Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

program launches on startup


  • This topic is locked This topic is locked
8 replies to this topic

#1 burton5

burton5

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 15 October 2012 - 08:53 AM

There is a program that tries to install everytime I reboot the computer. It is smile/webshots. I looked for a startup entry and removed it, but then it re-appears next time.
tried to let it finish installation, and then remove it after. But then I get the same issue.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by Paquetted at 13:17:26 on 2012-10-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.1162 [GMT -5:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DD20.4.4201210120833\DualDesk.exe
C:\Windows\system32\iprntsrv.exe
C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Sensormatic\NetworkClient\Bin\NtlxSrvMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\DD20.4.4201210120833\DualDesk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\nwtray.exe
C:\Windows\System32\iprntctl.exe
C:\Windows\System32\iprntlgn.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Sensormatic\NetworkClient\Bin\NtlxEventhandler.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Program Files (x86)\DD20.4.4201210120833\DDHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Novell\GroupWise\grpwise.exe
C:\Program Files (x86)\Novell\GroupWise\Notify.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
mWinlogon: Userinit=userinit.exe
BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Intellex Service Manager] %ProgramFiles(x86)%\Sensormatic\NetworkClient\Bin\NtlxSrvMgr.exe
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [WsdtReplacer] C:\Users\Paquetted\AppData\Local\Temp\WebshotSupplantLauncher.exe
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\PAQUET~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DDHelper.lnk - C:\Program Files (x86)\DD20.4.4201210120833\DDHelper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTELL~1.LNK - C:\Program Files (x86)\Sensormatic\NetworkClient\Bin\NtlxEventhandler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 142.13.17.66 142.13.17.43
TCP: Interfaces\{BB53BB21-E29F-4F22-BEBC-5D19E1C73F28} : DhcpNameServer = 142.13.17.66 142.13.17.43
TCP: Interfaces\{FC2F6A12-D1E3-4F0A-97E4-3CE0ABAE4090} : DhcpNameServer = 142.13.17.66 142.13.17.43
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1.0FO\adialhk.dll
LSA: Notification Packages = scecli iPrntWinCredMan
LSA: Authentication Packages = msv1_0 ncv1_0
BHO-X64: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Intellex Service Manager] %ProgramFiles(x86)%\Sensormatic\NetworkClient\Bin\NtlxSrvMgr.exe
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [WsdtReplacer] C:\Users\Paquetted\AppData\Local\Temp\WebshotSupplantLauncher.exe
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1.0FO\adialhk.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Paquetted\AppData\Roaming\Mozilla\Firefox\Profiles\gi5wxj2j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.brandonu.ca/
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\npnipp.dll
FF - plugin: C:\Windows\SysWOW64\npnisp.dll
.
============= SERVICES / DRIVERS ===============
.
R0 NCFilter;Novell UNC Filter - Filter;C:\Windows\system32\DRIVERS\NCFilter.sys --> C:\Windows\system32\DRIVERS\NCFilter.sys [?]
R0 NCRecognizer;Novell UNC Filter - Recognizer;C:\Windows\system32\DRIVERS\NCRecognizer.sys --> C:\Windows\system32\DRIVERS\NCRecognizer.sys [?]
R0 NCUncFilter;Novell UNC Filter - UNC Filter;C:\Windows\system32\DRIVERS\NCUncFilter.sys --> C:\Windows\system32\DRIVERS\NCUncFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AVP;Kaspersky Anti-Virus 6.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe [2010-3-12 311680]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 DD_Service;DD_Service;C:\Program Files (x86)\DD20.4.4201210120833\DualDesk.exe [2010-6-19 282264]
R2 iprntsrv;Novell iPrint Service;C:\Windows\system32\iprntsrv.exe --> C:\Windows\system32\iprntsrv.exe [?]
R2 klnagent;Kaspersky Lab Network Agent;C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe [2011-12-8 124088]
R2 NCFSD;Novell Client File System Redirector;C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [2010-12-3 101464]
R2 NCIOCTL;Novell Xplat IoCtl Driver;C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [2010-12-3 85592]
R2 NtlxSrvMgr;Intellex Service Manager;C:\Program Files (x86)\Sensormatic\NetworkClient\Bin\NtlxSrvMgr.exe [2010-9-8 178176]
R2 XTSvcMgr;Novell XTier Service Manager;C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe [2009-12-27 19544]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\system32\DRIVERS\klfltdev.sys --> C:\Windows\system32\DRIVERS\klfltdev.sys [?]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 AGCoreService;AG Core Services;C:\Program Files (x86)\AGI\core\4.2.0.10755\AGCoreService.exe [2012-10-11 20480]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-28 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 250808]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-28 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-8 114144]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-10-12 15:56:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-12 15:44:51 -------- d-----w- C:\Program Files (x86)\Webshots
2012-10-12 14:43:34 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2012-10-12 14:43:29 96768 ----a-w- C:\Windows\System32\fsutil.exe
2012-10-12 14:43:29 2565632 ----a-w- C:\Windows\System32\esent.dll
2012-10-12 14:43:29 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2012-10-12 14:43:29 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2012-10-12 14:43:28 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2012-10-12 14:43:28 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2012-10-12 14:43:28 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2012-10-12 14:43:28 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2012-10-12 14:43:28 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2012-10-12 14:43:28 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2012-10-12 14:41:55 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2012-10-12 14:40:54 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-10-12 14:14:37 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-10-12 14:14:25 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-10-12 14:14:06 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-10-12 14:14:06 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-10-12 13:33:34 -------- d-----w- C:\Program Files (x86)\DD20.4.4201210120833
2012-10-12 13:33:34 -------- d-----w- C:\DD20.4.4201210120833
2012-10-11 20:57:05 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-10-11 20:57:04 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-10-11 20:57:04 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-10-11 20:56:45 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-10-11 20:56:45 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-10-11 20:56:39 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-11 20:56:39 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-11 20:54:51 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-11 20:54:51 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-11 20:54:51 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-11 20:54:51 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-11 20:54:51 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-11 20:54:51 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-11 20:46:16 -------- d-----w- C:\Windows\SysWow64\Webshots Data
2012-10-11 19:55:02 -------- d-----w- C:\Program Files (x86)\DD20.4.4201210111455
2012-10-11 19:55:02 -------- d-----w- C:\DD20.4.4201210111455
2012-10-10 18:40:06 -------- d-----w- C:\Logs
2012-10-04 14:59:04 -------- d-----w- C:\Program Files (x86)\Norton Security Scan
2012-10-04 14:59:02 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-09-24 13:06:14 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
.
==================== Find3M ====================
.
2012-10-12 14:15:08 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-12 14:15:08 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-24 13:06:08 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-07 22:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 13:17:54.74 ===============

Attached Files


Edited by Noviciate, 15 October 2012 - 02:23 PM.
DDS log added from attachment.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:36 AM

Posted 15 October 2012 - 02:26 PM

Good evening. :)

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

So long, and thanks for all the fish.

 

 


#3 burton5

burton5
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 16 October 2012 - 09:25 AM

OTL logfile created on: 10/16/2012 8:52:31 AM - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Paquetted\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 54.39% Memory free
7.49 Gb Paging File | 6.05 Gb Available in Paging File | 80.67% Paging File free
Paging file location(s): c:\pagefile.sys 4605 4605 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 140.85 Gb Total Space | 91.73 Gb Free Space | 65.12% Space Free | Partition Type: NTFS
Drive E: | 149.01 Gb Total Space | 148.92 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
Drive M: | 40.00 Gb Total Space | 8.88 Gb Free Space | 22.21% Space Free | Partition Type: NcFsd
Drive N: | 1024.43 Gb Total Space | 421.74 Gb Free Space | 41.17% Space Free | Partition Type: NcFsd
Drive S: | 100.00 Gb Total Space | 87.20 Gb Free Space | 87.20% Space Free | Partition Type: NcFsd
Drive T: | 875.12 Gb Total Space | 421.74 Gb Free Space | 48.19% Space Free | Partition Type: NcFsd

Computer Name: DPAQUETTE11W7 | User Name: Paquetted | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/16 08:52:13 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Paquetted\Downloads\OTL.scr
PRC - [2012/09/10 14:14:55 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/29 07:49:10 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\real\realplayer\Update\realsched.exe
PRC - [2011/12/08 12:55:30 | 000,124,088 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe
PRC - [2011/01/11 20:19:20 | 007,633,496 | ---- | M] (Novell, Inc.) -- C:\Program Files (x86)\Novell\GroupWise\grpwise.exe
PRC - [2011/01/08 01:55:30 | 000,212,992 | ---- | M] (Novell, Inc.) -- C:\Program Files (x86)\Novell\GroupWise\notify.exe
PRC - [2010/09/08 20:08:14 | 001,027,072 | ---- | M] (Tyco International Ltd. and its Respective Companies) -- C:\Program Files (x86)\Sensormatic\NetworkClient\Bin\NtlxEventhandler.exe
PRC - [2010/09/08 20:07:44 | 000,178,176 | ---- | M] () -- C:\Program Files (x86)\Sensormatic\NetworkClient\Bin\NtlxSrvMgr.exe
PRC - [2010/03/12 19:29:22 | 000,311,680 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
PRC - [2009/06/24 20:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/10 14:14:55 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010/12/03 15:34:24 | 000,916,056 | ---- | M] () -- C:\Windows\SysWOW64\ncnetprovider.dll
MOD - [2010/12/03 15:34:24 | 000,240,216 | ---- | M] () -- C:\Windows\SysWOW64\nwshlxnt.dll
MOD - [2010/12/03 15:34:24 | 000,166,488 | ---- | M] () -- C:\Windows\SysWOW64\mapbase.dll
MOD - [2010/12/03 15:34:24 | 000,113,240 | ---- | M] () -- C:\Windows\SysWOW64\nclangid.dll
MOD - [2010/12/03 14:45:26 | 000,495,616 | ---- | M] () -- C:\Windows\SysWOW64\nls\english\ncnetproviderr.dll
MOD - [2010/12/03 14:44:06 | 000,110,592 | ---- | M] () -- C:\Windows\SysWOW64\nls\english\nwshlxntr.dll
MOD - [2010/12/03 14:43:20 | 000,094,208 | ---- | M] () -- C:\Windows\SysWOW64\nls\english\mapbaser.dll
MOD - [2010/12/03 14:39:48 | 000,016,384 | ---- | M] () -- C:\Windows\SysWOW64\nls\english\nclangidr.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/11/04 17:14:40 | 000,055,296 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Windows\SysNative\iprntsrv.exe -- (iprntsrv)
SRV:64bit: - [2010/12/13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/12/03 15:34:24 | 000,019,544 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe -- (XTSvcMgr)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/12 09:15:08 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/10 14:14:55 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/06 20:36:18 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Stopped] -- C:\Program Files (x86)\AGI\core\4.2.0.10755\AGCoreService.exe -- (AGCoreService)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/08 12:55:30 | 000,124,088 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe -- (klnagent)
SRV - [2010/09/08 20:07:44 | 000,178,176 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Sensormatic\NetworkClient\Bin\NtlxSrvMgr.exe -- (NtlxSrvMgr)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/12 19:29:22 | 000,311,680 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe -- (AVP)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/29 10:06:22 | 000,268,376 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/03/29 10:06:22 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/12/03 15:34:24 | 000,128,088 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nds4.sys -- (nds4)
DRV:64bit: - [2010/12/03 15:34:24 | 000,119,384 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\ncrecognizer.sys -- (NCRecognizer)
DRV:64bit: - [2010/12/03 15:34:24 | 000,113,240 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\ncfilter.sys -- (NCFilter)
DRV:64bit: - [2010/12/03 15:34:24 | 000,101,464 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys -- (NCFSD)
DRV:64bit: - [2010/12/03 15:34:24 | 000,089,176 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\ncpfsp.sys -- (ncpfsp)
DRV:64bit: - [2010/12/03 15:34:24 | 000,085,592 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys -- (NCIOCTL)
DRV:64bit: - [2010/12/03 15:34:24 | 000,083,032 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys -- (ndmndap)
DRV:64bit: - [2010/12/03 15:34:24 | 000,078,424 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys -- (nciom)
DRV:64bit: - [2010/12/03 15:34:24 | 000,077,912 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys -- (ncp)
DRV:64bit: - [2010/12/03 15:34:24 | 000,058,456 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys -- (xtxplat)
DRV:64bit: - [2010/12/03 15:34:24 | 000,052,824 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys -- (nipctl)
DRV:64bit: - [2010/12/03 15:34:24 | 000,049,240 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys -- (ncpl)
DRV:64bit: - [2010/12/03 15:34:24 | 000,039,000 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\niam.sys -- (niam)
DRV:64bit: - [2010/12/03 15:34:24 | 000,035,928 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys -- (nsvccost)
DRV:64bit: - [2010/12/03 15:34:24 | 000,034,392 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nccache.sys -- (nccache)
DRV:64bit: - [2010/12/03 15:34:24 | 000,033,880 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys -- (nscm)
DRV:64bit: - [2010/12/03 15:34:24 | 000,031,320 | ---- | M] (Novell, Inc.) [Kernel | System | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys -- (NICM)
DRV:64bit: - [2010/12/03 15:34:24 | 000,026,200 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\ncuncfilter.sys -- (NCUncFilter)
DRV:64bit: - [2010/12/03 15:34:24 | 000,024,664 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys -- (nsns)
DRV:64bit: - [2010/12/03 15:34:24 | 000,019,544 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys -- (ndm)
DRV:64bit: - [2010/11/20 08:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 08:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 06:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/11/11 14:30:52 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2009/09/03 15:24:28 | 000,030,736 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klfltdev.sys -- (KLFLTDEV)
DRV:64bit: - [2009/08/21 13:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/08/06 04:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/11/14 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0BC6E3FA-78EF-4886-842C-5A1258C4455A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag.com/?appid=wsdt&component=&c=GNWDO59900&sbs=2&sc=2&f=web&vernum=3.1.5.7620&uid=0&did=%7b6cb6001f-315c-4454-8e9a-007e5b2724da%7d&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 F3 B5 82 A3 1C CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0BC6E3FA-78EF-4886-842C-5A1258C4455A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag.com/?appid=wsdt&component=&c=GNWDO59900&sbs=2&sc=2&f=web&vernum=3.1.5.7620&uid=0&did=%7b6cb6001f-315c-4454-8e9a-007e5b2724da%7d&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@novell.com/iPrint: C:\Windows\SysWOW64 [2012/10/12 10:41:58 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/11 15:44:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/11 15:44:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/10 14:14:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/11 15:44:02 | 000,000,000 | ---D | M]

[2012/09/24 08:06:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/11 15:41:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/09/24 08:06:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/10 14:14:56 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/05/29 07:49:13 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/09/10 08:08:58 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/10 08:08:58 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - Extension: RealPlayer HTML5Video Downloader Extension = \Users\Paquetted\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = \Users\Paquetted\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [iPrint Event Monitor] C:\Windows\SysNative\iprntlgn.exe (Novell, Inc.)
O4:64bit: - HKLM..\Run: [iPrint Tray] C:\Windows\SysNative\iprntctl.exe (Novell, Inc.)
O4:64bit: - HKLM..\Run: [NWTRAY] C:\Windows\SysNative\nwtray.exe ()
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Intellex Service Manager] C:\Program Files (x86)\Sensormatic\NetworkClient\Bin\NtlxSrvMgr.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WsdtReplacer] C:\Users\Paquetted\AppData\Local\Temp\WebshotSupplantLauncher.exe (thinksys)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun_KL_notset = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\x64\scieplgn.dll (Kaspersky Lab)
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll (Kaspersky Lab)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 142.13.17.66 142.13.17.43
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB53BB21-E29F-4F22-BEBC-5D19E1C73F28}: DhcpNameServer = 142.13.17.66 142.13.17.43
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC2F6A12-D1E3-4F0A-97E4-3CE0ABAE4090}: DhcpNameServer = 142.13.17.66 142.13.17.43
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1.0FO\x64\adialhk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\x64\adialhk.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1.0FO\adialhk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\adialhk.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (ncv1_0) - C:\Windows\SysNative\ncv1_0.dll ()
O30 - LSA: Authentication Packages - (ncv1_0) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a0effc84-9056-11e0-bc15-b8ac6fb8eaa7}\Shell - "" = AutoRun
O33 - MountPoints2\{a0effc84-9056-11e0-bc15-b8ac6fb8eaa7}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/12 10:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/12 10:56:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/12 10:44:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webshots
[2012/10/11 15:46:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Webshots Data
[2012/10/11 14:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DD20.4.4201210111455
[2012/10/11 14:55:02 | 000,000,000 | ---D | C] -- C:\DD20.4.4201210111455
[2012/10/11 14:55:02 | 000,000,000 | ---D | C] -- \DD20.4.4201210111455
[2012/10/10 13:40:06 | 000,000,000 | ---D | C] -- C:\Logs
[2012/10/10 13:40:06 | 000,000,000 | ---D | C] -- \Logs
[2012/10/04 09:59:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2012/10/04 09:59:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012/09/24 08:06:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/16 08:41:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/16 08:41:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/16 08:24:57 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/16 08:24:57 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/16 08:22:21 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/16 08:22:21 | 000,625,774 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/16 08:22:21 | 000,107,140 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/16 08:20:14 | 000,000,106 | ---- | M] () -- C:\Windows\WPCMAPI.INI
[2012/10/16 08:18:04 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Paquetted.job
[2012/10/16 08:17:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/16 08:17:31 | 2414,977,024 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/15 15:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/15 11:04:01 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Paquetted.job
[2012/10/12 13:41:49 | 000,002,378 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/10/12 10:56:33 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/12 10:54:17 | 000,001,441 | ---- | M] () -- C:\Users\Paquetted\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/12 10:44:49 | 000,443,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/12 09:56:30 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/10/12 09:56:28 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/10/12 08:02:01 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Paquetted.job
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/12 10:56:33 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/12 09:56:30 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/10/12 09:56:28 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/09/26 10:59:01 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Paquetted.job
[2012/09/26 10:59:01 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Paquetted.job
[2012/09/26 10:59:00 | 000,000,382 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Paquetted.job
[2012/04/17 14:54:09 | 000,000,436 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/30 09:21:26 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\vcmimm4.dll
[2012/03/30 09:21:26 | 001,572,864 | ---- | C] () -- C:\Windows\SysWow64\vcmimm5.dll
[2012/03/30 09:21:26 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe
[2012/03/30 09:21:26 | 000,000,839 | ---- | C] () -- C:\Windows\unins000.dat
[2011/05/31 09:30:03 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/27 15:30:25 | 000,000,980 | ---- | C] () -- \Webshots.lnk
[2011/05/27 14:58:15 | 000,001,065 | ---- | C] () -- \OpenOffice.org 3.3.lnk
[2011/05/27 14:53:49 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/01/07 22:13:06 | 000,155,700 | ---- | C] () -- C:\Windows\SysWow64\ODMA32.DLL
[2010/12/03 15:34:24 | 000,916,056 | ---- | C] () -- C:\Windows\SysWow64\ncnetprovider.dll
[2010/12/03 15:34:24 | 000,662,104 | ---- | C] () -- C:\Windows\SysWow64\ncloginui.dll
[2010/12/03 15:34:24 | 000,404,056 | ---- | C] () -- C:\Windows\SysWow64\noveap.dll
[2010/12/03 15:34:24 | 000,240,216 | ---- | C] () -- C:\Windows\SysWow64\nwshlxnt.dll
[2010/12/03 15:34:24 | 000,191,064 | ---- | C] () -- C:\Windows\SysWow64\lgnwnt32.dll
[2010/12/03 15:34:24 | 000,166,488 | ---- | C] () -- C:\Windows\SysWow64\mapbase.dll
[2010/12/03 15:34:24 | 000,113,240 | ---- | C] () -- C:\Windows\SysWow64\nclangid.dll
[2010/12/03 15:34:24 | 000,026,200 | ---- | C] () -- C:\Windows\SysWow64\loginw32.exe
[2010/07/12 15:45:57 | 2414,977,024 | -HS- | C] () -- \hiberfil.sys
[2007/11/07 08:53:12 | 000,242,176 | ---- | C] () -- \VC_RED.MSI
[2007/11/07 08:50:40 | 001,927,956 | ---- | C] () -- \VC_RED.cab
[2007/11/07 08:44:20 | 000,855,040 | ---- | C] () -- \install.exe
[2007/11/07 08:44:20 | 000,096,272 | ---- | C] () -- \install.res.1036.dll
[2007/11/07 08:44:20 | 000,095,248 | ---- | C] () -- \install.res.3082.dll
[2007/11/07 08:44:20 | 000,095,248 | ---- | C] () -- \install.res.1031.dll
[2007/11/07 08:44:20 | 000,094,224 | ---- | C] () -- \install.res.1040.dll
[2007/11/07 08:44:20 | 000,090,128 | ---- | C] () -- \install.res.1033.dll
[2007/11/07 08:44:20 | 000,080,400 | ---- | C] () -- \install.res.1041.dll
[2007/11/07 08:44:20 | 000,078,864 | ---- | C] () -- \install.res.1042.dll
[2007/11/07 08:44:20 | 000,075,280 | ---- | C] () -- \install.res.1028.dll
[2007/11/07 08:44:20 | 000,074,768 | ---- | C] () -- \install.res.2052.dll
[2007/11/07 08:00:40 | 000,005,686 | ---- | C] () -- \vcredist.bmp
[2007/11/07 08:00:40 | 000,001,110 | ---- | C] () -- \globdata.ini
[2007/11/07 08:00:40 | 000,000,843 | ---- | C] () -- \install.ini
[2006/12/01 23:37:14 | 000,904,704 | ---- | C] () -- \msdia80.dll

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========


========== Purity Check ==========



< End of report >

Edited by burton5, 16 October 2012 - 09:28 AM.


#4 burton5

burton5
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 16 October 2012 - 09:29 AM

OTL Extras logfile created on: 10/16/2012 8:52:32 AM - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Paquetted\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 54.39% Memory free
7.49 Gb Paging File | 6.05 Gb Available in Paging File | 80.67% Paging File free
Paging file location(s): c:\pagefile.sys 4605 4605 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 140.85 Gb Total Space | 91.73 Gb Free Space | 65.12% Space Free | Partition Type: NTFS
Drive E: | 149.01 Gb Total Space | 148.92 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
Drive M: | 40.00 Gb Total Space | 8.88 Gb Free Space | 22.21% Space Free | Partition Type: NcFsd
Drive N: | 1024.43 Gb Total Space | 421.74 Gb Free Space | 41.17% Space Free | Partition Type: NcFsd
Drive S: | 100.00 Gb Total Space | 87.20 Gb Free Space | 87.20% Space Free | Partition Type: NcFsd
Drive T: | 875.12 Gb Total Space | 421.74 Gb Free Space | 48.19% Space Free | Partition Type: NcFsd

Computer Name: DPAQUETTE11W7 | User Name: Paquetted | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2666CB74-023A-4968-89CE-90C1AA4D85CD}" = lport=15001 | protocol=17 | dir=in | name=kaspersky administration kit |
"{4FB1156C-7B56-4B91-958D-F7A8C88BA2C8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6D75FBED-6CD7-4930-8736-3F18CA1DB248}" = lport=15001 | protocol=17 | dir=in | name=kaspersky administration kit |
"{6FB08DC1-DC48-4FC7-837A-4D7342AE3987}" = lport=15001 | protocol=17 | dir=in | name=kaspersky administration kit |
"{806687D4-7060-4FFF-B44B-BA014943C733}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A4EE6482-25D1-4B06-8138-DCC0B7315583}" = lport=15000 | protocol=17 | dir=in | name=kaspersky administration kit |
"{DFBC82A3-31FB-4C56-8D7C-EEA295BE7C85}" = lport=15000 | protocol=17 | dir=in | name=kaspersky administration kit |
"{EA227B2C-576A-4B42-9FC4-9FA1BF77E380}" = lport=15000 | protocol=17 | dir=in | name=kaspersky administration kit |
"{F39C3572-6B90-434F-97F0-CD1F6EBCB3C5}" = lport=3389 | protocol=6 | dir=in | app=system |
"{FEDE86E4-541D-486E-9B08-57E56224B57B}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{074CAFE2-35EE-4D15-9C9F-D6196FB66C9A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{18AA5B8F-9B71-49B2-82D3-D6D3FF0F98BA}" = protocol=17 | dir=in | app=c:\program files (x86)\novell\groupwise\notify.exe |
"{21E3ACD2-4988-4AA5-BFD6-C20F0A5B92B7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{2618BA08-2873-43ED-B0B6-DDA2E156C722}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{2C909432-6438-4FCA-A2D5-3FB6E09EBF76}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{3783282F-079D-47F9-A3E2-3EEB352E9B93}" = protocol=17 | dir=in | app=c:\program files (x86)\novell\groupwise\grpwise.exe |
"{4799AC7F-81B6-4C31-9A88-680735B059D3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{47E3845D-DF92-4256-A66D-46B0892F6C9E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{50EC8387-FE63-4FA4-947C-26E61013B33E}" = protocol=6 | dir=in | app=c:\program files (x86)\novell\groupwise\grpwise.exe |
"{68B0D470-650C-4C34-8570-5F1D4EB4BBB5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{713697F5-57E8-4856-B60C-BAC5381B9F52}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{8FA36865-54A7-4517-9EC5-934248F5B446}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{997A0334-B99C-4ED8-AA76-633CE9FC6328}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A612B151-9C7C-429D-AE5C-F9C9B256525C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{B2AF0BB6-530B-457D-9949-9E74D4D54DBD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B5729862-4A7B-4949-BBA8-683852E9E722}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{BA6EC7D2-DB4D-4EC3-AEDF-DAEDFC5CE39E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{D597438F-CB04-405F-BA0F-4F29D5CA3A2D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{DD73C7D5-B707-47FD-892E-AB020245AA22}" = protocol=6 | dir=in | app=c:\program files (x86)\novell\groupwise\notify.exe |
"{EFCEA49E-8BA7-479A-9A04-32ABC342C63C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"TCP Query User{EC9549BC-5875-49FA-9B3D-6411D39CCFB0}C:\program files (x86)\sensormatic\networkclient\bin\networkclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sensormatic\networkclient\bin\networkclient.exe |
"UDP Query User{831710F1-FADB-4BCC-B26E-8C0D77762914}C:\program files (x86)\sensormatic\networkclient\bin\networkclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sensormatic\networkclient\bin\networkclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{22859902-78CE-40B0-9429-6FE7A00BBF85}" = NMAS Client
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{54031C8D-F80D-47BB-B3CA-5E9BD7750C27}" = NMAS Challenge Response Method
"{559D2B32-5066-4762-A2F2-52831AC6F67B}" = NICI (64 bit)
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
"{975DFE7C-8E56-45BC-A329-401E6B1F8102}" = Dell Backup and Recovery Manager
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}" = Broadcom Gigabit NetLink Controller
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Novell Client for Windows" = Novell Client for Windows
"Novell iPrint Client" = Novell iPrint Client v05.74.00
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java™ 6 Update 35
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81FADFBE-3B56-47FC-A122-3C69D1708089}" = GroupWise
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F023021-A7EB-45D3-9269-D65264C81729}" = Kaspersky Anti-Virus 6.0 for Windows Workstations
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A8972110-B12F-4C64-980F-B4683AFD6CDD}" = NetworkClient
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BCF4CF24-88AB-45E1-A6E6-40C8278A70C5}" = Kaspersky Security Center Network Agent
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D60F533D-0CBF-475F-8300-8B13799775D0}" = Foxit Reader
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED23E382-E5E3-4E21-B616-01FC59A40916}" = OpenOffice.org 3.3
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.7.6-1)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"C1RPTING" = Reporting Snapin
"CONSOLE1" = ConsoleOne 1.3.6h
"FileZilla Client" = FileZilla Client 3.3.2
"Google Chrome" = Google Chrome
"IMM4 Codec_is1" = IMM4 VCM Codec 4.0.0.2
"InstallWIX_{BCF4CF24-88AB-45E1-A6E6-40C8278A70C5}" = Kaspersky Security Center Network Agent
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 15.0" = RealPlayer
"WinLiveSuite" = Windows Live Essentials
"WMS" = Windows NT Messaging
"Write-N-Cite" = Write-N-Cite

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/11/2012 4:36:17 PM | Computer Name = DPaquette11w7 | Source = NtlxSrvMgr | ID = 2
Description = The service process could not connect to the service controller.

Error - 10/11/2012 4:46:09 PM | Computer Name = DPaquette11w7 | Source = NtlxSrvMgr | ID = 2
Description = The service process could not connect to the service controller.

Error - 10/12/2012 8:58:55 AM | Computer Name = DPaquette11w7 | Source = NtlxSrvMgr | ID = 2
Description = The service process could not connect to the service controller.

Error - 10/12/2012 9:38:21 AM | Computer Name = DPaquette11w7 | Source = Application Error | ID = 1000
Description = Faulting application name: DualDesk.exe, version: 20.4.4.0, time stamp:
0x4c1c5a89 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000001 Faulting process id: 0xb38 Faulting application
start time: 0x01cda87e352a4c04 Faulting application path: C:\Program Files (x86)\DD20.4.4201210120833\DualDesk.exe
Faulting
module path: unknown Report Id: 161ec6da-1472-11e2-85e3-b8ac6fb8eaa7

Error - 10/12/2012 9:58:04 AM | Computer Name = DPaquette11w7 | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "C:\Program Files (x86)\Webshots\3.1.5.7620\wsaxupdater.exe".Error
in manifest or policy file "C:\Program Files (x86)\Webshots\3.1.5.7620\wsaxupdater.exe"
on line 9. The element description appears as a child of element urn:schemas-microsoft-com:asm.v1^description
which is not supported by this version of Windows.

Error - 10/12/2012 11:07:11 AM | Computer Name = DPaquette11w7 | Source = MsiInstaller | ID = 11935
Description =

Error - 10/12/2012 11:54:19 AM | Computer Name = DPaquette11w7 | Source = NtlxSrvMgr | ID = 2
Description = The service process could not connect to the service controller.

Error - 10/15/2012 8:48:16 AM | Computer Name = DPaquette11w7 | Source = NtlxSrvMgr | ID = 2
Description = The service process could not connect to the service controller.

Error - 10/15/2012 9:57:49 AM | Computer Name = DPaquette11w7 | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 10/16/2012 9:18:21 AM | Computer Name = DPaquette11w7 | Source = NtlxSrvMgr | ID = 2
Description = The service process could not connect to the service controller.

[ Kaspersky Event Log Events ]
Error - 3/29/2012 9:01:40 AM | Computer Name = DPaquette11w7 | Source = klnagent | ID = 1
Description = Processing automatic keys failed Product ='KAVWKS6' Version ='6.0.4.0'
#1195
Resource is unavailable

Error - 3/29/2012 9:02:38 AM | Computer Name = DPaquette11w7 | Source = klnagent | ID = 1
Description = Tasks replication failed Product ='KAVWKS6' Version ='6.0.4.0' #1195
Resource is unavailable

Error - 3/29/2012 9:02:38 AM | Computer Name = DPaquette11w7 | Source = klnagent | ID = 1
Description = Group tasks replication failed Product ='KAVWKS6' Version ='6.0.4.0'
#1195
Resource is unavailable

Error - 3/29/2012 9:02:38 AM | Computer Name = DPaquette11w7 | Source = klnagent | ID = 1
Description = Application properties replication failed Product ='KAVWKS6' Version
='6.0.4.0' #1195 Resource is unavailable

Error - 3/29/2012 9:02:38 AM | Computer Name = DPaquette11w7 | Source = klnagent | ID = 1
Description = Processing automatic keys failed Product ='KAVWKS6' Version ='6.0.4.0'
#1195
Resource is unavailable

Error - 3/29/2012 9:02:38 AM | Computer Name = DPaquette11w7 | Source = klnagent | ID = 1
Description = RtpState replication failed Product ='KAVWKS6' Version ='6.0.4.0' #1195
Resource is unavailable

Error - 3/29/2012 9:03:01 AM | Computer Name = DPaquette11w7 | Source = klnagent | ID = 1
Description = Processing automatic keys failed Product ='KAVWKS6' Version ='6.0.4.0'
#1195
Resource is unavailable

[ System Events ]
Error - 3/19/2012 4:58:33 PM | Computer Name = DPaquette11w7 | Source = Service Control Manager | ID = 7016
Description = The NVIDIA Display Driver Service service has reported an invalid
current state 32.

Error - 3/20/2012 4:39:01 PM | Computer Name = DPaquette11w7 | Source = Service Control Manager | ID = 7016
Description = The NVIDIA Display Driver Service service has reported an invalid
current state 32.

Error - 3/21/2012 4:56:44 PM | Computer Name = DPaquette11w7 | Source = Service Control Manager | ID = 7016
Description = The NVIDIA Display Driver Service service has reported an invalid
current state 32.

Error - 3/22/2012 2:46:58 PM | Computer Name = DPaquette11w7 | Source = Service Control Manager | ID = 7016
Description = The NVIDIA Display Driver Service service has reported an invalid
current state 32.

Error - 3/23/2012 9:05:12 AM | Computer Name = DPaquette11w7 | Source = Microsoft Antimalware | ID = 3002
Description =

Error - 3/23/2012 2:52:38 PM | Computer Name = DPaquette11w7 | Source = Service Control Manager | ID = 7016
Description = The NVIDIA Display Driver Service service has reported an invalid
current state 32.

Error - 3/26/2012 4:48:51 PM | Computer Name = DPaquette11w7 | Source = Service Control Manager | ID = 7016
Description = The NVIDIA Display Driver Service service has reported an invalid
current state 32.

Error - 3/28/2012 4:57:15 PM | Computer Name = DPaquette11w7 | Source = Service Control Manager | ID = 7016
Description = The NVIDIA Display Driver Service service has reported an invalid
current state 32.

Error - 3/29/2012 8:57:56 AM | Computer Name = DPaquette11w7 | Source = Microsoft Antimalware | ID = 3002
Description =

Error - 3/29/2012 9:03:03 AM | Computer Name = DPaquette11w7 | Source = Service Control Manager | ID = 7016
Description = The NVIDIA Display Driver Service service has reported an invalid
current state 32.


< End of report >

#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:36 AM

Posted 16 October 2012 - 02:16 PM

Good evening. :)

Take a trip to this webpage for download links and instructions for running Combofix by sUBs.*

  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply.
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

So long, and thanks for all the fish.

 

 


#6 burton5

burton5
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 17 October 2012 - 01:56 PM

hi,
Took a few tries as there were some pev.exe errors the first time and then the program didn't finish. It worked in safe mode though.


ComboFix 12-10-17.03 - Paquetted 10/17/2012 13:13:23.3.2 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.2155 [GMT -5:00]
Running from: c:\users\Paquetted\Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-- Previous Run --
.
c:\windows\SysWow64\drivers\ntfs.sys . . . is infected!!
.
--------
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-17 to 2012-10-17 )))))))))))))))))))))))))))))))
.
.
2012-10-17 18:18 . 2012-10-17 18:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-17 18:18 . 2012-10-17 18:18 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-10-12 15:56 . 2012-10-12 15:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-12 15:44 . 2012-10-12 15:44 -------- d-----w- c:\program files (x86)\Webshots
2012-10-12 14:43 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-10-12 14:43 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2012-10-12 14:43 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2012-10-12 14:43 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2012-10-12 14:43 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2012-10-12 14:43 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-10-12 14:43 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-10-12 14:43 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-10-12 14:43 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-10-12 14:43 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-10-12 14:43 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2012-10-12 14:43 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2012-10-12 14:41 . 2011-05-04 05:25 2315776 ----a-w- c:\windows\system32\tquery.dll
2012-10-12 14:40 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-10-12 14:14 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-10-12 14:14 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-10-12 14:14 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-10-12 14:14 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-10-12 14:14 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-10-12 14:14 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-10-12 14:14 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-10-12 14:14 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-10-12 14:14 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-10-11 20:57 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-11 20:57 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-11 20:57 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-11 20:56 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-11 20:56 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-11 20:56 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-11 20:56 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-11 20:54 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-11 20:54 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-11 20:54 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-11 20:54 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-11 20:54 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-11 20:54 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-11 20:46 . 2012-10-11 20:46 -------- d-----w- c:\windows\SysWow64\Webshots Data
2012-10-11 19:55 . 2012-10-11 20:44 -------- d-----w- c:\program files (x86)\DD20.4.4201210111455
2012-10-11 19:55 . 2012-10-11 19:55 -------- d-----w- C:\DD20.4.4201210111455
2012-10-10 18:40 . 2012-10-10 18:40 -------- d-----w- C:\Logs
2012-10-04 14:59 . 2012-10-11 20:44 -------- d-----w- c:\program files (x86)\Norton Security Scan
2012-10-04 14:59 . 2012-10-04 14:59 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-09-24 13:06 . 2012-09-24 13:06 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-24 13:06 . 2012-09-24 13:06 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-12 14:15 . 2012-04-05 12:52 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-12 14:15 . 2011-05-27 19:55 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-28 05:18 . 2010-07-12 20:05 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-24 13:06 . 2010-07-12 20:47 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-07 22:04 . 2010-07-13 16:02 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-22 18:12 . 2012-09-12 17:00 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 17:00 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 17:00 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-12 14:42 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2010-11-05 297808]
.
[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" [2010-03-13 311680]
"TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2012-05-29 296056]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intellex Event Handler.lnk - c:\program files (x86)\Sensormatic\NetworkClient\Bin\NtlxEventhandler.exe [2010-9-8 1027072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1.0FO\adialhk.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer8"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli iPrntWinCredMan
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-28 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-12 250808]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-28 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-10 114144]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-12 1255736]
S0 NCFilter;Novell UNC Filter - Filter;c:\windows\system32\DRIVERS\NCFilter.sys [2010-12-03 113240]
S0 NCRecognizer;Novell UNC Filter - Recognizer;c:\windows\system32\DRIVERS\NCRecognizer.sys [2010-12-03 119384]
S0 NCUncFilter;Novell UNC Filter - UNC Filter;c:\windows\system32\DRIVERS\NCUncFilter.sys [2010-12-03 26200]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-11-14 53488]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-03-29 27736]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AGCoreService;AG Core Services;c:\program files (x86)\AGI\core\4.2.0.10755\AGCoreService.exe [2012-09-07 20480]
S2 iprntsrv;Novell iPrint Service;c:\windows\system32\iprntsrv.exe [2011-11-04 55296]
S2 NCFSD;Novell Client File System Redirector;c:\program files\Novell\Client\XTier\Drivers\ncfsd.sys [2010-12-03 101464]
S2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\Novell\Client\XTier\Drivers\ncioctl.sys [2010-12-03 85592]
S2 NtlxSrvMgr;Intellex Service Manager;c:\program files (x86)\Sensormatic\NetworkClient\Bin\NtlxSrvMgr.exe [2010-09-09 178176]
S2 XTSvcMgr;Novell XTier Service Manager;c:\program files\Novell\Client\XTier\Services\XTSvcMgr.exe [2010-12-03 19544]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2009-09-03 30736]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-08-21 84512]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - nciom
*Deregistered* - ncp
*Deregistered* - ncpl
*Deregistered* - ndm
*Deregistered* - ndmndap
*Deregistered* - niam
*Deregistered* - nipctl
*Deregistered* - nscm
*Deregistered* - nsns
*Deregistered* - nsvccost
*Deregistered* - xtxplat
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 14:15]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-28 13:06]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-28 13:06]
.
2012-10-12 c:\windows\Tasks\ReclaimerUpdateFiles_Paquetted.job
- c:\users\Paquetted\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-26 12:58]
.
2012-10-17 c:\windows\Tasks\ReclaimerUpdateXML_Paquetted.job
- c:\users\Paquetted\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-26 12:58]
.
2012-10-17 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Paquetted.job
- c:\users\Paquetted\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-26 12:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NWTRAY"="NWTRAY.EXE" [2010-12-03 43608]
"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2011-11-04 66136]
"iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2011-11-04 69720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1.0FO\x64\adialhk.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 142.13.17.66 142.13.17.43
FF - ProfilePath - c:\users\Paquetted\AppData\Roaming\Mozilla\Firefox\Profiles\gi5wxj2j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.brandonu.ca/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-09-24 08:06; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Intellex Service Manager - %ProgramFiles(x86)%\Sensormatic\NetworkClient\Bin\NtlxSrvMgr.exe
Wow6432Node-HKLM-Run-WsdtReplacer - c:\users\Paquetted\AppData\Local\Temp\WebshotSupplantLauncher.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-C1RPTING - c:\program files (x86)\Common Files\Novell\ni\bin\install.exe -remove ..\data\ip.db ..\data\remove.rsp
AddRemove-CONSOLE1 - c:\program files (x86)\Common Files\Novell\ni\bin\install.exe -remove ..\data\ip.db ..\data\remove.rsp
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
.
**************************************************************************
.
Completion time: 2012-10-17 13:36:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-17 18:36
.
Pre-Run: 98,706,493,440 bytes free
Post-Run: 98,371,928,064 bytes free
.
- - End Of File - - AAC48A0A45309A5BA08DA77C15F4BA88

#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:36 AM

Posted 17 October 2012 - 02:13 PM

Good evening. :)

Pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

So long, and thanks for all the fish.

 

 


#8 burton5

burton5
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 18 October 2012 - 01:06 PM

Hi,
It kept failing to download the updates for it, stating to check proxy settings. So I uninstalled and reinstalled Internet explorer.
Then it worked fine. The Eset scan found nothing, and the webshots/shine program isn't trying to install anymore.

I may have to reinstall a couple programs to fix them now it looks like, but I can handle that.

Thanks for all the help.

Edited by burton5, 18 October 2012 - 01:13 PM.


#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:36 AM

Posted 22 October 2012 - 02:43 PM

As this issue appears to have been resolved, this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users