Jump to content

Stu1407

Members
  • Content Count

    21
  • Joined

  • Last visited

About Stu1407

  • Rank
    Member

Previous Fields

  • System Specifications:
    Toshiba L450D,
  1. Thanks for all your help JonTom.
  2. It's running fine thanks JonTom, AVG is still not detecting any threats since it upgraded yesterday.
  3. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Parent at 15:37:34 on 2012-04-20 Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.2814.1006 [GMT 1:00] . AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:Windowssystem32wininit.exe C:Windowssystem32lsm.exe C:Windowssystem32svchost.exe -k DcomLaunch C:Windowssystem32svchost.exe -k RPCSS C:Windowssystem32atiesrxx.exe C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted C:Windowssystem32svchost.exe -k netsvcs C:Windowssystem32svchost.exe -k LocalService C:Windowssystem32atieclxx.exe C:Windowssystem32svchost.exe -k NetworkService C:WindowsSystem32spoolsv.exe C:Windowssystem32svchost.exe -k LocalServiceNoNetwork C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe C:Program FilesAVGAVG2012avgwdsvc.exe c:Program FilesMicrosoft SQL ServerMSSQL10.SQLEXPRESSMSSQLBinnsqlservr.exe C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe c:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe C:Windowssystem32svchost.exe -k imgsvc C:Program FilesTuneUp Utilities 2010TuneUpUtilitiesService32.exe C:Program FilesSpybot - Search & DestroySDWinSec.exe C:Windowssystem32taskhost.exe C:Program FilesTuneUp Utilities 2010TuneUpUtilitiesApp32.exe C:Windowssystem32Dwm.exe C:WindowsExplorer.EXE C:Program FilesRealtekAudioHDARtHDVCpl.exe C:Program FilesSynapticsSynTPSynTPEnh.exe C:Program FilesTOSHIBATOSHIBA Web Camera ApplicationTWebCamera.exe C:Program FilesAVGAVG2012avgtray.exe C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe C:Program FilesWindows LiveMessengermsnmsgr.exe C:Program FilesSynapticsSynTPSynTPHelper.exe C:Windowssystem32SearchIndexer.exe C:Program FilesWindows Media Playerwmpnetwk.exe C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation C:Program FilesWindows LiveContactswlcomm.exe C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe C:Program FilesInternet Exploreriexplore.exe C:Program FilesInternet Exploreriexplore.exe C:Program FilesGoogleGoogle ToolbarGoogleToolbarUser_32.exe C:Program FilesInternet Exploreriexplore.exe C:Program FilesInternet Exploreriexplore.exe C:Windowssystem32taskeng.exe C:WindowsSystem32svchost.exe -k WerSvcGroup C:Program FilesAVGAVG2012avgcfgex.exe C:Windowssystem32DllHost.exe C:Windowssystem32DllHost.exe C:Windowssystem32conhost.exe C:Windowssystem32wbemwmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bbc.co.uk/ BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:progra~1arcsoftmediac~1intern~1ARCURL~1.DLL BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:program filesavgavg2012avgdtiex.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg2012avgssie.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:program filesmicrosoftsearch enhancement packsearch helperSEPsearchhelperie.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:program fileswindows livetoolbarwltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:program fileswindows livetoolbarwltcore.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll uRun: [swg] "c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe" uRun: [msnmsgr] "c:program fileswindows livemessengermsnmsgr.exe" /background mRun: [RtHDVCpl] c:program filesrealtekaudiohdaRtHDVCpl.exe mRun: [synTPEnh] %ProgramFiles%SynapticsSynTPSynTPEnh.exe mRun: [TWebCamera] "%ProgramFiles%TOSHIBATOSHIBA Web Camera ApplicationTWebCamera.exe" autorun mRun: [AVG_TRAY] "c:program filesavgavg2012avgtray.exe" mRun: [Malwarebytes' Anti-Malware] "c:program filesmalwarebytes' anti-malwarembamgui.exe" /starttray mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/cn-zt.special-uninstallation-feedback-app?lic="&"inst=NzctNzIxMDU3MTcwLVRCOSsyLUZMKzktUUlYMSs0LVgyMDEwKzItRjEwTTEwQysyLVBSRVYxMCsxLUxJQysyMi1TUDErMS1TUDFUQisxLVNVRCsxLVMxSSsxLVNVMysxLUZMMTArMS1ERFQrMzMxODQtTFNEKzItREQxMEYrMS1TMTBGRERGKzItU1QxMEZBUFArMQ"&"prod=0"&"ver=10.0.1410 dRun: [msnmsgr] "c:program fileswindows livemessengermsnmsgr.exe" /background uPolicies-explorer: NoResolveTrack = 1 (0x1) mPolicies-explorer: NoResolveTrack = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:progra~1micros~4office12EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:program fileswindows livewriterWriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~4office12REFIEBAR.DLL IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:program filesavgavg2012avgdtiex.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces{A5A4AFF7-2B11-4A1A-8A1A-6955EC5EA2E7} : DhcpNameServer = 192.168.1.1 TCP: Interfaces{A5A4AFF7-2B11-4A1A-8A1A-6955EC5EA2E7}05F63796479667560294450235F6C6574796F6E6370265D4 : DhcpNameServer = 192.168.1.254 TCP: Interfaces{CCDEB7CE-29E7-4010-A7E4-6D67ACC2C324} : DhcpNameServer = 192.168.1.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg2012avgpp.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:windowssystem32driversavgidsehx.sys [2011-12-23 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:windowssystem32driversavgrkx86.sys [2012-1-31 31952] R1 Avgldx86;AVG AVI Loader Driver;c:windowssystem32driversavgldx86.sys [2012-2-22 235216] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32driversavgmfx86.sys [2011-12-23 41040] R1 Avgtdix;AVG TDI Driver;c:windowssystem32driversavgtdix.sys [2012-2-22 299472] R1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32driversvwififlt.sys [2009-7-14 48128] R2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2010-8-4 176128] R2 avgwd;AVG WatchDog;c:program filesavgavg2012avgwdsvc.exe [2012-2-14 193288] R2 MBAMService;MBAMService;c:program filesmalwarebytes' anti-malwarembamservice.exe [2012-4-19 654408] R2 SBSDWSCService;SBSD Security Center Service;c:program filesspybot - search & destroySDWinSec.exe [2010-7-16 1153368] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:program filestuneup utilities 2010TuneUpUtilitiesService32.exe [2011-7-8 1052480] R3 amdkmdag;amdkmdag;c:windowssystem32driversatikmdag.sys [2010-8-4 6096384] R3 amdkmdap;amdkmdap;c:windowssystem32driversatikmpag.sys [2010-8-4 214016] R3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32driversavgidsdriverx.sys [2011-12-23 139856] R3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32driversavgidsfilterx.sys [2011-12-23 24144] R3 AVGIDSShim;AVGIDSShim;c:windowssystem32driversavgidsshimx.sys [2011-12-23 17232] R3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2012-4-19 22344] R3 PGEffect;Pangu effect driver;c:windowssystem32driversPGEffect.sys [2009-12-29 24064] R3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32driversRt86win7.sys [2009-9-8 167936] R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:windowssystem32driversrtl8192se.sys [2010-4-26 1014304] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:program filestuneup utilities 2010TuneUpUtilitiesDriver32.sys [2009-10-14 10064] S2 AVGIDSAgent;AVGIDSAgent;c:program filesavgavg2012avgidsagent.exe [2012-2-14 5104992] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsmicrosoft.netframeworkv4.0.30319mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:program filesgoogleupdateGoogleUpdate.exe [2010-7-16 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowssystem32macromedflashFlashPlayerUpdateService.exe [2012-4-3 253088] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:windowssystem32driversb57nd60x.sys [2009-7-13 229888] S3 fssfltr;fssfltr;c:windowssystem32driversfssfltr.sys [2010-6-7 54632] S3 fsssvc;Windows Live Family Safety Service;c:program fileswindows livefamily safetyfsssvc.exe [2010-9-23 704872] S3 FsUsbExDisk;FsUsbExDisk;c:windowssystem32FsUsbExDisk.Sys [2010-7-19 36608] S3 gupdatem;Google Update Service (gupdatem);c:program filesgoogleupdateGoogleUpdate.exe [2010-7-16 136176] S3 massfilter;ZTE Mass Storage Filter Driver;c:windowssystem32driversmassfilter.sys [2010-6-25 9216] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:windowssystem32driversss_bbus.sys [2011-5-12 98432] S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:windowssystem32driversss_bmdfl.sys [2011-5-12 14848] S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:windowssystem32driversss_bmdm.sys [2011-5-12 123648] S3 StorSvc;Storage Service;c:windowssystem32svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S3 TsUsbFlt;TsUsbFlt;c:windowssystem32driversTsUsbFlt.sys [2011-2-23 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32watWatAdminSvc.exe [2010-6-8 1343400] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:program filesmicrosoft sql server100sharedsqladhlp.exe [2008-7-10 47128] S4 RsFx0103;RsFx0103 Driver;c:windowssystem32driversRsFx0103.sys [2009-3-30 239336] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:program filesmicrosoft sql servermssql10.sqlexpressmssqlbinnSQLAGENT.EXE [2009-3-30 366936] . =============== Created Last 30 ================ . 2012-04-19 12:50:58 22344 ----a-w- c:windowssystem32driversmbam.sys 2012-04-19 12:50:58 -------- d-----w- c:program filesMalwarebytes' Anti-Malware 2012-04-19 12:38:59 -------- d-----w- C:_OTL 2012-04-18 13:29:54 -------- d--h--w- C:$AVG 2012-04-18 12:24:00 -------- d-sh--w- C:$RECYCLE.BIN 2012-04-18 07:19:17 -------- d-s---w- C:ComboFix 2012-04-16 07:55:46 -------- d-----w- c:program filesConduit 2012-04-16 07:54:21 -------- d-----w- c:usersparentappdataroaminguTorrent 2012-04-15 16:15:01 89944 ----a-w- c:program filescommon fileswindows live.cachee86e99841cd1b2215DSETUP.dll 2012-04-15 16:15:01 537432 ----a-w- c:program filescommon fileswindows live.cachee86e99841cd1b2215DXSETUP.exe 2012-04-15 16:15:01 1801048 ----a-w- c:program filescommon fileswindows live.cachee86e99841cd1b2215dsetup32.dll 2012-04-15 16:14:53 94040 ----a-w- c:program filescommon fileswindows live.cachee303aed71cd1b2214DSETUP.dll 2012-04-15 16:14:53 525656 ----a-w- c:program filescommon fileswindows live.cachee303aed71cd1b2214DXSETUP.exe 2012-04-15 16:14:53 1691480 ----a-w- c:program filescommon fileswindows live.cachee303aed71cd1b2214dsetup32.dll 2012-04-14 08:39:00 -------- d-----w- c:usersparentappdataroamingSUPERAntiSpyware.com 2012-04-14 08:37:55 -------- d-----w- c:programdataSUPERAntiSpyware.com 2012-04-14 07:47:00 -------- d-----w- c:usersparentappdataroamingMalwarebytes 2012-04-14 07:46:45 -------- d-----w- c:programdataMalwarebytes 2012-04-13 18:14:09 14664 ----a-w- c:windowsstinger.sys 2012-04-12 06:42:51 5120 ----a-w- c:windowssystem32wmi.dll 2012-04-12 06:42:51 19824 ----a-w- c:windowssystem32driversfs_rec.sys 2012-04-12 06:42:51 172544 ----a-w- c:windowssystem32wintrust.dll 2012-04-12 06:42:51 159232 ----a-w- c:windowssystem32imagehlp.dll 2012-04-12 06:42:03 3968368 ----a-w- c:windowssystem32ntkrnlpa.exe 2012-04-12 06:42:02 3913072 ----a-w- c:windowssystem32ntoskrnl.exe 2012-04-03 06:06:41 418464 ----a-w- c:windowssystem32FlashPlayerApp.exe 2012-03-28 20:16:48 2343424 ----a-w- c:windowssystem32win32k.sys 2012-03-28 20:16:23 8192 ----a-w- c:windowssystem32rdrmemptylst.exe 2012-03-28 20:16:23 129536 ----a-w- c:windowssystem32rdpcorekmts.dll 2012-03-28 20:16:20 826880 ----a-w- c:windowssystem32rdpcore.dll 2012-03-28 20:16:20 24576 ----a-w- c:windowssystem32driverstdtcp.sys 2012-03-28 20:16:20 183808 ----a-w- c:windowssystem32driversrdpwd.sys 2012-03-26 17:24:57 -------- d-----w- c:usersparentappdataroamingDVDVideoSoftIEHelpers 2012-03-26 17:23:58 -------- d-----w- c:usersparentappdataroamingDVDVideoSoft 2012-03-26 17:23:58 -------- d-----w- c:program filescommon filesDVDVIDEOSOFT 2012-03-26 15:41:34 103864 ----a-w- c:program filesinternet explorerpluginsnppdf32.dll 2012-03-25 20:04:21 -------- d-----w- c:usersparentappdatalocalCrashDumps 2012-03-24 12:05:40 -------- d-----w- c:usersparentappdatalocalFLVService . ==================== Find3M ==================== . 2012-04-16 07:36:07 70304 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl 2012-02-28 01:18:55 1799168 ----a-w- c:windowssystem32jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- c:windowssystem32inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- c:windowssystem32wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- c:windowssystem32mshtml.tlb 2012-02-22 04:25:52 299472 ----a-w- c:windowssystem32driversavgtdix.sys 2012-02-22 04:25:32 235216 ----a-w- c:windowssystem32driversavgldx86.sys 2012-02-10 05:38:43 1077248 ----a-w- c:windowssystem32DWrite.dll 2012-02-07 10:02:40 1070352 ----a-w- c:windowssystem32MSCOMCTL.OCX 2012-01-31 03:46:50 31952 ----a-w- c:windowssystem32driversavgrkx86.sys 2012-01-25 05:32:35 58880 ----a-w- c:windowssystem32rdpwsx.dll . ============= FINISH: 15:39:24.05 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: DeviceHarddiskVolume1 Install Date: 18/01/2010 16:56:39 System Uptime: 20/04/2012 09:40:08 (6 hours ago) . Motherboard: TOSHIBA | | NBWAE Processor: AMD Sempron SI-42 | Socket M2/S1G1 | 2100/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 149 GiB total, 91.042 GiB free. E: is CDROM () F: is FIXED (FAT32) - 596 GiB total, 217.283 GiB free. G: is FIXED (NTFS) - 112 GiB total, 92.733 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP524: 17/04/2012 16:01:55 - superspyware removed RP525: 18/04/2012 13:36:45 - b4 avg removal RP526: 18/04/2012 13:37:43 - Removed AVG 2012 RP527: 18/04/2012 13:40:21 - Removed AVG 2012 RP528: 18/04/2012 14:11:15 - Restore Operation RP529: 18/04/2012 14:27:43 - Installed AVG 2012 RP530: 18/04/2012 17:23:11 - OTL Restore Point - 4/18/2012 5:23:08 PM . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Active@ ISO Burner Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Reader 9.5.1 Adobe Shockwave Player 11.6 ATI Catalyst Install Manager µTorrent AVG 2012 Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility CCC Help English Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module ConvertXtoDVD 4.0.9.322 EPSON Printer Software EPSON Scan Free M4a to MP3 Converter 7.0 GoGear SA1VBExxA Device Manager Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708) Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282) Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040) Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308) Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540) Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789) Junk Mail filter update Malwarebytes Anti-Malware version 1.61.0.1400 Media Converter for Philips Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Digital Image Library 9 Microsoft Digital Image Pro 9 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Standard 2007 Microsoft Office Word MUI (English) 2007 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft Silverlight 3 SDK Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2008 Microsoft SQL Server 2008 Browser Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Database Engine Services Microsoft SQL Server 2008 Database Engine Shared Microsoft SQL Server 2008 Management Objects Microsoft SQL Server 2008 Native Client Microsoft SQL Server 2008 RsFx Driver Microsoft SQL Server 2008 Setup Support Files Microsoft SQL Server Compact 3.5 SP1 Design Tools English Microsoft SQL Server Compact 3.5 SP1 English Microsoft SQL Server VSS Writer Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual Basic 2008 Express Edition with SP1 - ENU Microsoft Visual C# 2008 Express Edition with SP1 - ENU Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 Mp3 Audio Editor MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 7 Ultra Edition OGA Notifier 2.0.0048.0 PC Connectivity Solution Realtek Ethernet Controller Driver For Windows 7 Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader REALTEK Wireless LAN Driver Realtek WLAN Driver SAMSUNG USB Driver for Mobile Phones Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB2251487) Security Update for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB2251487) Serif PagePlus SE 1.0 Service Pack 1 for SQL Server 2008 (KB968369) Spybot - Search & Destroy Sql Server Customer Experience Improvement Program SQL Server System CLR Types swMSM Synaptics Pointing Device Driver TOSHIBA SD Memory Utilities TOSHIBA Web Camera Application TRORMCLauncher TuneUp Utilities TuneUp Utilities Language Pack (en-US) Ultra MKV Converter 4.1.0108 Unity Web Player Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Utility Common Driver Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer WinRAR archiver WinX HD Video Converter Deluxe 3.10.2 WPF Toolkit June 2009 (Version 3.5.40619.1) ZTE_1.2059.0.8 . ==== Event Viewer Messages From Past Week ======== . 20/04/2012 06:46:31, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect. 20/04/2012 06:46:31, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 20/04/2012 06:46:31, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED} 19/04/2012 07:50:36, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TuneUp.Defrag service. 18/04/2012 14:35:44, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 18/04/2012 14:15:37, Error: Service Control Manager [7024] - The AVG WatchDog service terminated with service-specific error %%-536805315. 18/04/2012 14:00:27, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 17/04/2012 14:57:35, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed. 15/04/2012 17:40:33, Error: Service Control Manager [7022] - The IPsec Policy Agent service hung on starting. 15/04/2012 17:40:33, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: After starting, the service hung in a start-pending state. 15/04/2012 17:40:31, Error: Service Control Manager [7022] - The Function Discovery Resource Publication service hung on starting. 14/04/2012 07:29:36, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service. 13/04/2012 15:32:55, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service. . ==== End Of File ===========================
  4. C:_OTLMovedFiles04192012_182140c_usersParentAppDataLocalMSMSIMEIMEPad.dll.del a variant of Win32/Sefnit.AR trojan
  5. All processes killed ========== OTL ========== No active process named explorer.exe was found! Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearchScopes{923ec3bd-61a9-4d9e-bfb6-37e3857c40ae} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{923ec3bd-61a9-4d9e-bfb6-37e3857c40ae} not found. Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} not found. Registry value HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerURLSearchHooks{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{687578b9-7132-4a7a-80e4-30ee31099e03} not found. Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerSearchScopes{923ec3bd-61a9-4d9e-bfb6-37e3857c40ae} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{923ec3bd-61a9-4d9e-bfb6-37e3857c40ae} not found. Registry value HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser{687578B9-7132-4A7A-80E4-30EE31099E03} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{687578B9-7132-4A7A-80E4-30EE31099E03} not found. Registry key HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftInternet ExplorerRestrictions deleted successfully. Registry key HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternet ExplorerControl Panel deleted successfully. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:WindowsDownloaded Program Filesgp.inf not found. Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{E2883E8F-472F-4FB0-9522-AC9BF37916A7} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2883E8F-472F-4FB0-9522-AC9BF37916A7} not found. Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{E2883E8F-472F-4FB0-9522-AC9BF37916A7} not found. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E2883E8F-472F-4FB0-9522-AC9BF37916A7} not found. C:Windowsmsdownld.tmp folder deleted successfully. ADS C:ProgramDataTEMP:0B4227B4 deleted successfully. ADS C:ProgramDataTEMP:8CE646EE deleted successfully. ========== REGISTRY ========== Registry value HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-zpka6oPoqDdX deleted successfully. ========== FILES ========== c:usersParentAppDataLocalMSMSIMEIMEPad.dll.del moved successfully. c:usersParentAppDataLocalIO2trLCkr3 folder moved successfully. C:UsersParentAppDataLocal{6644FC2A-8A72-4E81-9B5C-4FEF127CA0B8} folder moved successfully. C:UsersParentAppDataLocal{ADE635C2-121D-42E3-A02E-AF4255FB28C8} folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Parent ->Temp folder emptied: 84786 bytes ->Temporary Internet Files folder emptied: 378606542 bytes ->Java cache emptied: 5116058 bytes ->Google Chrome cache emptied: 243876324 bytes ->Flash cache emptied: 150556 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%System32 .tmp files removed: 0 bytes %systemroot%System32drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3170 bytes %systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 274881199 bytes Total Files Cleaned = 861.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Parent ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.40.0 log created on 04192012_182140 FilesFolders moved on Reboot... C:UsersParentAppDataLocalTempMessengerCache6u4Wp0WpFsAfXQ9P7TCd63dUa+k= moved successfully. C:UsersParentAppDataLocalTempMessengerCachedT2K8yNr2sHDaBzNGDNQ7FGVM2Fg= moved successfully. C:UsersParentAppDataLocalTempMessengerCachejHDXrZTbmnb2Sm6rjS11KnpKCkI= moved successfully. C:UsersParentAppDataLocalTempMessengerCachetFX8IG45hFKOjgugUstlmlAMSJ4= moved successfully. FileFolder C:UsersParentAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5MX7F2E9SADSAdClient31[1].htm not found! Registry entries deleted on Reboot...
  6. All processes killed Error: Unable to interpret <:OTL PRC - C:WINDOWSexplorer.exe (Microsoft Corporation) IE - HKLM..SearchScopes{923ec3bd-61a9-4d9e-bfb6-37e3857c40ae}: "URL" = http://search.mywebs...or={searchTerms} IE - HKLM..SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...&q={searchTerms} IE - HKCU..URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found IE - HKCU..SearchScopes{923ec3bd-61a9-4d9e-bfb6-37e3857c40ae}: "URL" = http://search.mywebs...or={searchTerms} FF - user.js - File not found O3 - HKCU..ToolbarWebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found. O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.) [1 C:Windows*.tmp files -> C:Windows*.tmp -> ] > in the current context! Error: Unable to interpret < @Alternate Data Stream - 136 bytes -> C:ProgramDataTEMP:0B4227B4 @Alternate Data Stream - 123 bytes -> C:ProgramDataTEMP:8CE646EE :Reg [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-] "zpka6oPoqDdX"=- :Files c:usersParentAppDataLocalMSMSIMEIMEPad.dll.del c:usersParentAppDataLocalIO2trLCkr3 C:UsersParentAppDataLocal{6644FC2A-8A72-4E81-9B5C-4FEF127CA0B8} C:UsersParentAppDataLocal{ADE635C2-121D-42E3-A02E-AF4255FB28C8} :Commands [purity] [emptytemp] [emptyflash] [start explorer] [Reboot]> in the current context! OTL by OldTimer - Version 3.2.40.0 log created on 04192012_133859 FilesFolders moved on Reboot... Registry entries deleted on Reboot... _________________________________________________________________________________________________________________--- Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.19.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Parent :: TOSH [administrator] Protection: Disabled 19/04/2012 13:52:45 mbam-log-2012-04-19 (13-52-45).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 333493 Time elapsed: 1 hour(s), 51 minute(s), 20 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  7. https://www.virustotal.com/file/4d3edd52d7a88a749d03c20251aa75a15e87d1fcaff26bdffa613a09193b53fe/analysis/1334821762/ SystemLook 30.07.11 by jpshortstuff Log created at 08:55 on 19/04/2012 by Parent Administrator - Elevation successful ========== dir ========== C:UsersParentAppDataLocal{6644FC2A-8A72-4E81-9B5C-4FEF127CA0B8} - Parameters: "/sub" ---Files--- None found. No folders found. C:UsersParentAppDataLocal{ADE635C2-121D-42E3-A02E-AF4255FB28C8} - Parameters: "/sub" ---Files--- None found. No folders found. -= EOF =- N.B AVG updated itself last night to a new a new version, this mornings scan did not find any infections, rootkits, mal or spyware apart from a few tracking cookies.
  8. OTL. txt OTL logfile created on: 4/18/2012 5:20:30 PM - Run 1 OTL by OldTimer - Version 3.2.40.0 Folder = C:UsersParentDesktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.75 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 66.33% Memory free 5.50 Gb Paging File | 4.40 Gb Available in Paging File | 79.98% Paging File free Paging file location(s): ?:pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files Drive C: | 148.67 Gb Total Space | 96.20 Gb Free Space | 64.71% Space Free | Partition Type: NTFS Drive G: | 111.79 Gb Total Space | 92.73 Gb Free Space | 82.95% Space Free | Partition Type: NTFS Computer Name: TOSH | User Name: Parent | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/04/18 17:18:31 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:UsersParentDesktopOTL.exe PRC - [2012/02/23 04:36:44 | 001,269,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG2012avgnsx.exe PRC - [2012/02/16 04:57:46 | 002,575,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG2012avgtray.exe PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG2012avgwdsvc.exe PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG2012avgrsx.exe PRC - [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG2012avgidsagent.exe PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG2012avgcsrvx.exe PRC - [2011/07/08 12:19:38 | 000,743,232 | ---- | M] (TuneUp Software) -- C:Program FilesTuneUp Utilities 2010TuneUpUtilitiesApp32.exe PRC - [2011/07/08 12:17:54 | 001,052,480 | ---- | M] (TuneUp Software) -- C:Program FilesTuneUp Utilities 2010TuneUpUtilitiesService32.exe PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:Windowsexplorer.exe PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:WindowsSystem32taskhost.exe PRC - [2010/08/04 02:51:36 | 000,380,928 | ---- | M] (AMD) -- C:WindowsSystem32atieclxx.exe PRC - [2010/08/04 02:51:10 | 000,176,128 | ---- | M] (AMD) -- C:WindowsSystem32atiesrxx.exe PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe PRC - [2009/08/11 12:37:50 | 002,446,648 | ---- | M] (TOSHIBA CORPORATION.) -- C:Program FilesTOSHIBATOSHIBA Web Camera ApplicationTWebCamera.exe PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:Program FilesSpybot - Search & DestroyTeaTimer.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:Program FilesSpybot - Search & DestroySDWinSec.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:Program FilesSpybot -- (SBSDWSCService) SRV - [2012/04/16 08:36:07 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:WindowsSystem32MacromedFlashFlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:Program FilesAVGAVG2012avgwdsvc.exe -- (avgwd) SRV - [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:Program FilesAVGAVG2012avgidsagent.exe -- (AVGIDSAgent) SRV - [2011/11/17 20:21:17 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:Program FilesTuneUp Utilities 2010TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2011/07/08 12:17:54 | 001,052,480 | ---- | M] (TuneUp Software) [Auto | Running] -- C:Program FilesTuneUp Utilities 2010TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011/07/08 12:14:56 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:WindowsSystem32uxtuneup.dll -- (UxTuneUp) SRV - [2010/08/04 02:51:10 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:WindowsSystem32atiesrxx.exe -- (AMD External Events Utility) SRV - [2010/06/08 16:40:29 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WindowsSystem32WatWatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe -- (ACDaemon) SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WindowsSystem32StorSvc.dll -- (StorSvc) SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WindowsSystem32sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WindowsSystem32PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:Program FilesWindows DefenderMpSvc.dll -- (WinDefend) SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:Program FilesPC Connectivity SolutionServiceLayer.exe -- (ServiceLayer) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32DRIVERSRtsUCcid.sys -- (USBCCID) DRV - File not found [Kernel | On_Demand | Stopped] -- system32DRIVERSRts516xIR.sys -- (RtsUIR) DRV - File not found [Kernel | On_Demand | Stopped] -- system32driversRtHDMIV.sys -- (RTHDMIAzAudService) DRV - File not found [Kernel | On_Demand | Stopped] -- System32DriversRtsUStor.sys -- (RSUSBSTOR) DRV - File not found [Kernel | On_Demand | Stopped] -- system32DRIVERSewusbfake.sys -- (hwusbfake) DRV - File not found [Kernel | On_Demand | Stopped] -- system32DRIVERSewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | On_Demand | Stopped] -- C:UsersParentAppDataLocalTempcatchme.sys -- (catchme) DRV - [2012/02/22 05:25:52 | 000,299,472 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:WindowsSystem32driversavgtdix.sys -- (Avgtdix) DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:WindowsSystem32driversavgldx86.sys -- (Avgldx86) DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:WindowsSystem32driversavgrkx86.sys -- (Avgrkx86) DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:WindowsSystem32driversavgmfx86.sys -- (Avgmfx86) DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversavgidsshimx.sys -- (AVGIDSShim) DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversavgidsfilterx.sys -- (AVGIDSFilter) DRV - [2011/12/23 13:32:04 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:WindowsSystem32driversavgidsehx.sys -- (AVGIDSEH) DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversavgidsdriverx.sys -- (AVGIDSDriver) DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:WindowsSystem32driversvmbus.sys -- (vmbus) DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:WindowsSystem32driversvmstorfl.sys -- (storflt) DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversstorvsc.sys -- (storvsc) DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversTsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversVMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversvms3cap.sys -- (s3cap) DRV - [2010/08/04 03:21:42 | 006,096,384 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversatikmdag.sys -- (atikmdag) DRV - [2010/08/04 03:21:42 | 006,096,384 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversatikmdag.sys -- (amdkmdag) DRV - [2010/08/04 02:15:28 | 000,214,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversatikmpag.sys -- (amdkmdap) DRV - [2010/07/05 09:24:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:WindowsSystem32FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010/05/22 00:36:00 | 001,014,304 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversrtl8192se.sys -- (rtl8192se) DRV - [2010/04/27 03:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversss_bmdm.sys -- (ss_bmdm) DRV - [2010/04/27 03:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2010/04/27 03:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2010/01/19 12:49:48 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2010/01/19 12:49:48 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2010/01/19 12:49:48 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2010/01/19 12:49:48 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversmassfilter.sys -- (massfilter) DRV - [2009/10/14 08:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:Program FilesTuneUp Utilities 2010TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009/07/24 16:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:WindowsSystem32driverstos_sps32.sys -- (tos_sps32) DRV - [2009/07/14 16:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:WindowsSystem32driversTVALZ_O.SYS -- (TVALZ) DRV - [2009/07/13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversAGRSM.sys -- (AgereSoftModem) DRV - [2009/07/13 23:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversathr.sys -- (athr) DRV - [2009/07/02 15:55:36 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:WindowsSystem32driversLPCFilter.sys -- (LPCFilter) DRV - [2009/06/22 18:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:WindowsSystem32driversPGEffect.sys -- (PGEffect) DRV - [2009/05/05 01:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:WindowsSystem32driversAtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:WindowsSystem32driversRsFx0103.sys -- (RsFx0103) DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driversmcdbus.sys -- (mcdbus) DRV - [2007/10/25 17:26:10 | 000,005,632 | ---- | M] () [File_System | On_Demand | Stopped] -- C:WindowsSystem32driversStarOpen.sys -- (StarOpen) DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:WindowsSystem32driverspccsmcfd.sys -- (pccsmcfd) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM..SearchScopes{923ec3bd-61a9-4d9e-bfb6-37e3857c40ae}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJxdm792YYgb&ptb=FA91028F-746D-4155-BF28-81699C7EBD81&ind=2011030415&ptnrS=ZJxdm792YYgb&si=&n=77dde38f&psa=&st=sb&searchfor={searchTerms} IE - HKLM..SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms} IE - HKLM..SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727 IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,SearchDefaultBranded = 1 IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.bbc.co.uk/ IE - HKCU..URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found IE - HKCU..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU..SearchScopes{3258557B-8C83-4EC1-81B2-FC5E114E5E28}: "URL" = http://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GUEA_en-GBGB408 IE - HKCU..SearchScopes{923ec3bd-61a9-4d9e-bfb6-37e3857c40ae}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJxdm792YYgb&ptb=FA91028F-746D-4155-BF28-81699C7EBD81&ind=2011030415&ptnrS=ZJxdm792YYgb&si=&n=77dde38f&psa=&st=sb&searchfor={searchTerms} IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:Windowssystem32MacromedFlashNPSWF32.dll () FF - HKLMSoftwareMozillaPlugins@adobe.com/ShockwavePlayer: C:Windowssystem32AdobeDirectornp32dsw.dll (Adobe Systems, Inc.) FF - HKLMSoftwareMozillaPlugins@Google.com/GoogleEarthPlugin: C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll (Google) FF - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: C:Program FilesMicrosoft Silverlight4.1.10111.0npctrl.dll ( Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=14.0.8117.0416: C:Program FilesWindows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@nosltd.com/getPlus+®,version=1.6.2.103: C:Program FilesNOSbinnp_gp.dll File not found FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Program FilesGoogleUpdate1.3.21.111npGoogleUpdate3.dll (Google Inc.) FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Program FilesGoogleUpdate1.3.21.111npGoogleUpdate3.dll (Google Inc.) FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program FilesAdobeReader 9.0ReaderAIRnppdf32.dll (Adobe Systems Inc.) FF - HKCUSoftwareMozillaPlugins@soe.sony.com/installer,version=1.0.3: C:UsersParentAppDataLocalMicrosoftInternet ExplorerDownloaded Program Filesnpsoe.dll () FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:UsersParentAppDataLocalGoogleUpdate1.3.21.111npGoogleUpdate3.dll (Google Inc.) FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:UsersParentAppDataLocalGoogleUpdate1.3.21.111npGoogleUpdate3.dll (Google Inc.) FF - HKCUSoftwareMozillaPlugins@unity3d.com/UnityPlayer,version=1.0: C:UsersParentAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:Program FilesArcSoftMedia Converter for PhilipsInternet Video DownloaderPlugin_FireFox [2010/10/21 10:20:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:Program FilesAVGAVG2012Firefox4 [2012/04/18 14:30:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:Program FilesAVGAVG2012FirefoxDoNotTrack [2012/04/18 14:30:36 | 000,000,000 | ---D | M] [2012/04/17 15:07:13 | 000,000,000 | ---D | M] (No name found) -- C:UsersParentAppDataRoamingmozillaFirefoxextensions [2012/04/17 15:09:06 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:UsersParentAppDataRoamingmozillaFirefoxextensions{687578b9-7132-4a7a-80e4-30ee31099e03} [2012/03/28 21:02:35 | 000,000,000 | ---D | M] (No name found) -- C:UsersParentAppDataRoamingmozillaFirefoxProfilesesmke5ya.defaultextensions [2012/03/26 18:25:00 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:UsersParentAppDataRoamingmozillaFirefoxProfilesesmke5ya.defaultextensions{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012/03/26 18:25:00 | 000,000,000 | ---D | M] (No name found) -- C:UsersParentAppDataRoamingmozillaFirefoxProfilesfu91hjyz.defaultextensions [2012/03/26 18:25:00 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:UsersParentAppDataRoamingmozillaFirefoxProfilesfu91hjyz.defaultextensions{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011/12/05 11:19:02 | 000,000,000 | ---D | M] (No name found) -- C:Program FilesMozilla Firefoxextensions [2011/12/03 21:56:09 | 000,000,000 | ---D | M] (No name found) -- C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011/11/14 11:07:27 | 000,000,000 | ---D | M] (Java Console) -- C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} File not found (No name found) -- C:PROGRAM FILESAVGAVG10FIREFOX4 [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:Program Filesmozilla firefoxpluginsnpdeployJava1.dll [2011/08/02 12:37:09 | 000,002,495 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsSearchResults.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:UsersParentAppDataLocalGoogleChromeApplication18.0.1025.162ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:UsersParentAppDataLocalGoogleChromeApplication18.0.1025.162pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:UsersParentAppDataLocalGoogleChromeApplication18.0.1025.162gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:UsersParentAppDataLocalGoogleChromeUser DataPepperFlash11.1.31.203pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:Windowssystem32MacromedFlashNPSWF32.dll CHR - plugin: AVG Internet Security (Enabled) = C:UsersParentAppDataLocalGoogleChromeUser DataDefaultExtensionsjmfkcklnlgedgbglfkkgedjfmejoahla12.0.0.1901_0plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Disabled) = C:Program FilesAdobeReader 9.0ReaderBrowsernppdf32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll CHR - plugin: Google Update (Enabled) = C:Program FilesGoogleUpdate1.3.21.111npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:Program FilesMicrosoft Silverlight4.1.10111.0npctrl.dll CHR - plugin: Windows Liveu00AE Photo Gallery (Enabled) = C:Program FilesWindows LivePhoto GalleryNPWLPG.dll CHR - plugin: Unity Player (Enabled) = C:UsersParentAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll CHR - plugin: SOE Web Installer (Enabled) = C:UsersParentAppDataLocalMicrosoftInternet ExplorerDownloaded Program Filesnpsoe.dll CHR - plugin: Shockwave for Director (Enabled) = C:Windowssystem32AdobeDirectornp32dsw.dll CHR - Extension: YouTube = C:UsersParentAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.5_0 CHR - Extension: Google Search = C:UsersParentAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.19_0 CHR - Extension: AVG Safe Search = C:UsersParentAppDataLocalGoogleChromeUser DataDefaultExtensionsjmfkcklnlgedgbglfkkgedjfmejoahla12.0.0.1901_0 CHR - Extension: Gmail = C:UsersParentAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0 O1 HOSTS File: ([2012/04/16 08:13:05 | 000,000,027 | ---- | M]) - C:WindowsSystem32driversetchosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:Program FilesArcSoftMedia Converter for PhilipsInternet Video DownloaderArcURLRecord.dll (ArcSoft, Inc.) O2 - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:Program FilesAVGAVG2012avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG2012avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll (Safer Networking Limited) O3 - HKCU..ToolbarWebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found. O4 - HKLM..Run: [AVG_TRAY] C:Program FilesAVGAVG2012avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..Run: [TWebCamera] C:Program FilesTOSHIBATOSHIBA Web Camera ApplicationTWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKCU..Run: [spybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe (Safer-Networking Ltd.) O4 - HKLM..RunOnce: [AvgUninstallURL] C:WindowsSystem32cmd.exe (Microsoft Corporation) O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoResolveTrack = 1 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3 O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145 O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoResolveTrack = 1 O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: LogonHoursAction = 2 O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: DontDisplayLogonHoursWarnings = 1 O9 - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:Program FilesAVGAVG2012avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll (Safer Networking Limited) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{A5A4AFF7-2B11-4A1A-8A1A-6955EC5EA2E7}: DhcpNameServer = 192.168.1.1 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{CCDEB7CE-29E7-4010-A7E4-6D67ACC2C324}: DhcpNameServer = 192.168.1.1 O18 - ProtocolHandlerlinkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG2012avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSystem32userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:WindowsSystem32SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:PROGRA~1AVGAVG2012avgrsx.exe /sync /restart) O35 - HKLM..comfile [open] -- "%1" %* O35 - HKLM..exefile [open] -- "%1" %* O35 - HKCU..exefile [open] -- "%1" %* O37 - HKLM...com [@ = ComFile] -- "%1" %* O37 - HKLM...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:WindowsSystem32ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: UxTuneUp - C:WindowsSystem32uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/04/18 17:18:14 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:UsersParentDesktopOTL.exe [2012/04/18 14:31:41 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsAVG [2012/04/18 14:29:54 | 000,000,000 | -H-D | C] -- C:$AVG [2012/04/18 13:24:00 | 000,000,000 | -HSD | C] -- C:$RECYCLE.BIN [2012/04/18 08:32:25 | 000,000,000 | ---D | C] -- C:Windowstemp [2012/04/18 08:19:17 | 000,000,000 | --SD | C] -- C:ComboFix [2012/04/17 09:44:13 | 004,465,601 | R--- | C] (Swearware) -- C:UsersParentDesktopComboFix.exe [2012/04/16 08:55:46 | 000,000,000 | ---D | C] -- C:Program FilesConduit [2012/04/16 08:54:21 | 000,000,000 | ---D | C] -- C:UsersParentAppDataRoaminguTorrent [2012/04/16 07:36:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:WindowsSWSC.exe [2012/04/16 07:36:20 | 000,000,000 | ---D | C] -- C:WindowsERDNT [2012/04/16 07:29:24 | 000,000,000 | ---D | C] -- C:Qoobox [2012/04/15 19:21:27 | 004,731,392 | ---- | C] (AVAST Software) -- C:UsersParentDesktopaswMBR.exe [2012/04/15 17:42:26 | 000,000,000 | ---D | C] -- C:UsersParentAppDataLocal{6644FC2A-8A72-4E81-9B5C-4FEF127CA0B8} [2012/04/14 17:45:30 | 000,607,260 | R--- | C] (Swearware) -- C:UsersParentDesktopdds.scr [2012/04/14 09:39:00 | 000,000,000 | ---D | C] -- C:UsersParentAppDataRoamingSUPERAntiSpyware.com [2012/04/14 09:37:55 | 000,000,000 | ---D | C] -- C:ProgramDataSUPERAntiSpyware.com [2012/04/14 08:47:00 | 000,000,000 | ---D | C] -- C:UsersParentAppDataRoamingMalwarebytes [2012/04/14 08:46:45 | 000,000,000 | ---D | C] -- C:ProgramDataMalwarebytes [2012/04/13 19:14:09 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:Windowsstinger.sys [2012/04/12 08:00:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32mshtml.tlb [2012/04/12 08:00:49 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32jscript9.dll [2012/04/12 08:00:48 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32jsproxy.dll [2012/04/12 08:00:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32url.dll [2012/04/12 08:00:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32ieui.dll [2012/04/12 08:00:46 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32inetcpl.cpl [2012/04/12 07:42:03 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32ntkrnlpa.exe [2012/04/12 07:42:02 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32ntoskrnl.exe [2012/04/03 07:06:41 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:WindowsSystem32FlashPlayerApp.exe [2012/03/28 21:16:48 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32win32k.sys [2012/03/28 21:16:23 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32rdpcorekmts.dll [2012/03/28 21:16:23 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32rdrmemptylst.exe [2012/03/28 21:16:20 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:WindowsSystem32rdpcore.dll [2012/03/28 20:47:04 | 000,000,000 | ---D | C] -- C:UsersParentAppDataLocal{ADE635C2-121D-42E3-A02E-AF4255FB28C8} [2012/03/26 18:24:57 | 000,000,000 | ---D | C] -- C:UsersParentAppDataRoamingDVDVideoSoftIEHelpers [2012/03/26 18:23:58 | 000,000,000 | ---D | C] -- C:UsersParentAppDataRoamingDVDVideoSoft [2012/03/26 18:23:58 | 000,000,000 | ---D | C] -- C:Program FilesCommon FilesDVDVIDEOSOFT [2012/03/25 21:04:21 | 000,000,000 | ---D | C] -- C:UsersParentAppDataLocalCrashDumps [2012/03/24 13:07:59 | 000,000,000 | ---D | C] -- C:ProgramDataReal [2012/03/24 13:07:54 | 000,000,000 | ---D | C] -- C:UsersParentAppDataRoamingReal [2012/03/24 13:05:41 | 000,000,000 | ---D | C] -- C:UsersParentDocumentsFreecorder [2012/03/24 13:05:40 | 000,000,000 | ---D | C] -- C:UsersParentAppDataLocalFLVService [2010/07/16 14:33:26 | 000,047,360 | ---- | C] (VSO Software) -- C:UsersParentAppDataRoamingpcouffin.sys [1 C:Windows*.tmp files -> C:Windows*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/04/18 17:20:00 | 000,000,886 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineUA.job [2012/04/18 17:18:31 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:UsersParentDesktopOTL.exe [2012/04/18 17:18:25 | 000,017,504 | -H-- | M] () -- C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/18 17:18:25 | 000,017,504 | -H-- | M] () -- C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/18 17:11:36 | 000,000,882 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineCore.job [2012/04/18 17:10:57 | 000,067,584 | ---- | M] () -- C:Windowsbootstat.dat [2012/04/18 17:10:51 | 2213,351,424 | -HS- | M] () -- C:hiberfil.sys [2012/04/18 17:08:03 | 000,000,830 | ---- | M] () -- C:WindowstasksAdobe Flash Player Updater.job [2012/04/18 16:35:21 | 000,000,912 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskUserS-1-5-21-1821853211-1988021918-3595884693-1000UA.job [2012/04/18 14:59:25 | 000,697,090 | ---- | M] () -- C:WindowsSystem32perfh009.dat [2012/04/18 14:59:25 | 000,136,272 | ---- | M] () -- C:WindowsSystem32perfc009.dat [2012/04/18 14:53:52 | 000,017,407 | ---- | M] () -- C:UsersParentAppDataLocaldt.dat [2012/04/18 14:39:15 | 060,911,087 | ---- | M] () -- C:WindowsSystem32driversAVGincavi.avm [2012/04/17 12:35:00 | 000,000,860 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskUserS-1-5-21-1821853211-1988021918-3595884693-1000Core.job [2012/04/17 09:44:41 | 004,465,601 | R--- | M] (Swearware) -- C:UsersParentDesktopComboFix.exe [2012/04/16 17:17:25 | 000,338,822 | ---- | M] () -- C:WindowsSystem32driversAVGiavichjg.avm [2012/04/16 08:36:07 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSystem32FlashPlayerApp.exe [2012/04/16 08:36:07 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSystem32FlashPlayerCPLApp.cpl [2012/04/16 08:13:05 | 000,000,027 | ---- | M] () -- C:WindowsSystem32driversetchosts [2012/04/15 19:21:31 | 004,731,392 | ---- | M] (AVAST Software) -- C:UsersParentDesktopaswMBR.exe [2012/04/14 17:45:30 | 000,607,260 | R--- | M] (Swearware) -- C:UsersParentDesktopdds.scr [2012/04/14 09:32:53 | 000,292,170 | ---- | M] () -- C:UsersParentAppDataLocalcensus.cache [2012/04/14 09:32:49 | 000,146,269 | ---- | M] () -- C:UsersParentAppDataLocalars.cache [2012/04/13 19:14:09 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:Windowsstinger.sys [2012/04/13 18:11:05 | 000,000,036 | ---- | M] () -- C:UsersParentAppDataLocalhousecall.guid.cache [2012/04/13 17:40:45 | 000,002,410 | ---- | M] () -- C:UsersParentDesktopGoogle Chrome.lnk [2012/04/09 09:52:31 | 000,185,344 | ---- | M] () -- C:UsersParentDocumentsHAYLEY CD LABEL 3.pub [2012/04/09 09:52:22 | 000,186,880 | ---- | M] () -- C:UsersParentDocumentsHAYLEY CD LABEL 1-2.pub [2012/04/08 11:42:26 | 000,186,880 | ---- | M] () -- C:UsersPublicDocumentsCINDY CD LABEL 1-2.pub [2012/03/28 21:51:47 | 000,518,240 | ---- | M] () -- C:WindowsSystem32FNTCACHE.DAT [1 C:Windows*.tmp files -> C:Windows*.tmp -> ] ========== Files Created - No Company Name ========== [2012/04/18 14:53:52 | 000,017,407 | ---- | C] () -- C:UsersParentAppDataLocaldt.dat [2012/04/13 18:23:32 | 000,292,170 | ---- | C] () -- C:UsersParentAppDataLocalcensus.cache [2012/04/13 18:23:08 | 000,146,269 | ---- | C] () -- C:UsersParentAppDataLocalars.cache [2012/04/13 18:11:05 | 000,000,036 | ---- | C] () -- C:UsersParentAppDataLocalhousecall.guid.cache [2012/04/08 11:45:26 | 000,185,344 | ---- | C] () -- C:UsersParentDocumentsHAYLEY CD LABEL 3.pub [2012/04/08 11:43:50 | 000,186,880 | ---- | C] () -- C:UsersParentDocumentsHAYLEY CD LABEL 1-2.pub [2012/04/03 07:06:46 | 000,000,830 | ---- | C] () -- C:WindowstasksAdobe Flash Player Updater.job [2011/09/07 14:36:21 | 000,000,088 | RHS- | C] () -- C:ProgramData29340860C7.sys [2011/09/07 14:36:19 | 000,002,828 | -HS- | C] () -- C:ProgramDataKGyGaAvL.sys [2011/06/28 19:45:14 | 000,171,008 | ---- | C] () -- C:ProgramDatapublication alexander.pub [2011/05/25 14:44:34 | 000,001,320 | -HS- | C] () -- C:UsersParentAppDataLocal15356tu05oq8gyvi734qjr0nd853831h8hnu8u [2011/05/25 14:44:34 | 000,001,320 | -HS- | C] () -- C:ProgramData15356tu05oq8gyvi734qjr0nd853831h8hnu8u [2011/05/02 08:05:48 | 000,002,560 | ---- | C] () -- C:Windows_MSRSTRT.EXE [2011/03/20 22:29:05 | 000,029,696 | ---- | C] () -- C:UsersParentAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/02/23 21:12:15 | 000,066,048 | ---- | C] () -- C:WindowsSystem32PrintBrmUi.exe [2011/02/22 14:59:07 | 000,129,024 | ---- | C] () -- C:WindowsSystem32AVERM.dll [2011/02/22 14:59:07 | 000,028,672 | ---- | C] () -- C:WindowsSystem32AVEQT.dll [2010/10/21 07:40:40 | 000,000,032 | R--- | C] () -- C:ProgramDatahash.dat [2010/09/07 15:42:54 | 000,451,072 | ---- | C] () -- C:WindowsSystem32ISSRemoveSP.exe [2010/07/19 13:11:20 | 000,110,592 | ---- | C] () -- C:WindowsSystem32FsUsbExDevice.Dll [2010/07/19 13:11:20 | 000,036,608 | ---- | C] () -- C:WindowsSystem32FsUsbExDisk.Sys [2010/07/16 14:33:26 | 000,007,887 | ---- | C] () -- C:UsersParentAppDataRoamingpcouffin.cat [2010/07/16 14:33:26 | 000,001,144 | ---- | C] () -- C:UsersParentAppDataRoamingpcouffin.inf [2010/07/16 13:34:09 | 000,038,418 | ---- | C] () -- C:UsersParentAppDataRoamingComma Separated Values (Windows).ADR [2010/06/16 14:22:56 | 000,219,348 | ---- | C] () -- C:WindowsSystem32atiicdxx.dat [2010/06/15 23:28:54 | 000,002,857 | ---- | C] () -- C:WindowsSystem32atipblag.dat ========== LOP Check ========== [2012/02/02 19:38:31 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingAlawar Entertainment [2011/02/21 12:39:25 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingApowersoft [2012/03/24 13:29:23 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingAudacity [2012/04/18 14:13:56 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingAVG2012 [2010/07/16 21:27:35 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingCanneverbe Limited [2011/07/03 18:18:25 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingDigiarty [2012/03/26 18:27:20 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingDVDVideoSoft [2012/03/26 18:24:58 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingDVDVideoSoftIEHelpers [2011/08/08 13:44:43 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingEPSON [2012/03/19 10:54:18 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingfizzy [2012/02/16 13:40:32 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingFree Audio Editor [2010/12/30 20:43:54 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingGetRightToGo [2010/07/16 11:43:55 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoaminggtk-2.0 [2011/06/18 12:51:52 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingIMSI [2010/07/16 11:12:50 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingIssist [2011/02/24 22:40:42 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingJGoodies [2011/09/25 06:51:34 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingKeynote Systems [2012/03/27 09:39:38 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingMp3 Audio Editor [2010/12/21 16:31:16 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingMusicmatch [2012/03/15 09:49:26 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingMusicNet [2010/01/19 12:37:33 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingOpenOffice.org [2011/09/13 11:35:30 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingOrigin [2010/07/19 13:20:59 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingPC Suite [2011/07/02 09:58:59 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingRedDotGames [2011/05/12 10:35:45 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingSamsung [2011/09/14 10:46:42 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingSerif [2011/10/10 10:35:34 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingSports Interactive [2010/06/07 12:10:10 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingTexthelp Systems [2012/03/19 10:54:03 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingThinstall [2011/06/18 13:53:51 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingToshiba [2010/07/16 12:21:52 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingTuneUp Software [2010/07/19 11:59:29 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingUniblue [2012/04/17 21:31:04 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoaminguTorrent [2012/04/14 07:20:29 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingVso [2010/01/29 15:45:52 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingWinBatch [2011/04/06 07:27:33 | 000,000,000 | ---D | M] -- C:UsersParentAppDataRoamingYoudaGames [2011/08/03 06:50:44 | 000,032,620 | ---- | M] () -- C:WindowsTasksSCHEDLGU(22).TXT [2010/11/07 08:33:31 | 000,032,608 | ---- | M] () -- C:WindowsTasksSCHEDLGU(42).TXT [2012/01/28 07:48:58 | 000,032,620 | ---- | M] () -- C:WindowsTasksSCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%*.exe > < MD5 for: AGP440.SYS > [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:WindowsERDNTcacheAGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:WindowsSystem32driversAGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:WindowsSystem32DriverStoreFileRepositorymachine.inf_x86_neutral_a97a2a0d0fbc6696AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:Windowswinsxsx86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eebAGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:Windowswinsxsx86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:WindowsERDNTcacheatapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:WindowsSystem32driversatapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:WindowsSystem32DriverStoreFileRepositorymshdc.inf_x86_neutral_fab873f3e8a3315catapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:Windowswinsxsx86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640datapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:Windowswinsxsx86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:WindowsERDNTcachecngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:WindowsSystem32cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:Windowswinsxsx86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132bcngaudit.dll < MD5 for: IASTORV.SYS > [2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:WindowsSystem32driversiaStorV.sys [2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:WindowsSystem32DriverStoreFileRepositoryiastorv.inf_x86_neutral_0bcee2057afcc090iaStorV.sys [2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:Windowswinsxsx86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745iaStorV.sys [2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:Windowswinsxsx86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0iaStorV.sys [2011/03/11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:Windowswinsxsx86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119fiaStorV.sys [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:Windowswinsxsx86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000iaStorV.sys [2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:WindowsSystem32DriverStoreFileRepositoryiastorv.inf_x86_neutral_668286aa35d55928iaStorV.sys [2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:Windowswinsxsx86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139aiaStorV.sys [2011/03/11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:Windowswinsxsx86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148biaStorV.sys < MD5 for: MSIMEIMEPAD.DLL > [2011/01/14 07:33:01 | 000,000,020 | ---- | M] () MD5=4941402D282103A3A2932609509029FC -- C:UsersParentAppDataLocalMSMSIMEIMEPAD.DLL < MD5 for: NETLOGON.DLL > [2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:WindowsERDNTcachenetlogon.dll [2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:WindowsSystem32netlogon.dll [2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:Windowswinsxsx86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:Windowswinsxsx86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:WindowsSystem32driversnvstor.sys [2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:WindowsSystem32DriverStoreFileRepositorynvraid.inf_x86_neutral_0276fc3b3ea60d41nvstor.sys [2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:Windowswinsxsx86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11dnvstor.sys [2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:Windowswinsxsx86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88nvstor.sys [2011/03/11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:Windowswinsxsx86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77nvstor.sys [2011/03/11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:Windowswinsxsx86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63nvstor.sys [2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:WindowsSystem32DriverStoreFileRepositorynvraid.inf_x86_neutral_dd659ed032d28a14nvstor.sys [2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:Windowswinsxsx86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72nvstor.sys [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:Windowswinsxsx86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:Windowswinsxsx86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483scecli.dll [2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:WindowsERDNTcachescecli.dll [2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:WindowsSystem32scecli.dll [2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:Windowswinsxsx86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881dscecli.dll < %systemroot%*. /mp /s > < %systemroot%system32*.dll /lockedfiles > < %systemroot%Tasks*.job /lockedfiles > < %systemroot%system32drivers*.sys /lockedfiles > < %systemroot%System32config*.sav > < %systemroot%system32drivers*.sys /90 > [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Windowssystem32driversavgldx86.sys [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Windowssystem32driversavgrkx86.sys [2012/02/22 05:25:52 | 000,299,472 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Windowssystem32driversavgtdix.sys [2012/03/01 06:46:57 | 000,019,824 | ---- | M] (Microsoft Corporation) -- C:Windowssystem32driversfs_rec.sys [2012/02/17 05:14:08 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:Windowssystem32driversrdpwd.sys [2012/02/17 05:13:22 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:Windowssystem32driverstdtcp.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 136 bytes -> C:ProgramDataTEMP:0B4227B4 @Alternate Data Stream - 123 bytes -> C:ProgramDataTEMP:8CE646EE < End of report >
  9. Extras.txt OTL Extras logfile created on: 4/18/2012 5:20:30 PM - Run 1 OTL by OldTimer - Version 3.2.40.0 Folder = C:UsersParentDesktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.75 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 66.33% Memory free 5.50 Gb Paging File | 4.40 Gb Available in Paging File | 79.98% Paging File free Paging file location(s): ?:pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files Drive C: | 148.67 Gb Total Space | 96.20 Gb Free Space | 64.71% Space Free | Partition Type: NTFS Drive G: | 111.79 Gb Total Space | 92.73 Gb Free Space | 82.95% Space Free | Partition Type: NTFS Computer Name: TOSH | User Name: Parent | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINESOFTWAREClasses<extension>] .cpl [@ = cplfile] -- C:WindowsSystem32control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:Windowswinhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%System32control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%winhlp32.exe %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvcVol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows NTSystemRestore] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewall] [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallDomainProfile] [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallStandardProfile] [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsList] [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList] [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{03B2DFF6-584E-44A6-8DFB-EDEB3C64FD31}" = GoGear SA1VBExxA Device Manager "{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 "{069C1AD7-AC72-40E0-A156-7442EA6A48D7}" = AVG 2012 "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack "{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English "{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "{15353551-375C-8E5A-5CAF-A4564C1CC2A5}" = ccc-core-static "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{235BBFC6-D863-4066-A01A-3BD504C31033}" = Nero 7 Ultra Edition "{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US) "{25BB07FA-D9A0-478E-8A4B-38466A4E8BF2}" = Serif PagePlus SE 1.0 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared "{485B9C29-6B47-22AF-022A-F9D65292F3A7}" = CCC Help English "{4893B2BB-5C9B-7E6C-4BAD-BDFBAB33184A}" = Catalyst Control Center Localization All "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{5725E5CA-A91D-C903-99DB-F8C010E0B637}" = Catalyst Control Center InstallProxy "{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services "{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application "{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit June 2009 (Version 3.5.40619.1) "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007 "{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A2A04DAA-094C-27EA-0CDF-E02A778FD761}" = ccc-utility "{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB7D24EC-BB5A-E746-C5D2-526BBE6C36AD}" = Catalyst Control Center Graphics Previews Vista "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1 "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer "{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C5A15C68-0DF3-8A13-352E-E605491D7E3D}" = Catalyst Control Center InstallProxy "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322 "{DBA8B9E1-C6FF-4624-9598-73D3B41A0905}" = Microsoft Digital Image Pro 9 "{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips "{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared "{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects "{FACB7956-B924-B663-E167-3C8900E7D679}" = ATI Catalyst Install Manager "{FB0391C7-BB09-4403-BA3B-A232F9A4B109}" = AVG 2012 "{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US) "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "AVG" = AVG 2012 "ENTERPRISE" = Microsoft Office Enterprise 2007 "EPSON Printer and Utilities" = EPSON Printer Software "EPSON Scanner" = EPSON Scan "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0 "InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft SQL Server 10" = Microsoft SQL Server 2008 "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 "Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU "Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU "Mp3 Audio Editor" = Mp3 Audio Editor "PictureIt_POD_v9" = Microsoft Digital Image Library 9 "PictureIt_v9" = Microsoft Digital Image Pro 9 "STANDARD" = Microsoft Office Standard 2007 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TuneUp Utilities" = TuneUp Utilities "Ultra MKV Converter_is1" = Ultra MKV Converter 4.1.0108 "uTorrent" = µTorrent "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "WinX HD Video Converter Deluxe_is1" = WinX HD Video Converter Deluxe 3.10.2 "ZTE_1.2059.0.8" = ZTE_1.2059.0.8 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionUninstall] "Google Chrome" = Google Chrome "UnityWebPlayer" = Unity Web Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 4/14/2012 2:20:30 AM | Computer Name = TOSH | Source = Application Error | ID = 1000 Description = Faulting application name: ConvertXtoDvd.exe, version: 4.0.9.322, time stamp: 0x4b20372a Faulting module name: ConvertXtoDvd.exe, version: 4.0.9.322, time stamp: 0x4b20372a Exception code: 0xc0000005 Fault offset: 0x00005ae6 Faulting process id: 0x169c Faulting application start time: 0x01cd1a05344859f6 Faulting application path: C:Program FilesVSOConvertX4ConvertXtoDvd.exe Faulting module path: C:Program FilesVSOConvertX4ConvertXtoDvd.exe Report Id: eeba322f-85f9-11e1-aa62-002622fed34b Error - 4/14/2012 12:36:28 PM | Computer Name = TOSH | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:program filesspybot - search & destroyDelZip179.dll".Error in manifest or policy file "c:program filesspybot - search & destroyDelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error - 4/15/2012 12:14:38 PM | Computer Name = TOSH | Source = VSS | ID = 8194 Description = Error - 4/15/2012 12:15:40 PM | Computer Name = TOSH | Source = Microsoft-Windows-RestartManager | ID = 10006 Description = Application or service 'Windows Live Messenger' could not be shut down. Error - 4/15/2012 12:21:50 PM | Computer Name = TOSH | Source = Microsoft-Windows-RestartManager | ID = 10006 Description = Application or service 'Internet Explorer' could not be shut down. Error - 4/15/2012 12:21:50 PM | Computer Name = TOSH | Source = Microsoft-Windows-RestartManager | ID = 10006 Description = Application or service 'Internet Explorer' could not be shut down. Error - 4/16/2012 6:58:01 AM | Computer Name = TOSH | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:program filesspybot - search & destroyDelZip179.dll".Error in manifest or policy file "c:program filesspybot - search & destroyDelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error - 4/17/2012 5:20:55 AM | Computer Name = TOSH | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:program filesspybot - search & destroyDelZip179.dll".Error in manifest or policy file "c:program filesspybot - search & destroyDelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error - 4/17/2012 9:58:01 AM | Computer Name = TOSH | Source = Application Error | ID = 1000 Description = Faulting application name: TuneUpUtilitiesApp32.exe, version: 9.0.6010.7, time stamp: 0x4e16e75e Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00073798 Faulting process id: 0x9c4 Faulting application start time: 0x01cd1ca2124ce6b6 Faulting application path: C:Program FilesTuneUp Utilities 2010TuneUpUtilitiesApp32.exe Faulting module path: unknown Report Id: 57b0f8e4-8895-11e1-951c-002622fed34b Error - 4/17/2012 2:09:24 PM | Computer Name = TOSH | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: d44 Start Time: 01cd1ca47c97fae6 Termination Time: 79 Application Path: C:Program FilesInternet Exploreriexplore.exe Report Id: [ OSession Events ] Error - 12/14/2010 5:52:35 AM | Computer Name = TOSH | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12 seconds with 0 seconds of active time. This session ended with a crash. Error - 3/29/2011 3:14:39 AM | Computer Name = TOSH | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. Error - 3/29/2011 6:49:12 AM | Computer Name = TOSH | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. Error - 6/16/2011 5:21:25 AM | Computer Name = TOSH | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. Error - 11/24/2011 2:25:56 AM | Computer Name = TOSH | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 24 seconds with 0 seconds of active time. This session ended with a crash. Error - 11/28/2011 11:42:04 AM | Computer Name = TOSH | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 88 seconds with 60 seconds of active time. This session ended with a crash. Error - 3/16/2012 8:22:39 AM | Computer Name = TOSH | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 4/17/2012 4:04:45 AM | Computer Name = TOSH | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 4/17/2012 9:57:35 AM | Computer Name = TOSH | Source = Service Control Manager | ID = 7003 Description = The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed. Error - 4/18/2012 3:20:40 AM | Computer Name = TOSH | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 4/18/2012 3:27:01 AM | Computer Name = TOSH | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 4/18/2012 3:33:44 AM | Computer Name = TOSH | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 4/18/2012 8:49:50 AM | Computer Name = TOSH | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 4/18/2012 8:56:32 AM | Computer Name = TOSH | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 4/18/2012 9:00:27 AM | Computer Name = TOSH | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 4/18/2012 9:15:37 AM | Computer Name = TOSH | Source = Service Control Manager | ID = 7024 Description = The AVG WatchDog service terminated with service-specific error %%-536805315. Error - 4/18/2012 9:35:44 AM | Computer Name = TOSH | Source = WMPNetworkSvc | ID = 866300 Description = < End of report >
  10. As you know I'm currently using AVG. In your expert opinion, what do you consider to be the best FREE AV program currently availale?
  11. ComboFix 12-04-16.02 - Parent 18/04/2012 13:50:38.5.1 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.2814.1852 [GMT 1:00] Running from: c:usersParentDesktopComboFix.exe Command switches used :: c:usersParentDesktopCFScript.txt SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 ))))))))))))))))))))))))))))))) . . 2012-04-18 13:00 . 2012-04-18 13:00 -------- d-----w- c:usersDefaultAppDataLocaltemp 2012-04-16 07:55 . 2012-04-17 14:08 -------- d-----w- c:program filesConduit 2012-04-16 07:54 . 2012-04-17 20:31 -------- d-----w- c:usersParentAppDataRoaminguTorrent 2012-04-15 16:15 . 2012-04-15 16:15 89944 ----a-w- c:program filesCommon FilesWindows Live.cachee86e99841cd1b2215DSETUP.dll 2012-04-15 16:15 . 2012-04-15 16:15 537432 ----a-w- c:program filesCommon FilesWindows Live.cachee86e99841cd1b2215DXSETUP.exe 2012-04-15 16:15 . 2012-04-15 16:15 1801048 ----a-w- c:program filesCommon FilesWindows Live.cachee86e99841cd1b2215dsetup32.dll 2012-04-15 16:14 . 2012-04-15 16:14 94040 ----a-w- c:program filesCommon FilesWindows Live.cachee303aed71cd1b2214DSETUP.dll 2012-04-15 16:14 . 2012-04-15 16:14 525656 ----a-w- c:program filesCommon FilesWindows Live.cachee303aed71cd1b2214DXSETUP.exe 2012-04-15 16:14 . 2012-04-15 16:14 1691480 ----a-w- c:program filesCommon FilesWindows Live.cachee303aed71cd1b2214dsetup32.dll 2012-04-14 08:39 . 2012-04-17 14:07 -------- d-----w- c:usersParentAppDataRoamingSUPERAntiSpyware.com 2012-04-14 08:37 . 2012-04-17 14:05 -------- d-----w- c:programdataSUPERAntiSpyware.com 2012-04-14 07:47 . 2012-04-17 14:07 -------- d-----w- c:usersParentAppDataRoamingMalwarebytes 2012-04-14 07:46 . 2012-04-14 07:46 -------- d-----w- c:programdataMalwarebytes 2012-04-13 18:14 . 2012-04-13 18:14 14664 ----a-w- c:windowsstinger.sys 2012-04-12 06:42 . 2012-03-01 05:46 19824 ----a-w- c:windowssystem32driversfs_rec.sys 2012-04-12 06:42 . 2012-03-01 05:37 172544 ----a-w- c:windowssystem32wintrust.dll 2012-04-12 06:42 . 2012-03-01 05:33 159232 ----a-w- c:windowssystem32imagehlp.dll 2012-04-12 06:42 . 2012-03-01 05:29 5120 ----a-w- c:windowssystem32wmi.dll 2012-04-12 06:42 . 2012-03-06 05:59 3968368 ----a-w- c:windowssystem32ntkrnlpa.exe 2012-04-12 06:42 . 2012-03-06 05:59 3913072 ----a-w- c:windowssystem32ntoskrnl.exe 2012-04-03 06:06 . 2012-04-16 07:36 418464 ----a-w- c:windowssystem32FlashPlayerApp.exe 2012-03-28 20:16 . 2012-02-03 03:54 2343424 ----a-w- c:windowssystem32win32k.sys 2012-03-28 20:16 . 2012-01-25 05:32 129536 ----a-w- c:windowssystem32rdpcorekmts.dll 2012-03-28 20:16 . 2012-01-25 05:27 8192 ----a-w- c:windowssystem32rdrmemptylst.exe 2012-03-28 20:16 . 2012-02-17 05:34 826880 ----a-w- c:windowssystem32rdpcore.dll 2012-03-28 20:16 . 2012-02-17 04:14 183808 ----a-w- c:windowssystem32driversrdpwd.sys 2012-03-28 20:16 . 2012-02-17 04:13 24576 ----a-w- c:windowssystem32driverstdtcp.sys 2012-03-26 17:23 . 2012-03-28 20:01 -------- d-----w- c:program filesCommon FilesDVDVIDEOSOFT 2012-03-26 17:23 . 2012-03-26 17:27 -------- d-----w- c:usersParentAppDataRoamingDVDVideoSoft 2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:program filesInternet ExplorerPluginsnppdf32.dll 2012-03-25 20:04 . 2012-03-26 17:34 -------- d-----w- c:usersParentAppDataLocalCrashDumps 2012-03-24 12:05 . 2012-03-26 17:45 -------- d-----w- c:usersParentAppDataLocalFLVService . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-16 07:36 . 2011-05-19 05:14 70304 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl 2012-02-10 05:38 . 2012-03-14 06:20 1077248 ----a-w- c:windowssystem32DWrite.dll 2012-02-07 10:02 . 2012-02-07 10:02 1070352 ----a-w- c:windowssystem32MSCOMCTL.OCX 2012-01-25 05:32 . 2012-03-14 06:19 58880 ----a-w- c:windowssystem32rdpwsx.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "swg"="c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2012-03-24 39408] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "RtHDVCpl"="c:program filesRealtekAudioHDARtHDVCpl.exe" [2009-07-28 7625248] "SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2009-07-20 1545512] "TWebCamera"="c:program filesTOSHIBATOSHIBA Web Camera ApplicationTWebCamera.exe" [2009-08-11 2446648] . [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun] "msnmsgr"="c:program filesWindows LiveMessengermsnmsgr.exe" [2010-04-16 3872080] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] "NoResolveTrack"= 1 (0x1) . [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] "NoResolveTrack"= 1 (0x1) . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalmcmscsvc] @="" . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMCODS] @="" . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe] 2009-07-14 01:14 8704 ----a-w- c:windowsSystem32ctfmon.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregISUSPM Startup] 2004-08-09 05:03 221184 ----a-w- c:progra~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck] 2006-01-12 14:40 155648 ----a-w- c:program filesCommon FilesAheadLibNeroCheck.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregStartCCC] 2010-08-03 20:16 98304 ----a-w- c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg] 2012-03-24 12:52 39408 ----a-w- c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregToshiba Registration] 2009-07-30 11:24 134032 ----a-w- c:program filesTOSHIBARegistrationToshibaReminder.exe . [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-] "zpka6oPoqDdX"=control.exe "c:usersParentAppDataLocalIO2trLCkr3zpka6oPoqDdX.cpl",0,1 "MSIMEIMEPad"=regsvr32 /s /u "c:usersParentAppDataLocalMSMSIMEIMEPad.dll" "ISUSPM Startup"=c:progra~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup "Google Update"="c:usersParentAppDataLocalGoogleUpdateGoogleUpdate.exe" /c . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-] "Adobe Reader Speed Launcher"="c:program filesAdobeReader 9.0ReaderReader_sl.exe" "Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" "ArcSoft Connection Service"=c:program filesCommon FilesArcSoftConnection ServiceBinACDaemon.exe "ISUSScheduler"="c:program filesCommon FilesInstallShieldUpdateServiceissch.exe" -start . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [2010-07-16 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-04-16 253088] R3 FsUsbExDisk;FsUsbExDisk;c:windowssystem32FsUsbExDisk.SYS [2010-07-05 36608] R3 gupdatem;Google Update Service (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [2010-07-16 136176] R3 hwusbfake;Huawei DataCard USB Fake;c:windowssystem32DRIVERSewusbfake.sys [x] R3 massfilter;ZTE Mass Storage Filter Driver;c:windowssystem32driversmassfilter.sys [2010-01-19 9216] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:windowssystem32DriversRtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:windowssystem32DRIVERSRts516xIR.sys [x] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:windowssystem32DRIVERSss_bbus.sys [2010-04-27 98432] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:windowssystem32DRIVERSss_bmdfl.sys [2010-04-27 14848] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:windowssystem32DRIVERSss_bmdm.sys [2010-04-27 123648] R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2010-06-08 1343400] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:program filesMicrosoft SQL Server100SharedSQLADHLP.EXE [2008-07-10 47128] R4 RsFx0103;RsFx0103 Driver;c:windowssystem32DRIVERSRsFx0103.sys [2009-03-30 239336] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:program filesMicrosoft SQL ServerMSSQL10.SQLEXPRESSMSSQLBinnSQLAGENT.EXE [2009-03-30 366936] S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [2009-07-13 48128] S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2010-08-04 176128] S2 SBSDWSCService;SBSD Security Center Service;c:program filesSpybot - Search & DestroySDWinSec.exe [2009-01-26 1153368] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:program filesTuneUp Utilities 2010TuneUpUtilitiesService32.exe [2011-07-08 1052480] S3 amdkmdag;amdkmdag;c:windowssystem32DRIVERSatikmdag.sys [2010-08-04 6096384] S3 amdkmdap;amdkmdap;c:windowssystem32DRIVERSatikmpag.sys [2010-08-04 214016] S3 pcouffin;VSO Software pcouffin;c:windowssystem32Driverspcouffin.sys [2010-07-16 47360] S3 PGEffect;Pangu effect driver;c:windowssystem32DRIVERSpgeffect.sys [2009-06-22 24064] S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt86win7.sys [2009-05-22 167936] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:windowssystem32DRIVERSrtl8192se.sys [2010-05-21 1014304] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:program filesTuneUp Utilities 2010TuneUpUtilitiesDriver32.sys [2009-10-14 10064] . . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc . HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder . 2012-04-18 c:windowsTasksAdobe Flash Player Updater.job - c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-04-03 07:36] . 2012-04-18 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program filesGoogleUpdateGoogleUpdate.exe [2010-07-16 11:51] . 2012-04-18 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program filesGoogleUpdateGoogleUpdate.exe [2010-07-16 11:51] . 2012-04-17 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1821853211-1988021918-3595884693-1000Core.job - c:usersParentAppDataLocalGoogleUpdateGoogleUpdate.exe [2011-12-08 15:56] . 2012-04-18 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1821853211-1988021918-3595884693-1000UA.job - c:usersParentAppDataLocalGoogleUpdateGoogleUpdate.exe [2011-12-08 15:56] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bbc.co.uk/ IE: E&xport to Microsoft Excel - c:progra~1MICROS~4Office12EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file) WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0001AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity] @Denied: (Full) (Everyone) . Completion time: 2012-04-18 14:05:05 ComboFix-quarantined-files.txt 2012-04-18 13:05 ComboFix2.txt 2012-04-16 07:25 ComboFix3.txt 2012-04-16 06:51 . Pre-Run: 104,862,326,784 bytes free Post-Run: 104,288,571,392 bytes free . - - End Of File - - CFF18954CB1BF741A1B0A68612FC21B2
  12. After draging CFScript file into combofix, I get the following message : 'c.bat' is not recognized as an internal or external command, operable program or batch file. C:combofix>
  13. https://www.virustotal.com/file/f01cd9f111ab86101f5115331bc4b2a592ef59df0b958e97889b6aff6bcc2ca4/analysis/1334588671/ link to c:usersParentAppDataLocalMSMSIMEIMEPad.dll https://www.virustotal.com/file/5f53d9cadb445e26d4da62930824009847c492595bb43e3f7a551bb99e066fc7/analysis/1334593747/ link to c:usersParentAppDataLocalMSMSIMEIMEPad.dll.del c:usersParentAppDataLocalIO2trLCkr3zpka6oPoqDdX.cpl file not found
  14. ComboFix 12-04-15.02 - Parent 16/04/2012 8:02.2.1 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.2814.1581 [GMT 1:00] Running from: c:usersParentDesktopComboFix.exe AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:usersParentAppDataRoaminginst.exe c:usersParentAppDataRoamingvso_ts_preview.xml . . ((((((((((((((((((((((((( Files Created from 2012-03-16 to 2012-04-16 ))))))))))))))))))))))))))))))) . . 2012-04-16 07:12 . 2012-04-16 07:13 -------- d-----w- c:usersParentAppDataLocaltemp 2012-04-16 07:12 . 2012-04-16 07:12 -------- d-----w- c:usersDefaultAppDataLocaltemp 2012-04-15 16:15 . 2012-04-15 16:15 89944 ----a-w- c:program filesCommon FilesWindows Live.cachee86e99841cd1b2215DSETUP.dll 2012-04-15 16:15 . 2012-04-15 16:15 537432 ----a-w- c:program filesCommon FilesWindows Live.cachee86e99841cd1b2215DXSETUP.exe 2012-04-15 16:15 . 2012-04-15 16:15 1801048 ----a-w- c:program filesCommon FilesWindows Live.cachee86e99841cd1b2215dsetup32.dll 2012-04-15 16:14 . 2012-04-15 16:14 94040 ----a-w- c:program filesCommon FilesWindows Live.cachee303aed71cd1b2214DSETUP.dll 2012-04-15 16:14 . 2012-04-15 16:14 525656 ----a-w- c:program filesCommon FilesWindows Live.cachee303aed71cd1b2214DXSETUP.exe 2012-04-15 16:14 . 2012-04-15 16:14 1691480 ----a-w- c:program filesCommon FilesWindows Live.cachee303aed71cd1b2214dsetup32.dll 2012-04-14 08:39 . 2012-04-15 17:05 -------- d-----w- c:usersParentAppDataRoamingSUPERAntiSpyware.com 2012-04-14 08:37 . 2012-04-15 17:04 -------- d-----w- c:programdataSUPERAntiSpyware.com 2012-04-14 07:47 . 2012-04-15 17:05 -------- d-----w- c:usersParentAppDataRoamingMalwarebytes 2012-04-14 07:46 . 2012-04-14 07:46 -------- d-----w- c:programdataMalwarebytes 2012-04-13 18:14 . 2012-04-13 18:14 14664 ----a-w- c:windowsstinger.sys 2012-04-12 06:42 . 2012-03-01 05:46 19824 ----a-w- c:windowssystem32driversfs_rec.sys 2012-04-12 06:42 . 2012-03-01 05:37 172544 ----a-w- c:windowssystem32wintrust.dll 2012-04-12 06:42 . 2012-03-01 05:33 159232 ----a-w- c:windowssystem32imagehlp.dll 2012-04-12 06:42 . 2012-03-01 05:29 5120 ----a-w- c:windowssystem32wmi.dll 2012-04-12 06:42 . 2012-03-06 05:59 3968368 ----a-w- c:windowssystem32ntkrnlpa.exe 2012-04-12 06:42 . 2012-03-06 05:59 3913072 ----a-w- c:windowssystem32ntoskrnl.exe 2012-04-03 06:06 . 2012-04-03 06:06 418464 ----a-w- c:windowssystem32FlashPlayerApp.exe 2012-03-28 20:16 . 2012-02-03 03:54 2343424 ----a-w- c:windowssystem32win32k.sys 2012-03-28 20:16 . 2012-01-25 05:32 129536 ----a-w- c:windowssystem32rdpcorekmts.dll 2012-03-28 20:16 . 2012-01-25 05:27 8192 ----a-w- c:windowssystem32rdrmemptylst.exe 2012-03-28 20:16 . 2012-02-17 05:34 826880 ----a-w- c:windowssystem32rdpcore.dll 2012-03-28 20:16 . 2012-02-17 04:14 183808 ----a-w- c:windowssystem32driversrdpwd.sys 2012-03-28 20:16 . 2012-02-17 04:13 24576 ----a-w- c:windowssystem32driverstdtcp.sys 2012-03-26 17:23 . 2012-03-28 20:01 -------- d-----w- c:program filesCommon FilesDVDVIDEOSOFT 2012-03-26 17:23 . 2012-03-26 17:27 -------- d-----w- c:usersParentAppDataRoamingDVDVideoSoft 2012-03-25 20:04 . 2012-03-26 17:34 -------- d-----w- c:usersParentAppDataLocalCrashDumps 2012-03-24 12:05 . 2012-03-26 17:45 -------- d-----w- c:usersParentAppDataLocalFLVService 2012-03-19 09:54 . 2012-03-19 09:54 -------- d-----w- c:usersParentAppDataRoamingfizzy 2012-03-19 09:54 . 2012-03-19 09:54 -------- d-----w- c:usersParentAppDataRoamingThinstall 2012-03-19 09:54 . 2012-03-19 09:54 -------- d-----w- c:usersParentAppDataLocalThinstall . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-03 06:06 . 2011-05-19 05:14 70304 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl 2012-02-10 05:38 . 2012-03-14 06:20 1077248 ----a-w- c:windowssystem32DWrite.dll 2012-02-07 10:02 . 2012-02-07 10:02 1070352 ----a-w- c:windowssystem32MSCOMCTL.OCX 2012-01-25 05:32 . 2012-03-14 06:19 58880 ----a-w- c:windowssystem32rdpwsx.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "swg"="c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2012-03-24 39408] "ISUSPM Startup"="c:progra~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe" [2004-08-09 221184] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "RtHDVCpl"="c:program filesRealtekAudioHDARtHDVCpl.exe" [2009-07-28 7625248] "SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2009-07-20 1545512] "TWebCamera"="c:program filesTOSHIBATOSHIBA Web Camera ApplicationTWebCamera.exe" [2009-08-11 2446648] "AVG_TRAY"="c:program filesAVGAVG2012avgtray.exe" [2012-01-24 2416480] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce] "AvgUninstallURL"="start http://www.avg.com/cn-zt.special-uninstallation-feedback-app?lic=&inst=NzctNzIxMDU3MTcwLVRCOSsyLUZMKzktUUlYMSs0LVgyMDEwKzItRjEwTTEwQysyLVBSRVYxMCsxLUxJQysyMi1TUDErMS1TUDFUQisxLVNVRCsxLVMxSSsxLVNVMysxLUZMMTArMS1ERFQrMzMxODQtTFNEKzItREQxMEYrMS1TMTBGRERGKzItU1QxMEZBUFArMQ&prod=0&ver=10.0.1410" [?] . [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun] "msnmsgr"="c:program filesWindows LiveMessengermsnmsgr.exe" [2010-04-16 3872080] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] "NoResolveTrack"= 1 (0x1) . [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] "NoResolveTrack"= 1 (0x1) . [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager] BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~1AVGAVG2012avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe] 2009-07-14 01:14 8704 ----a-w- c:windowsSystem32ctfmon.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregISUSPM Startup] 2004-08-09 05:03 221184 ----a-w- c:progra~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck] 2006-01-12 14:40 155648 ----a-w- c:program filesCommon FilesAheadLibNeroCheck.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregStartCCC] 2010-08-03 20:16 98304 ----a-w- c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg] 2012-03-24 12:52 39408 ----a-w- c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregToshiba Registration] 2009-07-30 11:24 134032 ----a-w- c:program filesTOSHIBARegistrationToshibaReminder.exe . [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-] "zpka6oPoqDdX"=control.exe "c:usersParentAppDataLocalIO2trLCkr3zpka6oPoqDdX.cpl",0,1 "MSIMEIMEPad"=regsvr32 /s /u "c:usersParentAppDataLocalMSMSIMEIMEPad.dll" "ISUSPM Startup"=c:progra~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup "Google Update"="c:usersParentAppDataLocalGoogleUpdateGoogleUpdate.exe" /c . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-] "Adobe Reader Speed Launcher"="c:program filesAdobeReader 9.0ReaderReader_sl.exe" "Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" "ArcSoft Connection Service"=c:program filesCommon FilesArcSoftConnection ServiceBinACDaemon.exe "ISUSScheduler"="c:program filesCommon FilesInstallShieldUpdateServiceissch.exe" -start . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [2010-07-16 136176] R2 SBSDWSCService;SBSD Security Center Service;c:program filesSpybot - Search & DestroySDWinSec.exe [2009-01-26 1153368] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-04-03 253600] R3 AVGIDSAgent;AVGIDSAgent;c:program filesAVGAVG2012AVGIDSAgent.exe [2011-10-12 4433248] R3 FsUsbExDisk;FsUsbExDisk;c:windowssystem32FsUsbExDisk.SYS [2010-07-05 36608] R3 gupdatem;Google Update Service (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [2010-07-16 136176] R3 hwusbfake;Huawei DataCard USB Fake;c:windowssystem32DRIVERSewusbfake.sys [x] R3 massfilter;ZTE Mass Storage Filter Driver;c:windowssystem32driversmassfilter.sys [2010-01-19 9216] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:windowssystem32DriversRtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:windowssystem32DRIVERSRts516xIR.sys [x] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:windowssystem32DRIVERSss_bbus.sys [2010-04-27 98432] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:windowssystem32DRIVERSss_bmdfl.sys [2010-04-27 14848] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:windowssystem32DRIVERSss_bmdm.sys [2010-04-27 123648] R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2010-06-08 1343400] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:program filesMicrosoft SQL Server100SharedSQLADHLP.EXE [2008-07-10 47128] R4 RsFx0103;RsFx0103 Driver;c:windowssystem32DRIVERSRsFx0103.sys [2009-03-30 239336] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:program filesMicrosoft SQL ServerMSSQL10.SQLEXPRESSMSSQLBinnSQLAGENT.EXE [2009-03-30 366936] S0 AVGIDSEH;AVGIDSEH;c:windowssystem32DRIVERSAVGIDSEH.Sys [2011-07-11 23120] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:windowssystem32DRIVERSavgrkx86.sys [2011-09-13 32592] S1 Avgldx86;AVG AVI Loader Driver;c:windowssystem32DRIVERSavgldx86.sys [2011-10-07 230608] S1 Avgtdix;AVG TDI Driver;c:windowssystem32DRIVERSavgtdix.sys [2011-07-11 295248] S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [2009-07-13 48128] S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2010-08-04 176128] S2 avgwd;AVG WatchDog;c:program filesAVGAVG2012avgwdsvc.exe [2011-08-02 192776] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:program filesTuneUp Utilities 2010TuneUpUtilitiesService32.exe [2011-07-08 1052480] S3 amdkmdag;amdkmdag;c:windowssystem32DRIVERSatikmdag.sys [2010-08-04 6096384] S3 amdkmdap;amdkmdap;c:windowssystem32DRIVERSatikmpag.sys [2010-08-04 214016] S3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32DRIVERSAVGIDSDriver.Sys [2011-07-11 134736] S3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32DRIVERSAVGIDSFilter.Sys [2011-07-11 24272] S3 AVGIDSShim;AVGIDSShim;c:windowssystem32DRIVERSAVGIDSShim.Sys [2011-10-04 16720] S3 pcouffin;VSO Software pcouffin;c:windowssystem32Driverspcouffin.sys [2010-07-16 47360] S3 PGEffect;Pangu effect driver;c:windowssystem32DRIVERSpgeffect.sys [2009-06-22 24064] S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt86win7.sys [2009-05-22 167936] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:windowssystem32DRIVERSrtl8192se.sys [2010-05-21 1014304] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:program filesTuneUp Utilities 2010TuneUpUtilitiesDriver32.sys [2009-10-14 10064] . . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc . HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder . 2012-04-16 c:windowsTasksAdobe Flash Player Updater.job - c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-04-03 06:06] . 2012-04-16 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program filesGoogleUpdateGoogleUpdate.exe [2010-07-16 11:51] . 2012-04-16 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program filesGoogleUpdateGoogleUpdate.exe [2010-07-16 11:51] . 2012-04-15 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1821853211-1988021918-3595884693-1000Core.job - c:usersParentAppDataLocalGoogleUpdateGoogleUpdate.exe [2011-12-08 15:56] . 2012-04-16 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1821853211-1988021918-3595884693-1000UA.job - c:usersParentAppDataLocalGoogleUpdateGoogleUpdate.exe [2011-12-08 15:56] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bbc.co.uk/ IE: E&xport to Microsoft Excel - c:progra~1MICROS~4Office12EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0001AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity] @Denied: (Full) (Everyone) . Completion time: 2012-04-16 08:25:54 ComboFix-quarantined-files.txt 2012-04-16 07:25 ComboFix2.txt 2012-04-16 06:51 . Pre-Run: 101,132,328,960 bytes free Post-Run: 101,049,638,912 bytes free . - - End Of File - - 85451EE97250DA34E9AC6483A28F2A90
  15. The G drive is indeed an external hard drive. ------------------------------------------------------------------ aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-04-15 19:21:48 ----------------------------- 19:21:48.104 OS Version: Windows 6.1.7601 Service Pack 1 19:21:48.104 Number of processors: 1 586 0x301 19:21:48.104 ComputerName: TOSH UserName: 19:21:50.490 Initialize success 19:23:04.452 AVAST engine defs: 12041501 19:24:11.565 Disk 0 (boot) DeviceHarddisk0DR0 -> DeviceIdeIdeDeviceP1T0L0-1 19:24:11.565 Disk 0 Vendor: Hitachi_HTS545016B9A300 PBBOC64G Size: 152627MB BusType: 11 19:24:11.580 Disk 0 MBR read successfully 19:24:11.580 Disk 0 MBR scan 19:24:11.596 Disk 0 Windows 7 default MBR code 19:24:11.611 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 393 MB offset 2048 19:24:11.627 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152233 MB offset 806912 19:24:11.627 Disk 0 scanning sectors +312580096 19:24:11.705 Disk 0 scanning C:Windowssystem32drivers 19:24:26.384 Service scanning 19:25:15.786 Modules scanning 19:25:25.268 Disk 0 trace - called modules: 19:25:25.283 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys 19:25:25.283 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0x86771ac8] 19:25:25.283 3 CLASSPNP.SYS[83fd259e] -> nt!IofCallDriver -> DeviceIdeIdeDeviceP1T0L0-1[0x8676c340] 19:25:26.484 AVAST engine scan C:Windows 19:25:31.175 AVAST engine scan C:Windowssystem32 19:32:18.499 AVAST engine scan C:Windowssystem32drivers 19:32:46.507 AVAST engine scan C:UsersParent 19:43:35.250 File: C:UsersParentAppDataLocalMSMSIMEIMEPad.dll.del **INFECTED** Win32:Sefnit-A [Trj] 19:59:57.157 AVAST engine scan C:ProgramData 20:05:09.700 Scan finished successfully 20:05:55.375 Disk 0 MBR has been saved successfully to "C:UsersParentDesktopMBR.dat" 20:05:55.386 The log file has been saved successfully to "C:UsersParentDesktopaswMBR.txt"
×
×
  • Create New...