---- | M] () -- C:\Windows\SysWow64\ff_samplerate.dll

    [2012/11/11 17:40:48 | 000,211,968 | ---- | M] () -- C:\Windows\SysWow64\ff_libdts.dll

    [2012/11/11 17:40:48 | 000,147,456 | ---- | M] () -- C:\Windows\SysWow64\ff_libmad.dll

    [2012/11/11 17:40:48 | 000,114,688 | ---- | M] () -- C:\Windows\SysWow64\ff_liba52.dll

    [2012/11/11 13:34:54 | 001,497,768 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysNative\LAVVideo.ax

    [2012/11/11 13:34:54 | 000,503,464 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysNative\LAVSplitter.ax

    [2012/11/11 13:34:54 | 000,405,200 | ---- | M] () -- C:\Windows\SysNative\swscale-lav-2.dll

    [2012/11/11 13:34:54 | 000,274,600 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysNative\LAVAudio.ax

    [2012/11/11 13:34:54 | 000,252,792 | ---- | M] () -- C:\Windows\SysNative\avutil-lav-52.dll

    [2012/11/11 13:34:54 | 000,215,720 | ---- | M] () -- C:\Windows\SysNative\libbluray.dll

    [2012/11/11 13:34:54 | 000,178,472 | ---- | M] () -- C:\Windows\SysNative\avresample-lav-1.dll

    [2012/11/11 13:34:52 | 008,000,584 | ---- | M] () -- C:\Windows\SysNative\avcodec-lav-54.dll

    [2012/11/11 13:34:52 | 001,137,384 | ---- | M] () -- C:\Windows\SysNative\avformat-lav-54.dll

    [2012/11/11 13:34:52 | 000,181,568 | ---- | M] () -- C:\Windows\SysNative\avfilter-lav-3.dll

    [2012/11/11 13:32:34 | 007,870,928 | ---- | M] () -- C:\Windows\SysWow64\avcodec-lav-54.dll

    [2012/11/11 13:32:34 | 001,182,696 | ---- | M] () -- C:\Windows\SysWow64\avformat-lav-54.dll

    [2012/11/11 13:32:34 | 001,172,648 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysWow64\LAVVideo.ax

    [2012/11/11 13:32:34 | 000,413,864 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysWow64\LAVSplitter.ax

    [2012/11/11 13:32:34 | 000,382,120 | ---- | M] () -- C:\Windows\SysWow64\swscale-lav-2.dll

    [2012/11/11 13:32:34 | 000,241,832 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\Windows\SysWow64\LAVAudio.ax

    [2012/11/11 13:32:34 | 000,238,528 | ---- | M] () -- C:\Windows\SysWow64\avutil-lav-52.dll

    [2012/11/11 13:32:34 | 000,183,976 | ---- | M] () -- C:\Windows\SysWow64\libbluray.dll

    [2012/11/11 13:32:34 | 000,167,728 | ---- | M] () -- C:\Windows\SysWow64\avfilter-lav-3.dll

    [2012/11/11 13:32:34 | 000,158,096 | ---- | M] () -- C:\Windows\SysWow64\avresample-lav-1.dll

    [2012/11/09 15:46:47 | 000,040,727 | ---- | M] () -- C:\test.xml

    [2012/11/08 12:01:08 | 004,418,888 | ---- | M] (AVG Technologies) -- C:\Users\Cecilia\Documents\avg_avc_stb_all_2013_2742.exe

    22 | 000,000,451 | ---- | M] () -- C:\Users\Cecilia\Documents\ChatLog Various FAST and TIP meetings _DO NOT DELETE THIS MEETING_ 2012_10_30 17_42.rtf

    [2012/10/30 16:49:42 | 002,651,533 | ---- | M] () -- C:\Users\Cecilia\Desktop\IEEE_WIE_Magazine_Winter_07-08.pdf

    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]



    ========== Files Created - No Company Name ==========



    [2012/11/24 20:45:41 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk

    [2012/11/24 18:03:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

    [2012/11/24 18:03:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

    [2012/11/24 18:03:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

    [2012/11/24 18:03:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

    [2012/11/24 18:03:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

    [2012/11/24 16:55:07 | 000,000,009 | ---- | C] () -- C:\END

    [2012/11/24 16:48:14 | 015,122,608 | ---- | C] () -- C:\Users\Cecilia\Desktop\AppRemover.exe

    [2012/11/22 22:42:02 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

    [2012/11/22 20:33:34 | 000,750,080 | ---- | C] () -- C:\Users\Cecilia\Desktop\RogueKiller.exe

    [2012/11/21 15:04:25 | 000,172,110 | ---- | C] () -- C:\Users\Cecilia\Desktop\JFN CV-1112 (OverviewMC).pdf

    [2012/11/21 08:57:25 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

    [2012/11/21 08:51:57 | 000,001,284 | ---- | C] () -- C:\Users\Cecilia\Desktop\mbam-setup-1.65.1.1000.exe - Shortcut.lnk

    [2012/11/20 21:39:08 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

    [2012/11/20 11:07:46 | 000,000,868 | ---- | C] () -- C:\Users\Cecilia\Documents\ChatLog Various FAST and TIP meetings _DO NOT DELETE THIS MEETING_ 2012_11_20 11_07.rtf

    [2012/11/13 21:03:19 | 000,001,188 | ---- | C] () -- C:\Users\Cecilia\Desktop\Media Player Classic.lnk

    [2012/11/11 20:57:30 | 000,039,904 | ---- | C] () -- C:\Windows\SysWow64\dischandler.exe

    [2012/11/11 17:46:06 | 004,012,544 | ---- | C] () -- C:\Windows\SysNative\ffmpeg.dll

    [2012/11/11 17:45:22 | 000,474,624 | ---- | C] () -- C:\Windows\SysNative\ff_kernelDeint.dll

    [2012/11/11 17:45:12 | 000,127,488 | ---- | C] () -- C:\Windows\SysNative\ff_vfw.dll

    [2012/11/11 17:45:08 | 004,376,576 | ---- | C] () -- C:\Windows\SysNative\ffdshow.ax

    [2012/11/11 17:45:04 | 000,156,672 | ---- | C] () -- C:\Windows\SysNative\ff_libmad.dll

    [2012/11/11 17:44:38 | 000,631,296 | ---- | C] () -- C:\Windows\SysNative\TomsMoComp_ff.dll

    [2012/11/11 17:44:12 | 000,114,688 | ---- | C] () -- C:\Windows\SysNative\ff_wmv9.dll

    [2012/11/11 17:44:08 | 001,532,928 | ---- | C] () -- C:\Windows\SysNative\ff_samplerate.dll

    [2012/11/11 17:44:08 | 000,223,232 | ---- | C] () -- C:\Windows\SysNative\ff_libdts.dll

    [2012/11/11 17:44:08 | 000,183,296 | ---- | C] () -- C:\Windows\SysNative\ff_unrar.dll

    [2012/11/11 17:44:08 | 000,116,224 | ---- | C] () -- C:\Windows\SysNative\ff_liba52.dll

    [2012/11/11 17:42:32 | 003,915,776 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll

    [2012/11/11 17:41:46 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

    [2012/11/11 17:41:40 | 003,504,128 | ---- | C] () -- C:\Windows\SysWow64\ffdshow.ax

    [2012/11/11 17:41:14 | 000,271,360 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll

    [2012/11/11 17:40:50 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll

    [2012/11/11 17:40:50 | 000,099,840 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll

    [2012/11/11 17:40:48 | 001,525,760 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll

    [2012/11/11 17:40:48 | 000,211,968 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll

    [2012/11/11 17:40:48 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll

    [2012/11/11 17:40:48 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll

    [2012/11/11 13:34:54 | 000,405,200 | ---- | C] () -- C:\Windows\SysNative\swscale-lav-2.dll

    [2012/11/11 13:34:54 | 000,252,792 | ---- | C] () -- C:\Windows\SysNative\avutil-lav-52.dll

    [2012/11/11 13:34:54 | 000,215,720 | ---- | C] () -- C:\Windows\SysNative\libbluray.dll

    [2012/11/11 13:34:54 | 000,178,472 | ---- | C] () -- C:\Windows\SysNative\avresample-lav-1.dll

    [2012/11/11 13:34:52 | 008,000,584 | ---- | C] () -- C:\Windows\SysNative\avcodec-lav-54.dll

    [2012/11/11 13:34:52 | 001,137,384 | ---- | C] () -- C:\Windows\SysNative\avformat-lav-54.dll

    [2012/11/11 13:34:52 | 000,181,568 | ---- | C] () -- C:\Windows\SysNative\avfilter-lav-3.dll

    [2012/11/11 13:32:34 | 007,870,928 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-54.dll

    [2012/11/11 13:32:34 | 001,182,696 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-54.dll

    [2012/11/11 13:32:34 | 000,382,120 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll

    [2012/11/11 13:32:34 | 000,238,528 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-52.dll

    [2012/11/11 13:32:34 | 000,183,976 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll

    [2012/11/11 13:32:34 | 000,167,728 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-3.dll

    [2012/11/11 13:32:34 | 000,158,096 | ---- | C] () -- C:\Windows\SysWow64\avresample-lav-1.dll

    [2012/11/06 11:01:11 | 000,000,660 | ---- | C] () -- C:\Users\Cecilia\Documents\ChatLog Various FAST and TIP meetings _DO NOT DELETE THIS MEETING_ 2012_11_06 11_01.rtf

    [2012/10/30 17:42:22 | 000,000,451 | ---- | C] () -- C:\Users\Cecilia\Documents\ChatLog Various FAST and TIP meetings _DO NOT DELETE THIS MEETING_ 2012_10_30 17_42.rtf

    [2012/10/30 16:49:42 | 002,651,533 | ---- | C] () -- C:\Users\Cecilia\Desktop\IEEE_WIE_Magazine_Winter_07-08.pdf

    [2012/10/17 18:12:46 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI

    [2012/09/29 22:47:28 | 000,000,178 | ---- | C] () -- C:\Windows\SysWow64\Formats.ini

    [2012/08/31 12:05:16 | 000,027,520 | ---- | C] () -- C:\Users\Cecilia\AppData\Local\dt.dat

    [2012/07/10 08:16:35 | 013,913,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

    [2012/07/10 08:16:35 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

    [2012/05/08 10:52:54 | 000,963,884 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

    [2012/05/08 10:52:54 | 000,221,264 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

    [2012/04/30 08:54:03 | 000,000,060 | ---- | C] () -- C:\Windows\Sirius12Astrology.ini

    [2011/12/15 19:32:28 | 000,004,096 | -H-- | C] () -- C:\Users\Cecilia\AppData\Local\keyfile3.drm

    [2011/12/07 19:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll

    [2011/12/01 17:37:58 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    [2011/12/01 15:23:56 | 000,000,060 | ---- | C] () -- C:\Windows\Sirius11Astrology.ini

    [2011/12/01 15:10:01 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

    [2011/11/26 16:07:24 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

    [2011/09/08 14:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll

    [2011/09/08 14:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll

    [2011/09/08 14:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll

    [2011/09/08 14:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll

    [2011/09/08 14:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe

    [2011/09/08 14:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\SysWow64\ts.dll

    [2011/09/08 14:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe

    [2011/09/08 14:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe

    [2011/09/08 13:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll

    [2011/09/08 13:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll

    [2011/08/26 15:05:38 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

    [2011/06/24 03:58:32 | 000,242,259 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

    [2011/06/24 03:58:04 | 000,877,296 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

    [2011/03/30 05:21:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

    [2011/03/30 05:15:41 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat

    [2011/03/03 11:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll

    [2011/03/03 11:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll

    [2011/03/03 11:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll

    [2011/02/11 10:26:20 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OptimFROG.dll

    [2011/01/14 08:20:50 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin



    ========== ZeroAccess Check ==========



    [2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini



    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64



    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]



    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64



    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]



    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Apartment



    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Apartment



    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Free



    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Free



    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Both



    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]



    ========== LOP Check ==========



    [2012/07/30 21:01:34 | 000,000,000 | ---D | M] -- C:\Users\Cecilia\AppData\Roaming\AVG

    [2012/11/24 20:47:13 | 000,000,000 | ---D | M] -- C:\Users\Cecilia\AppData\Roaming\AVG2013

    [2012/11/20 21:26:43 | 000,000,000 | ---D | M] -- C:\Users\Cecilia\AppData\Roaming\BitTorrent

    [2012/10/17 14:01:34 | 000,000,000 | ---D | M] -- C:\Users\Cecilia\AppData\Roaming\EPSON

    [2011/12/01 13:54:56 | 000,000,000 | ---D | M] -- C:\Users\Cecilia\AppData\Roaming\ImTOO

    [2012/04/12 10:59:56 | 000,000,000 | ---D | M] -- C:\Users\Cecilia\AppData\Roaming\SmartDraw

    [2012/11/08 12:45:15 | 000,000,000 | ---D | M] -- C:\Users\Cecilia\AppData\Roaming\TuneUp Software

    [2012/07/02 16:56:32 | 000,000,000 | ---D | M] -- C:\Users\Cecilia\AppData\Roaming\Vodafone

    [2012/11/22 17:37:33 | 000,000,000 | ---D | M] -- C:\Users\Cecilia\AppData\Roaming\VoipBuster

    [2011/12/22 19:17:13 | 000,000,000 | ---D | M] -- C:\Users\Cecilia\AppData\Roaming\Wise Registry Cleaner

    [2012/11/08 18:21:28 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software

    [2012/11/08 18:21:28 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software



    ========== Purity Check ==========







    ========== Alternate Data Streams ==========



    @Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:0B4227B4

    @Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:0B4227B4



    < End of report >
     
  13. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
      O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
      O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll File not found
      O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
      O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found
      O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll File not found
      O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
      O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
      O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
      O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
      O4 - HKU\S-1-5-21-2489319110-3914873036-576177692-1001..\Run: [EPSON14FFC7 (Epson Stylus SX420W)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Users\Cecilia\AppData\Local\Temp\E_S7483.tmp" /EF "HKCU" File not found
      O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
      O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
      [2011/12/22 19:17:13 | 000,000,000 | ---D | M] -- C:\Users\Cecilia\AppData\Roaming\Wise Registry Cleaner
      @Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:0B4227B4
      @Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:0B4227B4
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ============================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  14. LadyhawkeX

    LadyhawkeX TS Rookie Topic Starter Posts: 60

    Well that's me done for the night... sorry about chopping it up but it seemed to be the only way it would post... have a good one

    Ciao;)
     
  15. LadyhawkeX

    LadyhawkeX TS Rookie Topic Starter Posts: 60

    Hi Broni... just started this last bit you sent for the OTL fixes but from looking at the log I don't think it ran.. it was very quck and rebooted and there are all these error messages in the log... so I will wait to do the next steps in your instuctions (Security Check, FARBAR & TFC) until you have a chance to look at this log

    All processes killed
    Error: Unable to interpret <• :OTL> in the current context!
    Error: Unable to interpret <• O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.> in the current context!
    Error: Unable to interpret <• O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.> in the current context!
    Error: Unable to interpret <• O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll File not found> in the current context!
    Error: Unable to interpret <• O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found> in the current context!
    Error: Unable to interpret <• O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found> in the current context!
    Error: Unable to interpret <• O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll File not found> in the current context!
    Error: Unable to interpret <• O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found> in the current context!
    Error: Unable to interpret <• O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.> in the current context!
    Error: Unable to interpret <• O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found> in the current context!
    Error: Unable to interpret <• O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found> in the current context!
    Error: Unable to interpret <• O4 - HKU\S-1-5-21-2489319110-3914873036-576177692-1001..\Run: [EPSON14FFC7 (Epson Stylus SX420W)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Users\Cecilia\AppData\Local\Temp\E_S7483.tmp" /EF "HKCU" File not found> in the current context!
    Error: Unable to interpret <• O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found> in the current context!
    Error: Unable to interpret <• O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found> in the current context!
    Error: Unable to interpret <• [2011/12/22 19:17:13 | 000,000,000 | ---D | M] -- C:\Users\Cecilia\AppData\Roaming\Wise Registry Cleaner> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:0B4227B4> in the current context!
    Error: Unable to interpret <• @Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:0B4227B4> in the current context!
    Error: Unable to interpret <• > in the current context!
    Error: Unable to interpret <• :Commands> in the current context!
    Error: Unable to interpret <• [purity]> in the current context!
    Error: Unable to interpret <• [emptytemp]> in the current context!
    Error: Unable to interpret <• [emptyjava]> in the current context!
    Error: Unable to interpret <• [emptyflash]> in the current context!
    Error: Unable to interpret <• [Reboot]> in the current context!

    OTL by OldTimer - Version 3.2.69.0 log created on 11262012_173156
    Files\Folders moved on Reboot...
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  16. LadyhawkeX

    LadyhawkeX TS Rookie Topic Starter Posts: 60

    Hi Broni... well I didn't hear back from you so I ran this OTL again. I removed the dots in front of your lines of code and it seems to have run better this time.. I am assuming this since there are not error comments in the log below

    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_ssl_v12 deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-2489319110-3914873036-576177692-1001\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON14FFC7 (Epson Stylus SX420W) deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Append Link Target to Existing PDF\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Append Link Target to Existing PDF\ not found.
    C:\Users\Cecilia\AppData\Roaming\Wise Registry Cleaner\backup folder moved successfully.
    C:\Users\Cecilia\AppData\Roaming\Wise Registry Cleaner folder moved successfully.
    ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
    Unable to delete ADS C:\ProgramData\TEMP:0B4227B4 .
    File rity] not found.
    File ptytemp] not found.
    File ptyjava] not found.
    File ptyflash] not found.
    File boot] not found.

    OTL by OldTimer - Version 3.2.69.0 log created on 11262012_220643
    Files\Folders moved on Reboot...
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  17. LadyhawkeX

    LadyhawkeX TS Rookie Topic Starter Posts: 60

    FSS log


    Farbar Service Scanner Version: 09-11-2012
    Ran by Cecilia (administrator) on 26-11-2012 at 22:28:31
    Running from "C:\Users\CecilAll processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_ssl_v12 deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-2489319110-3914873036-576177692-1001\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON14FFC7 (Epson Stylus SX420W) deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Append Link Target to Existing PDF\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Append Link Target to Existing PDF\ not found.
    C:\Users\Cecilia\AppData\Roaming\Wise Registry Cleaner\backup folder moved successfully.
    C:\Users\Cecilia\AppData\Roaming\Wise Registry Cleaner folder moved successfully.
    ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
    Unable to delete ADS C:\ProgramData\TEMP:0B4227B4 .
    File rity] not found.
    File ptytemp] not found.
    File ptyjava] not found.
    File ptyflash] not found.
    File boot] not found.

    OTL by OldTimer - Version 3.2.69.0 log created on 11262012_220643
    Files\Folders moved on Reboot...
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
    ia\Desktop"
    Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2012-11-22 18:43] - [2012-10-03 17:56] - 1914248 ____A (Microsoft Corporation) 37608401DFDB388CAF66917F6B2D6FB0
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  18. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    I still need Security Check and Eset logs.
     
  19. LadyhawkeX

    LadyhawkeX TS Rookie Topic Starter Posts: 60

    Just finshed the Eset here is the log and I thought I already sent the security check log... not seeing on my desk top should I run it again?

    C:\Users\Cecilia\Desktop\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined
    C:\Users\Cecilia\Downloads\cnet2_WRCFree_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
     
  20. LadyhawkeX

    LadyhawkeX TS Rookie Topic Starter Posts: 60

    Sorry I think I missed the security check step... I got interupted a couple of times while I was doing this so I just ran it... hope that running it out of sequence was ok... here is the log

    Results of screen317's Security Check version 0.99.56
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    AVG Anti-Virus 2013
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.1.1000
    AVG PC Tuneup
    Wise Registry Cleaner 6.14
    Java(TM) 6 Update 22
    Java version out of Date!
    Adobe Flash Player 11.4.402.287 Flash Player out of Date!
    Adobe Reader 10.1.4 Adobe Reader out of Date!
    Mozilla Firefox 16.0.2 Firefox out of Date!
    Google Chrome 5.0.375.127
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    AVG avgwdsvc.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     
  21. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Update Adobe Flash Player
    Download for Internet Explorer: http://www.filehippo.com/download_flashplayer_ie_64/
    Download for Firefox, Opera and other Gecko-based browsers: http://www.filehippo.com/download_flashplayer_firefox_64/

    NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
    NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

    ==============================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    ================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===============================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.
     
  22. LadyhawkeX

    LadyhawkeX TS Rookie Topic Starter Posts: 60

    Hi Broni,, ok I was able to update the Java and the adobe reader.. but I can't download the Flash Player with either link.. Should I just go diirectly to the adobe page and load it from there?
     
  23. LadyhawkeX

    LadyhawkeX TS Rookie Topic Starter Posts: 60

    I am not sure I was really suscessful on these updates but here is the OTL log..Java is a mystery to me... progaming and code is out of my league... I have dyslexia..so I miss stuff and its why my spelling is atrocious... I would be lost without spell check...

    OTL log

    All processes killed

    ========== OTL ==========

    ========== COMMANDS ==========



    [EMPTYTEMP]



    User: All Users



    User: Cecilia

    ->Temp folder emptied: 754464 bytes

    ->Temporary Internet Files folder emptied: 8877575 bytes

    ->Java cache emptied: 0 bytes

    ->FireFox cache emptied: 33243769 bytes

    ->Google Chrome cache emptied: 5301261 bytes

    ->Flash cache emptied: 506 bytes



    User: Default

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 0 bytes

    ->Flash cache emptied: 0 bytes



    User: Default User

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 0 bytes

    ->Flash cache emptied: 0 bytes



    User: Public

    ->Temp folder emptied: 0 bytes



    %systemdrive% .tmp files removed: 0 bytes

    %systemroot% .tmp files removed: 0 bytes

    %systemroot%\System32 .tmp files removed: 0 bytes

    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes

    %systemroot%\System32\drivers .tmp files removed: 0 bytes

    Windows Temp folder emptied: 10571711 bytes

    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

    RecycleBin emptied: 0 bytes



    Total Files Cleaned = 56.00 mb





    [EMPTYFLASH]



    User: All Users



    User: Cecilia

    ->Flash cache emptied: 0 bytes



    User: Default

    ->Flash cache emptied: 0 bytes



    User: Default User

    ->Flash cache emptied: 0 bytes



    User: Public



    Total Flash Files Cleaned = 0.00 mb





    [EMPTYJAVA]



    User: All Users



    User: Cecilia

    ->Java cache emptied: 0 bytes



    User: Default



    User: Default User



    User: Public



    Total Java Files Cleaned = 0.00 mb



    Restore point Set: OTL Restore Point



    OTL by OldTimer - Version 3.2.69.0 log created on 11272012_180134



    Files\Folders moved on Reboot...

    C:\Users\Cecilia\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    File\Folder C:\Users\Cecilia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{4BAC2B54-EA6A-4058-8C3D-31817976E7AD}.tmp not found!

    File\Folder C:\Users\Cecilia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F72A3162-E09E-4C86-AD58-1944C9DEF0AB}.tmp not found!

    File\Folder C:\Users\Cecilia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F93D8626-248B-4942-B85A-BC280AECFF47}.tmp not found!



    PendingFileRenameOperations files...



    Registry entries deleted on Reboot...
     
  24. Broni

    Broni Malware Annihilator Posts: 47,704   +268

  25. LadyhawkeX

    LadyhawkeX TS Rookie Topic Starter Posts: 60

    Hi Broni... I am not having any sucess with installing this... I tired to install it but it would not install.. I think that was because there was another version... so I uninstalled it using the control panel command I uninsatlled the flashplayer and the plugin app...maybe this was not correct... still did not work... so then I down loaded the Adobe uninstall program and ran it... said it was sucessful... then I tried again toinstall the flash palyer... I close all applications and browsers that use it... it still would not install... it half way through and I got an error message... which I need to rerun now to remeber what it was... ok I need to close eveything... error message in the next post....sorry:oops:
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.