Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dds.com hangs with "check mbr" runs normally otherwise


  • Please log in to reply
44 replies to this topic

#1 mainemack

mainemack

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 29 March 2013 - 08:58 AM

dds.com hangs for about 10 or 15 minutes before a restart, when I run it with "check mbr" checked.

 

dds.com runs normally and completes after about three minutes when I run it with "check mbr" UNchecked.  dds.com logs pasted and attached (from completed run, with "check mbr" UNchecked)

 

I have run aswMBR, log pasted below.

 

While running in safe mode with networking, I manually turned off avg services in services.msc, but when I ran dds finally in normal boot, these services were all restored, and I disabled avg directly from its own tray icon.

 

dds.com hanging came to my attention while trying to remove whitesmoke toolbar, which eventually I accomplished (maybe?) by running AdwCleaner

 

---dds.txt begin---

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.17.2
Run by mack at 6:39:57 on 2013-03-29
#Option MBR scan  is disabled.
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2551.2016 [GMT -7:00]
.
AV: AVG Internet Security 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2013 *Enabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ================
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Array Networks\Common\8,4,6,67\arr_isrv.exe
C:\Program Files\Array Networks\Array SSL VPN\8,4,6,67\arr_srvs.exe
C:\Program Files\AVG\AVG2013\avgfws.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [SoftAuto.exe] "c:\program files\creative\software update 3\SoftAuto.exe"
uRun: [Google Update] "c:\documents and settings\mack\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [VMware hqtray] "c:\program files\vmware\vmware player\hqtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x081d -f video -m logitech -d 13.31.1044.0
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\vmware\vmware player\vsocklib.dll
TCP: NameServer = 192.168.1.1 4.2.2.2
TCP: Interfaces\{626C2F94-0688-4AE3-AA90-B52517776B87} : DHCPNameServer = 192.168.1.1 4.2.2.2
TCP: Interfaces\{ACBA8920-9A0B-4CB2-80E1-EEB10AE7CCB4} : NameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs=        
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.43\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mack\application data\mozilla\firefox\profiles\5du8myzm.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\mack\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\mack\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\mack\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\mack\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin1017300.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: !HIDDEN! 2012-01-11 15:33; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 35552]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-9-4 6528]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 164832]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-3 33112]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [2011-11-8 181120]
R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [2011-11-8 51072]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2011-10-29 188328]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2011-10-29 94632]
R2 Array_Utility_Service8.4.6.67;Array Utility Service 8,4,6,67;c:\program files\array networks\common\8,4,6,67\arr_isrv.exe [2013-3-15 403992]
R2 ArraySSL_VPN_Service8.4.6.67;Array SSL VPN Service 8,4,6,67;c:\program files\array networks\array ssl vpn\8,4,6,67\arr_srvs.exe [2013-3-15 309784]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2013\avgfws.exe [2012-12-10 1342024]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 FreeAgentGoFlex Service;Seagate Drive Settings Service;c:\program files\seagate\drivesettings\sync\SeagateDriveSettingsService.exe [2011-2-10 91432]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-13 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-13 399416]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-1-31 3289208]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2012-6-9 70808]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2012-6-9 539288]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-16 5814904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\toolbarupdater.exe --> c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\ToolbarUpdater.exe [?]
S3 ATP;ArrayNetworks SSL VPN Miniport Driver;c:\windows\system32\drivers\atpdrvr.sys [2013-3-15 16256]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2011-8-19 22176]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\creative\creative centrale\CTUPnPSv.exe [2008-5-21 64000]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2011-10-3 104280]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2012-1-21 82736]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-03-29 10:27:23    --------    d--h--w-    c:\windows\PIF
2013-03-28 18:17:15    --------    d-----w-    c:\documents and settings\mack\AppData
2013-03-25 01:34:24    --------    d-----w-    c:\program files\CoolPic - Fun Social Pictures
2013-03-17 01:29:48    12928    -c----w-    c:\windows\system32\dllcache\usb8023x.sys
2013-03-16 04:01:03    --------    d-----w-    c:\documents and settings\mack\local settings\application data\Array NetWorks
2013-03-16 04:00:33    16256    ----a-w-    c:\windows\system32\drivers\atpdrvr.sys
2013-03-16 04:00:15    --------    d-----w-    c:\program files\Array Networks
2013-03-16 04:00:10    90112    ----a-w-    c:\windows\system32\arr_ndjni.dll
2013-03-16 04:00:10    80408    ----a-w-    c:\windows\system32\arr_getp.exe
2013-03-16 04:00:10    301592    ----a-w-    c:\windows\system32\ArrayApi.dll
2013-03-16 04:00:10    158232    ----a-w-    c:\windows\system32\arr_launch.exe
2013-03-13 02:59:48    16486616    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2013-03-09 05:54:35    --------    d-----w-    c:\program files\Wireshark
2013-03-09 05:51:08    74136    ----a-w-    c:\program files\mozilla firefox\breakpadinjector.dll
2013-03-09 05:51:08    19352    ----a-w-    c:\program files\mozilla firefox\AccessibleMarshal.dll
2013-03-09 05:51:08    116120    ----a-w-    c:\program files\mozilla firefox\crashreporter.exe
2013-03-07 22:04:41    143872    ----a-w-    c:\windows\system32\javacpl.cpl
2013-03-07 22:04:33    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-03-03 07:25:03    --------    d-----w-    c:\documents and settings\mack\.thumbnails
2013-03-03 07:24:13    --------    d-----w-    c:\documents and settings\mack\local settings\application data\fontconfig
2013-03-03 07:24:10    --------    d-----w-    c:\documents and settings\mack\.gimp-2.8
2013-03-03 07:24:09    --------    d-----w-    c:\documents and settings\mack\local settings\application data\gegl-0.2
2013-03-03 07:05:44    --------    d-----w-    c:\program files\GIMP 2
2013-03-03 04:15:14    --------    d-----w-    c:\documents and settings\mack\local settings\application data\VMware
2013-03-03 04:05:44    334488    ----a-w-    c:\windows\system32\vmnetdhcp.exe
2013-03-03 04:05:40    404120    ----a-w-    c:\windows\system32\vmnat.exe
2013-03-03 04:05:39    26392    ----a-w-    c:\windows\system32\drivers\vmnetuserif.sys
2013-03-03 04:05:32    760472    ----a-w-    c:\windows\system32\vnetlib.dll
2013-03-03 04:05:09    24728    ----a-w-    c:\windows\system32\drivers\VMkbd.sys
2013-03-03 04:04:27    --------    d-----w-    c:\program files\common files\VMware
2013-03-03 04:03:53    --------    d-----w-    c:\program files\VMware
2013-02-28 17:29:10    --------    d-----w-    c:\documents and settings\mack\local settings\application data\Sun
.
==================== Find3M  ====================
.
2013-03-13 02:59:53    73432    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 02:59:53    693976    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-03-07 22:04:10    861088    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-03-07 22:04:10    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-02-18 19:52:16    33112    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-02-12 00:32:23    12928    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:05:47    916480    ----a-w-    c:\windows\system32\wininet.dll
2013-02-05 20:05:46    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57    385024    ------w-    c:\windows\system32\html.iec
2013-01-26 03:55:44    552448    ----a-w-    c:\windows\system32\oleaut32.dll
2013-01-07 01:19:45    2148864    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01    2027520    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00    1867264    ----a-w-    c:\windows\system32\win32k.sys
2013-01-02 06:49:10    148992    ----a-w-    c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10    1292288    ----a-w-    c:\windows\system32\quartz.dll
.
============= FINISH:  6:40:46.96 ===============

---dds.txt end---

 

---aswMBR.txt begin---

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-03-29 05:50:53
-----------------------------
05:50:53.625    OS Version: Windows 5.1.2600 Service Pack 3
05:50:53.625    Number of processors: 2 586 0xE08
05:50:53.640    ComputerName: MAINE  UserName: mack
05:50:56.875    Initialize success
05:51:29.703    AVAST engine defs: 13032900
05:51:39.781    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
05:51:39.796    Disk 0 Vendor: FUJITSU_MHV2060BH_PL 00000029 Size: 57231MB BusType: 3
05:51:39.906    Disk 0 MBR read successfully
05:51:39.921    Disk 0 MBR scan
05:51:40.000    Disk 0 Windows XP default MBR code
05:51:40.015    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        57231 MB offset 63
05:51:40.046    Disk 0 scanning sectors +117210240
05:51:40.078    Disk 0 scanning C:\WINDOWS\system32\drivers
05:51:50.546    Service scanning
05:52:18.453    Modules scanning
05:52:23.890    Disk 0 trace - called modules:
05:52:23.937    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
05:52:23.968    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8a0ab8]
05:52:23.984    3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000091[0x8a8769e8]
05:52:24.046    5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a876d98]
05:52:24.687    AVAST engine scan C:\WINDOWS
05:52:29.703    AVAST engine scan C:\WINDOWS\system32
05:55:12.093    AVAST engine scan C:\WINDOWS\system32\drivers
05:55:27.031    AVAST engine scan C:\Documents and Settings\mack
06:07:24.218    AVAST engine scan C:\Documents and Settings\All Users
06:10:20.968    Scan finished successfully
06:10:56.296    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\mack\Desktop\malware\aswMBR logs\1303290610\MBR.dat"
06:10:56.312    The log file has been saved successfully to "C:\Documents and Settings\mack\Desktop\malware\aswMBR logs\1303290610\aswMBR.txt"

 

---aswMBR.txt end---

 

Attached Files



BC AdBot (Login to Remove)

 


#2 mainemack

mainemack
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 29 March 2013 - 09:16 AM

Saw some references to ZeroAccess being aggressive, and preventing running dds, so I ran avg's "Virus Remover for Win32/ZeroAccess", normal results, log pasted below:

 

C:\WINDOWS\system32\ntoskrnl.exe                                                 OK
C:\WINDOWS\system32\hal.dll                                                      OK
C:\WINDOWS\system32\KDCOM.DLL                                                    OK
C:\WINDOWS\system32\BOOTVID.dll                                                  OK
C:\WINDOWS\system32\drivers\ACPI.sys                                             OK
C:\WINDOWS\system32\DRIVERS\WMILIB.SYS                                           OK
C:\WINDOWS\system32\drivers\pci.sys                                              OK
C:\WINDOWS\system32\drivers\isapnp.sys                                           OK
C:\WINDOWS\system32\drivers\ohci1394.sys                                         OK
C:\WINDOWS\system32\DRIVERS\1394BUS.SYS                                          OK
C:\WINDOWS\system32\drivers\compbatt.sys                                         OK
C:\WINDOWS\system32\DRIVERS\BATTC.SYS                                            OK
C:\WINDOWS\system32\drivers\pciide.sys                                           OK
C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS                                          OK
C:\WINDOWS\system32\drivers\pcmcia.sys                                           OK
C:\WINDOWS\system32\drivers\MountMgr.sys                                         OK
C:\WINDOWS\system32\drivers\ftdisk.sys                                           OK
C:\WINDOWS\system32\drivers\PartMgr.sys                                          OK
C:\WINDOWS\system32\drivers\VolSnap.sys                                          OK
C:\WINDOWS\system32\drivers\atapi.sys                                            OK
C:\WINDOWS\system32\drivers\disk.sys                                             OK
C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS                                         OK
C:\WINDOWS\system32\drivers\fltMgr.sys                                           OK
C:\WINDOWS\system32\drivers\sr.sys                                               OK
C:\WINDOWS\system32\drivers\KSecDD.sys                                           OK
C:\WINDOWS\system32\drivers\Ntfs.sys                                             OK
C:\WINDOWS\system32\drivers\NDIS.sys                                             OK
C:\WINDOWS\system32\drivers\Thpevm.SYS                                           OK
C:\WINDOWS\system32\drivers\Mup.sys                                              OK
C:\WINDOWS\system32\drivers\avgrkx86.sys                                         OK
C:\WINDOWS\system32\drivers\avglogx.sys                                          OK
C:\WINDOWS\system32\drivers\avgmfx86.sys                                         OK
C:\WINDOWS\system32\drivers\avgidshx.sys                                         OK
C:\WINDOWS\system32\DRIVERS\ialmnt5.sys                                          OK
C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS                                         OK
C:\WINDOWS\system32\DRIVERS\HDAudBus.sys                                         OK
C:\WINDOWS\system32\DRIVERS\e1e5132.sys                                          OK
C:\WINDOWS\system32\DRIVERS\usbuhci.sys                                          OK
C:\WINDOWS\system32\DRIVERS\USBPORT.SYS                                          OK
C:\WINDOWS\system32\DRIVERS\usbehci.sys                                          OK
C:\WINDOWS\system32\DRIVERS\sdbus.sys                                            OK
C:\WINDOWS\system32\DRIVERS\i8042prt.sys                                         OK
C:\WINDOWS\system32\DRIVERS\kbdclass.sys                                         OK
C:\WINDOWS\system32\drivers\VMkbd.sys                                            OK
C:\WINDOWS\system32\DRIVERS\Apfiltr.sys                                          OK
C:\WINDOWS\system32\DRIVERS\mouclass.sys                                         OK
C:\WINDOWS\system32\DRIVERS\serial.sys                                           OK
C:\WINDOWS\system32\DRIVERS\serenum.sys                                          OK
C:\WINDOWS\system32\DRIVERS\parport.sys                                          OK
C:\WINDOWS\system32\DRIVERS\imapi.sys                                            OK
C:\WINDOWS\system32\DRIVERS\cdrom.sys                                            OK
C:\WINDOWS\system32\DRIVERS\redbook.sys                                          OK
C:\WINDOWS\system32\DRIVERS\ks.sys                                               OK
C:\WINDOWS\system32\DRIVERS\CmBatt.sys                                           OK
C:\WINDOWS\system32\DRIVERS\intelppm.sys                                         OK
C:\WINDOWS\system32\DRIVERS\avgfwdx.sys                                          OK
C:\WINDOWS\system32\DRIVERS\serscan.sys                                          OK
C:\WINDOWS\system32\DRIVERS\audstub.sys                                          OK
C:\WINDOWS\system32\DRIVERS\rasl2tp.sys                                          OK
C:\WINDOWS\system32\DRIVERS\ndistapi.sys                                         OK
C:\WINDOWS\system32\DRIVERS\ndiswan.sys                                          OK
C:\WINDOWS\system32\DRIVERS\raspppoe.sys                                         OK
C:\WINDOWS\system32\DRIVERS\raspptp.sys                                          OK
C:\WINDOWS\system32\DRIVERS\TDI.SYS                                              OK
C:\WINDOWS\system32\DRIVERS\psched.sys                                           OK
C:\WINDOWS\system32\DRIVERS\msgpc.sys                                            OK
C:\WINDOWS\system32\DRIVERS\ptilink.sys                                          OK
C:\WINDOWS\system32\DRIVERS\raspti.sys                                           OK
C:\WINDOWS\system32\DRIVERS\rdpdr.sys                                            OK
C:\WINDOWS\system32\DRIVERS\termdd.sys                                           OK
C:\WINDOWS\system32\DRIVERS\swenum.sys                                           OK
C:\WINDOWS\system32\DRIVERS\update.sys                                           OK
C:\WINDOWS\system32\DRIVERS\mssmbios.sys                                         OK
C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys                                     OK
C:\WINDOWS\system32\DRIVERS\VMNET.SYS                                            OK
C:\WINDOWS\System32\Drivers\NDProxy.SYS                                          OK
C:\WINDOWS\system32\drivers\RtkHDAud.sys                                         OK
C:\WINDOWS\system32\drivers\portcls.sys                                          OK
C:\WINDOWS\system32\drivers\drmk.sys                                             OK
C:\WINDOWS\system32\DRIVERS\usbhub.sys                                           OK
C:\WINDOWS\system32\DRIVERS\USBD.SYS                                             OK
C:\WINDOWS\system32\DRIVERS\sffp_sd.sys                                          OK
C:\WINDOWS\system32\DRIVERS\sffdisk.sys                                          OK
C:\WINDOWS\system32\DRIVERS\ifsmount.sys                                         OK
C:\WINDOWS\System32\Drivers\Fs_Rec.SYS                                           OK
C:\WINDOWS\System32\Drivers\Null.SYS                                             OK
C:\WINDOWS\System32\Drivers\Beep.SYS                                             OK
C:\WINDOWS\system32\drivers\avgtpx86.sys                                         OK
C:\WINDOWS\System32\drivers\vga.sys                                              OK
C:\WINDOWS\System32\Drivers\mnmdd.SYS                                            OK
C:\WINDOWS\System32\DRIVERS\RDPCDD.sys                                           OK
C:\WINDOWS\system32\DRIVERS\ext2fs.sys                                           OK
C:\WINDOWS\System32\Drivers\Msfs.SYS                                             OK
C:\WINDOWS\System32\Drivers\Npfs.SYS                                             OK
C:\WINDOWS\system32\DRIVERS\rasacd.sys                                           OK
C:\WINDOWS\system32\DRIVERS\ipsec.sys                                            OK
C:\WINDOWS\system32\DRIVERS\tcpip.sys                                            OK
C:\WINDOWS\system32\DRIVERS\avgtdix.sys                                          OK
C:\WINDOWS\system32\DRIVERS\ipnat.sys                                            OK
C:\WINDOWS\system32\DRIVERS\wanarp.sys                                           OK
C:\WINDOWS\system32\DRIVERS\netbt.sys                                            OK
C:\WINDOWS\System32\drivers\ws2ifsl.sys                                          OK
C:\WINDOWS\System32\drivers\afd.sys                                              OK
C:\WINDOWS\system32\DRIVERS\netbios.sys                                          OK
C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys                                       OK
C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys                                          OK
C:\WINDOWS\system32\DRIVERS\rdbss.sys                                            OK
C:\WINDOWS\system32\DRIVERS\mrxsmb.sys                                           OK
C:\WINDOWS\System32\Drivers\Fips.SYS                                             OK
C:\WINDOWS\system32\DRIVERS\avgldx86.sys                                         OK
C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys                                      OK
C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys                                    OK
C:\WINDOWS\System32\Drivers\Fastfat.SYS                                          OK
C:\WINDOWS\System32\Drivers\Cdfs.SYS                                             OK
C:\WINDOWS\System32\Drivers\dump_atapi.sys                                       Not Found
C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS                                      Not Found
C:\WINDOWS\System32\win32k.sys                                                   OK
C:\WINDOWS\System32\drivers\Dxapi.sys                                            OK
C:\WINDOWS\System32\watchdog.sys                                                 OK
C:\WINDOWS\System32\drivers\dxg.sys                                              OK
C:\WINDOWS\System32\drivers\dxgthk.sys                                           OK
C:\WINDOWS\System32\ialmdnt5.dll                                                 OK
C:\WINDOWS\System32\ialmrnt5.dll                                                 OK
C:\WINDOWS\System32\ialmdev5.DLL                                                 OK
C:\WINDOWS\System32\ialmdd5.DLL                                                  OK
C:\WINDOWS\System32\ATMFD.DLL                                                    OK
C:\WINDOWS\system32\DRIVERS\AegisP.sys                                           OK
C:\WINDOWS\system32\DRIVERS\s24trans.sys                                         OK
C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys                                      OK
C:\WINDOWS\system32\drivers\wdmaud.sys                                           OK
C:\WINDOWS\system32\drivers\sysaudio.sys                                         OK
C:\WINDOWS\system32\DRIVERS\mrxdav.sys                                           OK
C:\WINDOWS\system32\drivers\hcmon.sys                                            OK
C:\WINDOWS\System32\Drivers\ParVdm.SYS                                           OK
C:\WINDOWS\system32\Drivers\vmci.sys                                             OK
C:\WINDOWS\system32\Drivers\VMparport.sys                                        OK
C:\WINDOWS\system32\Drivers\vmx86.sys                                            OK
C:\WINDOWS\system32\DRIVERS\srv.sys                                              OK
C:\WINDOWS\system32\drivers\npf.sys                                              OK
C:\WINDOWS\system32\drivers\vmnetuserif.sys                                      OK
C:\Program Files\VMware\VMware Player\vstor2-ws60.sys                            OK
C:\WINDOWS\System32\Drivers\HTTP.sys                                             OK
C:\WINDOWS\system32\DRIVERS\psi_mf.sys                                           OK
C:\WINDOWS\system32\drivers\kmixer.sys                                           OK
C:\WINDOWS\system32\drivers\rm.sys                                               Not Found
C:\WINDOWS\system32\ntdll.dll                                                    OK
C:\WINDOWS\system32\basesrv.dll                                                  OK
C:\WINDOWS\system32\winsrv.dll                                                   OK
C:\WINDOWS\system32\winsrv.dll                                                   OK
C:\WINDOWS\system32\basesrv.dll                                                  OK
C:\WINDOWS\system32\winsrv.dll                                                   OK
C:\WINDOWS\system32\winsrv.dll                                                   OK
{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\InprocServer32                            OK
{022105BD-948A-40C9-AB42-A3300DDF097F}\InprocServer32                            OK
{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32                            OK
{047466F1-82AE-455A-AFC4-D3AC463FBF6B}\InprocServer32                            OK
{08FB66B9-2D2D-4B35-A747-D5D9E9F472E2}\InprocServer32                            OK
{0B4AA204-AB61-47E3-B5B4-27DCF375EBAC}\InprocServer32                            OK
{0B4AA204-AB61-47E3-B5B4-27DCF375EBAC}VersionIndependentProgID\InprocServer32    OK
{22181302-A8A6-4F84-A541-E5CBFC70CC43}\InprocServer32                            OK
{2F0E2680-9FF5-43C0-B76E-114A56E93598}\InprocServer32                            OK
{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32                            OK
{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32                            OK
{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\InprocServer32                            OK
{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32                            OK
{9793fbbf-e9db-3b01-b322-3430cbcf3cd5}\InprocServer32                            OK
{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32                            OK
{B8DA6310-E19B-11D0-933C-00A0C90DCAA9}\InprocServer32                            OK
{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32                            OK
{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32                            OK
{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0039-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0039-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0040-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0040-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0041-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0041-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0042-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0014-0002-0042-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBB}\InprocServer32                            OK
{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBC}\InprocServer32                            OK
{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}\InprocServer32                            OK
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\InprocServer32                            OK
{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32                            OK
{E67BE843-BBBE-4484-95FB-05271AE86750}\InprocServer32                            OK
{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\InprocServer32                            OK
{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32                            OK
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32                            OK
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32                            OK
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32                            OK
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32                            OK
C:\WINDOWS\system32\services.exe                                                 OK
Work complete.                                                                   

-- EOF --
 



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:02 AM

Posted 31 March 2013 - 08:02 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#4 mainemack

mainemack
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 31 March 2013 - 07:11 PM

Hiya, nasdaq, thank you.

 

combofix runs, installed recover console successfully, then hangs.  I let it stay for about 25 minutes before rebooting.  Note that this behavior was the same as with dds, I know they're made by the same person.

 

---begin security log---

 

 Results of screen317's Security Check version 0.99.61  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
AVG Internet Security 2013   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Secunia PSI (2.0.0.4003)   
 AVG PC Tuneup   
 Java 7 Update 17  
 Adobe Flash Player 11.6.602.180  
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Mozilla Firefox (19.0.2) 
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
 Seagate DriveSettings Sync SeagateDriveSettingsService.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 19% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
---end security log---
 
---begin adwCleaner log---

# AdwCleaner v2.115 - Logfile created 03/31/2013 at 17:06:50
# Updated 17/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : mack - MAINE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\mack\Desktop\adwcleaner(1).exe
# Option [Search]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v19.0.2 (en-US)
 
File : C:\Documents and Settings\mack\Application Data\Mozilla\Firefox\Profiles\5du8myzm.default\prefs.js
 
[OK] File is clean.
 
File : C:\Documents and Settings\valentina\Application Data\Mozilla\Firefox\Profiles\8em1w5s3.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v [Unable to get version]
 
File : C:\Documents and Settings\mack\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
File : C:\Documents and Settings\valentina\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
-\\ Opera v [Unable to get version]
 
File : C:\Documents and Settings\mack\Application Data\Opera\Opera\operaprefs.ini
 
[OK] File is clean.
 
File : C:\Documents and Settings\valentina\Application Data\Opera\Opera\operaprefs.ini
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [11408 octets] - [29/03/2013 04:31:42]
AdwCleaner[R2].txt - [1683 octets] - [29/03/2013 04:37:03]
AdwCleaner[R3].txt - [1549 octets] - [31/03/2013 17:06:50]
AdwCleaner[S1].txt - [11142 octets] - [29/03/2013 04:32:53]
 
########## EOF - C:\AdwCleaner[R3].txt - [1670 octets] ##########
---end adwCleaner log---

 



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:02 AM

Posted 01 April 2013 - 07:49 AM

Please download RogueKiller© by Tigzy from one of the links below and save it to your desktop.
Link 1 Bleepingcomputer
Link 2 RogueKiller (par Tigzy)

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop, DO NOT ATTACH THE LOG.

#6 mainemack

mainemack
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 01 April 2013 - 02:47 PM

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : mack [Admin rights]
Mode : Scan -- Date : 04/01/2013 12:42:49
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] SkyTel.exe -- C:\WINDOWS\SkyTel.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHV2060BH PL +++++
--- User ---
[MBR] 96b2b5919198ac8fe0e6dcb6e9e88477
[BSP] 61ad7d85724c14acdf18d2dff5448c45 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 57231 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_04012013_02d1242.txt >>
RKreport[1]_S_04012013_02d1242.txt


 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:02 AM

Posted 02 April 2013 - 07:08 AM

Please download JavaRa

If you get this message:
Problems with the download? Please use this direct link or try another mirror.

Select the Direct link download unzip it to your Desktop.

Double click JavaRa.exe then click Remove Older Versions.
In Vista and Windows 7 right click the JavaRa.exe and select run as Administrator.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

===OTL_Main_Tutorial.gif
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Select All Users.
    • Under the Custom Scan box paste this text in bold in
  • netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT


    Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    Post both logs DO NOT ATTACH THEM.


#8 mainemack

mainemack
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 02 April 2013 - 01:15 PM

JavaRa 1.16 Removal Log.
 
Report follows after line.
 
------------------------------------
 
The JavaRa removal process was started on Tue Apr 02 10:54:07 2013
 
Found and removed: C:\Program Files\Java\jre6
 
Found and removed: C:\Documents and Settings\mack\Application Data\Sun\Java\jre1.6.0_22
 
Found and removed: C:\Documents and Settings\mack\Application Data\Sun\Java\jre1.6.0_30
 
Found and removed: C:\Documents and Settings\mack\Application Data\Sun\Java\jre1.6.0_31
 
Found and removed: C:\Documents and Settings\mack\Application Data\Sun\Java\jre1.6.0_33
 
Found and removed: C:\Documents and Settings\mack\Application Data\Sun\Java\jre1.6.0_35
 
Found and removed: C:\Documents and Settings\mack\Application Data\Sun\Java\jre1.6.0_39
 
Found and removed: C:\Documents and Settings\mack\Application Data\Sun\Java\jre1.7.0_15
 
Found and removed: Applications\java.exe
 
Found and removed: Applications\javaw.exe
 
Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}
 
Found and removed: JavaScript
 
Found and removed: JavaScript Author
 
Found and removed: JavaScript1.1
 
Found and removed: JavaScript1.1 Author
 
Found and removed: JavaScript1.2
 
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}
 
Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}
 
Found and removed: Software\JavaSoft\Java Update
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
 
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
 
JavaRa 1.16 Removal Log.
 
Report follows after line.
 
------------------------------------
 
The JavaRa removal process was started on Tue Apr 02 10:54:22 2013
 
------------------------------------
 
Finished reporting.
 
 

OTL logfile created on: 4/2/2013 10:57:46 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\mack\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.49 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 76.13% Memory free
3.83 Gb Paging File | 3.29 Gb Available in Paging File | 85.96% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 20.40 Gb Free Space | 36.51% Space Free | Partition Type: NTFS
 
Computer Name: MAINE | User Name: mack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/04/02 10:56:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mack\Desktop\OTL.exe
PRC - [2013/03/07 15:04:12 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/02/16 20:58:40 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013/01/31 11:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/12/19 16:12:12 | 000,403,992 | ---- | M] (Array Networks, Inc.) -- C:\Program Files\Array Networks\Common\8,4,6,67\arr_isrv.exe
PRC - [2012/12/19 16:11:26 | 000,309,784 | ---- | M] (Array Networks, Inc.) -- C:\Program Files\Array Networks\Array SSL VPN\8,4,6,67\arr_srvs.exe
PRC - [2012/12/11 04:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/12/10 12:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgfws.exe
PRC - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/06/09 20:30:38 | 000,334,488 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2012/06/09 20:30:34 | 000,113,304 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2012/06/09 20:30:08 | 000,064,152 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\hqtray.exe
PRC - [2012/06/09 20:29:46 | 000,404,120 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2012/06/09 19:30:12 | 000,539,288 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2012/01/17 23:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/11/11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/03 17:20:58 | 000,803,144 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
PRC - [2011/10/13 23:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/10/13 23:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/10/13 23:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/02/10 12:00:58 | 000,091,432 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe
PRC - [2008/08/12 20:49:30 | 000,405,504 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Software Update 3\SoftAuto.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/01 23:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
PRC - [2006/08/02 00:38:30 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/08/02 00:32:44 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004/12/30 01:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/06/09 20:30:50 | 000,068,760 | ---- | M] () -- C:\Program Files\VMware\VMware Player\zlib1.dll
MOD - [2012/06/09 20:30:14 | 000,970,392 | ---- | M] () -- C:\Program Files\VMware\VMware Player\libxml2.dll
MOD - [2011/11/03 17:21:06 | 000,350,024 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup\madExcept_.bpl
MOD - [2011/11/03 17:21:06 | 000,184,136 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup\madBasic_.bpl
MOD - [2011/11/03 17:21:06 | 000,050,504 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup\madDisAsm_.bpl
MOD - [2011/08/12 13:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/08/12 13:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/08/12 13:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/08/12 13:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/08/12 13:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2006/08/02 00:26:20 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/08/02 00:24:54 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2013/03/12 19:59:53 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/08 22:50:07 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/07 15:04:12 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/01/31 11:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/19 16:12:12 | 000,403,992 | ---- | M] (Array Networks, Inc.) [Auto | Running] -- C:\Program Files\Array Networks\Common\8,4,6,67\arr_isrv.exe -- (Array_Utility_Service8.4.6.67)
SRV - [2012/12/19 16:11:26 | 000,309,784 | ---- | M] (Array Networks, Inc.) [Auto | Running] -- C:\Program Files\Array Networks\Array SSL VPN\8,4,6,67\arr_srvs.exe -- (ArraySSL_VPN_Service8.4.6.67)
SRV - [2012/12/10 12:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/06/09 20:30:38 | 000,334,488 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012/06/09 20:30:34 | 000,113,304 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2012/06/09 20:29:46 | 000,404,120 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2012/06/09 19:30:12 | 000,539,288 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2012/01/17 23:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/10/13 23:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/13 23:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/06/25 23:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2011/02/10 12:00:58 | 000,091,432 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe -- (FreeAgentGoFlex Service)
SRV - [2010/08/19 14:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/06/25 10:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2008/05/21 04:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2007/04/01 23:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013/02/18 12:52:16 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/12/19 16:36:24 | 000,188,328 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2012/12/19 16:35:16 | 000,094,632 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2012/11/16 00:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/26 20:03:06 | 000,104,280 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2012/10/22 14:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 04:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 04:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 04:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 04:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 04:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 04:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/06/09 20:31:08 | 000,854,296 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2012/06/09 20:31:06 | 000,070,808 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci)
DRV - [2012/06/09 20:30:58 | 000,023,832 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmparport.sys -- (VMparport)
DRV - [2012/06/09 20:29:26 | 000,024,728 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2012/06/09 20:28:40 | 000,032,792 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2012/06/09 20:28:36 | 000,026,392 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2012/06/09 19:30:06 | 000,032,408 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2012/06/09 17:06:56 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2012/01/17 23:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/17 23:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2012/01/17 23:44:14 | 000,022,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2012/01/12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2012/01/12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2011/12/19 15:11:58 | 000,082,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2010/09/01 01:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/08/19 14:56:38 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2010/06/25 10:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/09/04 12:15:14 | 000,016,256 | ---- | M] (Array Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atpdrvr.sys -- (ATP)
DRV - [2008/09/25 18:35:24 | 000,181,120 | ---- | M] (Stephan Schreiber) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ext2fs.sys -- (Ext2fs)
DRV - [2008/08/28 23:45:58 | 000,051,072 | ---- | M] (Stephan Schreiber) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ifsmount.sys -- (IfsMount)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/09/04 02:14:06 | 000,006,528 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Thpevm.sys -- (Thpevm)
DRV - [2006/08/02 01:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/05/09 17:27:24 | 004,273,152 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2004/05/08 20:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-299502267-1085031214-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-299502267-1085031214-1177238915-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-299502267-1085031214-1177238915-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-299502267-1085031214-1177238915-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-299502267-1085031214-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.3
FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.30
FF - prefs.js..extensions.enabledAddons: %7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D:6.6.0.11664
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\mack\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\mack\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\mack\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\mack\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\mack\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/01/11 16:33:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FEFE89E5-A43F-4f4b-8211-B11D91D02135}: C:\Program Files\CoolPic - Fun Social Pictures\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{14DD0E04-D4F6-45d2-A958-F361FBD4F64F}: C:\Program Files\WBC Engine\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/28 12:14:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/01/11 16:33:45 | 000,000,000 | ---D | M]
 
[2013/03/27 09:04:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mack\Application Data\Mozilla\Extensions
[2013/03/28 12:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mack\Application Data\Mozilla\Firefox\Profiles\5du8myzm.default\extensions
[2013/03/24 06:55:07 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Documents and Settings\mack\Application Data\Mozilla\Firefox\Profiles\5du8myzm.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2013/03/21 07:42:37 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\mack\Application Data\Mozilla\Firefox\Profiles\5du8myzm.default\extensions\firefox@ghostery.com
[2013/03/25 08:55:29 | 000,001,102 | ---- | M] () -- C:\Documents and Settings\mack\Application Data\Mozilla\Firefox\Profiles\5du8myzm.default\searchplugins\whitesmoke-new-customized-web-search.xml
[2013/03/28 12:21:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/08 22:49:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/08 22:49:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/03/08 22:49:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/06/24 20:46:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013/03/07 07:31:00 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/03/07 07:30:20 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/07 07:30:20 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = http://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\mack\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Ghostery = C:\Documents and Settings\mack\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.0_0\
CHR - Extension: AVG Security Toolbar = C:\Documents and Settings\mack\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
 
O1 HOSTS File: ([2008/04/14 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-21-299502267-1085031214-1177238915-1003..\Run: [SoftAuto.exe] C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-299502267-1085031214-1177238915-1003..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\.DEFAULT..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe ()
O4 - HKU\S-1-5-18..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\valentina\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\valentina\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\valentina\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-1085031214-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-299502267-1085031214-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{626C2F94-0688-4AE3-AA90-B52517776B87}: DhcpNameServer = 192.168.1.1 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACBA8920-9A0B-4CB2-80E1-EEB10AE7CCB4}: NameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/29 20:21:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{bc373801-7005-11e2-96bb-000e7b45faa5}\Shell - "" = AutoRun
O33 - MountPoints2\{bc373801-7005-11e2-96bb-000e7b45faa5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bc373801-7005-11e2-96bb-000e7b45faa5}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/02 10:56:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mack\Desktop\OTL.exe
[2013/04/02 10:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mack\Desktop\JavaRa
[2013/04/01 12:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mack\Desktop\RK_Quarantine
[2013/03/31 17:14:02 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/03/31 12:26:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/03/31 12:23:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/03/31 12:23:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/03/31 12:23:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/03/31 12:23:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/03/31 12:22:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/31 12:22:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/03/31 12:19:18 | 005,045,447 | R--- | C] (Swearware) -- C:\Documents and Settings\mack\Desktop\ComboFix.exe
[2013/03/29 04:29:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mack\Desktop\malware
[2013/03/29 04:04:21 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\mack\Desktop\aswMBR.exe
[2013/03/29 03:51:17 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2013/03/29 03:27:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2013/03/29 03:26:35 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\mack\Desktop\dds.com
[2013/03/28 13:29:04 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\mack\Desktop\TDSSKiller.exe
[2013/03/28 12:23:47 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\mack\Desktop\olddds.scr
[2013/03/28 11:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mack\AppData
[2013/03/24 18:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\CoolPic - Fun Social Pictures
[2013/03/16 18:29:48 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013/03/15 21:01:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mack\Local Settings\Application Data\Array NetWorks
[2013/03/15 21:00:33 | 000,016,256 | ---- | C] (Array Networks, Inc.) -- C:\WINDOWS\System32\drivers\atpdrvr.sys
[2013/03/15 21:00:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Array Networks
[2013/03/15 21:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\Array Networks
[2013/03/15 21:00:10 | 000,301,592 | ---- | C] (Array Networks, Inc.) -- C:\WINDOWS\System32\ArrayApi.dll
[2013/03/15 21:00:10 | 000,158,232 | ---- | C] (Array Networks, Inc.) -- C:\WINDOWS\System32\arr_launch.exe
[2013/03/15 21:00:10 | 000,090,112 | ---- | C] (Array Networks, Inc.) -- C:\WINDOWS\System32\arr_ndjni.dll
[2013/03/15 21:00:10 | 000,080,408 | ---- | C] (Array Networks, Inc.) -- C:\WINDOWS\System32\arr_getp.exe
[2013/03/14 20:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mack\My Documents\traffic citation
[2013/03/12 19:59:48 | 016,486,616 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/03/08 22:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2013/03/08 22:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/08 09:13:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/03/07 15:04:41 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/03/07 15:04:41 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/03/07 15:04:33 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/03/07 15:04:33 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/03/07 15:04:33 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/02 10:59:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/02 10:56:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mack\Desktop\OTL.exe
[2013/04/02 10:51:59 | 000,160,350 | ---- | M] () -- C:\Documents and Settings\mack\Desktop\JavaRa.zip
[2013/04/02 10:45:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1085031214-1177238915-1003UA.job
[2013/04/02 10:03:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/01 20:45:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1085031214-1177238915-1003Core.job
[2013/04/01 20:03:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/01 17:10:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/01 17:08:51 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup Integrator Start On mack Logon.job
[2013/04/01 17:08:51 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
[2013/04/01 17:08:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/01 12:38:12 | 000,816,128 | ---- | M] () -- C:\Documents and Settings\mack\Desktop\RogueKiller.exe
[2013/03/31 17:04:46 | 000,609,993 | ---- | M] () -- C:\Documents and Settings\mack\Desktop\adwcleaner(1).exe
[2013/03/31 17:04:21 | 000,890,798 | ---- | M] () -- C:\Documents and Settings\mack\Desktop\SecurityCheck.exe
[2013/03/31 12:26:39 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/03/31 12:22:07 | 005,045,447 | R--- | M] (Swearware) -- C:\Documents and Settings\mack\Desktop\ComboFix.exe
[2013/03/29 23:48:45 | 000,024,456 | ---- | M] () -- C:\Documents and Settings\mack\Desktop\crbc040409.gif
[2013/03/29 06:08:26 | 002,522,504 | ---- | M] () -- C:\Documents and Settings\mack\Desktop\avg_rem_zeroaccess_all_1_798.exe
[2013/03/29 04:45:59 | 000,105,984 | ---- | M] () -- C:\Documents and Settings\mack\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/29 04:31:14 | 000,609,993 | ---- | M] () -- C:\Documents and Settings\mack\Desktop\AdwCleaner.exe
[2013/03/29 04:05:43 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\mack\Desktop\aswMBR.exe
[2013/03/29 03:26:36 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\mack\Desktop\dds.com
[2013/03/28 12:23:48 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\mack\Desktop\olddds.scr
[2013/03/28 12:15:44 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\mack\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/03/28 11:05:06 | 000,015,137 | ---- | M] () -- C:\Documents and Settings\mack\My Documents\ebay_selling for others.ods
[2013/03/26 18:27:42 | 000,013,403 | ---- | M] () -- C:\Documents and Settings\mack\Desktop\calm.jpg
[2013/03/25 22:28:36 | 000,008,807 | ---- | M] () -- C:\Documents and Settings\mack\Desktop\red.jpg
[2013/03/25 17:04:11 | 000,011,719 | ---- | M] () -- C:\Documents and Settings\mack\Desktop\v wishlist.ods
[2013/03/25 14:41:32 | 000,054,141 | ---- | M] () -- C:\Documents and Settings\mack\Desktop\409_sexy-cake.jpg
[2013/03/25 14:40:09 | 000,120,611 | ---- | M] () -- C:\Documents and Settings\mack\Desktop\Blue-A-Sexy-Kind-Of-Invite--Calling-all-Bachelorettes--amp--Single-Lady-Invites.jpg
[2013/03/24 18:41:16 | 000,000,884 | RHS- | M] () -- C:\Documents and Settings\mack\ntuser.pol
[2013/03/21 21:27:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/03/18 17:51:08 | 000,741,989 | ---- | M] () -- C:\Documents and Settings\mack\My Documents\DSCN3498.JPG
[2013/03/15 21:00:10 | 000,301,592 | ---- | M] (Array Networks, Inc.) -- C:\WINDOWS\System32\ArrayApi.dll
[2013/03/15 21:00:10 | 000,158,232 | ---- | M] (Array Networks, Inc.) -- C:\WINDOWS\System32\arr_launch.exe
[2013/03/15 21:00:10 | 000,090,112 | ---- | M] (Array Networks, Inc.) -- C:\WINDOWS\System32\arr_ndjni.dll
[2013/03/15 21:00:10 | 000,080,408 | ---- | M] (Array Networks, Inc.) -- C:\WINDOWS\System32\arr_getp.exe
[2013/03/13 03:30:09 | 000,497,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/13 03:30:09 | 000,086,772 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/13 03:04:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/03/12 19:59:53 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/12 19:59:53 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/12 19:59:49 | 016,486,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/03/09 10:36:43 | 000,012,564 | ---- | M] () -- C:\Documents and Settings\mack\My Documents\patricia.ods
[2013/03/08 22:57:47 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/03/08 22:55:01 | 000,001,491 | ---- | M] () -- C:\Documents and Settings\mack\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2013/03/08 22:54:32 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\mack\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/08 09:13:30 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/03/07 15:04:13 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/03/07 15:04:10 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013/03/07 15:04:10 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/03/07 15:04:10 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/03/07 15:04:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/03/07 15:04:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/03/07 15:04:10 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/04/02 10:51:59 | 000,160,350 | ---- | C] () -- C:\Documents and Settings\mack\Desktop\JavaRa.zip
[2013/04/01 12:38:11 | 000,816,128 | ---- | C] () -- C:\Documents and Settings\mack\Desktop\RogueKiller.exe
[2013/03/31 17:04:46 | 000,609,993 | ---- | C] () -- C:\Documents and Settings\mack\Desktop\adwcleaner(1).exe
[2013/03/31 17:04:20 | 000,890,798 | ---- | C] () -- C:\Documents and Settings\mack\Desktop\SecurityCheck.exe
[2013/03/31 12:26:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/03/31 12:26:35 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/03/31 12:23:16 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/03/31 12:23:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/03/31 12:23:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/03/31 12:23:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/03/31 12:23:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/03/29 23:48:44 | 000,024,456 | ---- | C] () -- C:\Documents and Settings\mack\Desktop\crbc040409.gif
[2013/03/29 06:08:23 | 002,522,504 | ---- | C] () -- C:\Documents and Settings\mack\Desktop\avg_rem_zeroaccess_all_1_798.exe
[2013/03/29 04:31:14 | 000,609,993 | ---- | C] () -- C:\Documents and Settings\mack\Desktop\AdwCleaner.exe
[2013/03/28 12:15:44 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\mack\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/03/28 12:15:44 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\mack\Start Menu\Programs\Internet Explorer.lnk
[2013/03/26 18:27:42 | 000,013,403 | ---- | C] () -- C:\Documents and Settings\mack\Desktop\calm.jpg
[2013/03/25 22:28:35 | 000,008,807 | ---- | C] () -- C:\Documents and Settings\mack\Desktop\red.jpg
[2013/03/25 14:41:31 | 000,054,141 | ---- | C] () -- C:\Documents and Settings\mack\Desktop\409_sexy-cake.jpg
[2013/03/25 14:40:07 | 000,120,611 | ---- | C] () -- C:\Documents and Settings\mack\Desktop\Blue-A-Sexy-Kind-Of-Invite--Calling-all-Bachelorettes--amp--Single-Lady-Invites.jpg
[2013/03/24 18:41:14 | 000,000,884 | RHS- | C] () -- C:\Documents and Settings\mack\ntuser.pol
[2013/03/24 08:08:33 | 000,741,989 | ---- | C] () -- C:\Documents and Settings\mack\My Documents\DSCN3498.JPG
[2013/03/24 07:15:26 | 000,011,719 | ---- | C] () -- C:\Documents and Settings\mack\Desktop\v wishlist.ods
[2013/03/14 15:33:20 | 000,015,137 | ---- | C] () -- C:\Documents and Settings\mack\My Documents\ebay_selling for others.ods
[2013/03/08 22:55:01 | 000,001,491 | ---- | C] () -- C:\Documents and Settings\mack\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2013/03/08 22:55:01 | 000,001,479 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Wireshark.lnk
[2013/03/06 21:40:31 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1085031214-1177238915-1003UA.job
[2013/03/06 21:40:30 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1085031214-1177238915-1003Core.job
[2013/03/03 05:25:58 | 000,002,098 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\recently-used.xbel
[2013/01/11 21:33:17 | 000,231,480 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/10/29 23:13:47 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Repeat Routines
[2012/10/29 23:13:47 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\mack\Application Data\Project Templates
[2012/10/29 23:13:46 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLeo.DAT
[2012/08/30 13:55:49 | 000,002,850 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat.temp
[2012/08/30 12:00:26 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\dt.dat
[2012/06/24 22:13:08 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Pop Flute
[2012/06/24 22:11:17 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Pop Kit
[2012/06/24 22:11:16 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Podcasting
[2012/06/24 22:10:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Plants
[2012/06/24 22:10:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PPD Plugins
[2012/05/19 11:31:12 | 000,003,463 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\gnucash-mack.gnucash.20120519113112.gnucash
[2012/05/19 11:28:10 | 000,003,303 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\gnucash-mack.gnucash.20120519112810.gnucash
[2012/05/18 13:03:59 | 000,002,768 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\gnucash-mack.gnucash.20120518130359.gnucash
[2012/05/18 12:37:11 | 000,002,557 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\gnucash-mack.gnucash.20120518123711.gnucash
[2012/05/18 10:55:27 | 000,002,317 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\gnucash-mack.gnucash.20120518105527.gnucash
[2012/05/17 10:00:44 | 000,002,308 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\gnucash-mack.gnucash.20120517100044.gnucash
[2012/05/17 09:59:29 | 000,002,339 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\gnucash-mack.gnucash.20120517095929.gnucash
[2012/05/17 09:48:03 | 000,001,996 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\gnucash-mack.gnucash.20120517094803.gnucash
[2012/05/17 09:21:39 | 000,001,888 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\gnucash-mack.gnucash.20120517092139.gnucash
[2012/05/17 09:00:38 | 000,001,452 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\gnucash-mack.gnucash.20120517090038.gnucash
[2012/05/17 08:52:19 | 000,001,129 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\gnucash-mack.gnucash.20120517085219.gnucash
[2012/05/17 08:46:36 | 000,003,482 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\gnucash-mack.gnucash
[2012/03/28 14:12:49 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\PUTTY.RND
[2012/03/22 18:07:39 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\mack\gncontent.cch
[2012/02/14 16:44:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/13 21:31:51 | 000,253,670 | ---- | C] () -- C:\Documents and Settings\mack\la-bulletin-electr-sta-oper-2012
[2012/02/13 21:29:58 | 000,553,528 | ---- | C] () -- C:\Documents and Settings\mack\la-pers-application-electr-sta-oper-2009
[2012/01/03 15:40:50 | 000,232,950 | ---- | C] () -- C:\WINDOWS\hpwins22.dat
[2012/01/03 15:40:50 | 000,002,850 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat
[2011/12/18 20:18:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI
[2011/12/18 20:10:15 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\mack\Application Data\Plug-Ins
[2011/12/18 20:10:15 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\mack\Application Data\Plug-In Settings
[2011/12/18 20:10:15 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2011/12/18 20:10:15 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
[2011/12/18 20:10:14 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\mack\Application Data\Plants
[2011/12/18 20:10:14 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2011/12/18 20:06:37 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/12/18 20:04:24 | 000,105,984 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/31 21:26:54 | 000,001,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\HDACfg.dat
[2011/10/31 21:26:52 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2011/10/31 21:26:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/10/30 01:12:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/29 20:24:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/10/29 20:17:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/10/28 19:55:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/10/28 19:53:42 | 000,558,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/19 02:26:20 | 010,920,984 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2011/08/19 02:26:20 | 000,336,408 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2011/08/19 02:26:20 | 000,104,472 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2011/08/12 13:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011/07/25 23:48:54 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
 
========== ZeroAccess Check ==========
 
[2011/10/31 18:56:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/09/05 06:56:22 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV - [2008/04/14 05:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 05:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 05:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 06:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 05:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 05:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 10:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 05:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 16:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 05:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 05:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 05:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 05:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 05:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 05:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 09:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 06:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 05:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 05:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 05:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 05:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 05:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 05:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/26 22:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/27 16:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 05:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 05:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 05:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 05:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 05:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 16:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 05:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 05:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 05:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 05:00:00 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 05:00:00 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 05:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 05:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/14 05:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 05:00:00 | 000,483,840 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/09 23:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
 
< %SYSTEMDRIVE%\*.exe >
[2008/04/11 08:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: EXPLORER.EXE  >
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
 
< MD5 for: SERVICES  >
[2011/11/13 20:31:59 | 000,000,094 | --S- | M] () MD5=0398C73EDA82CD1F1DFB17A389D0AEAB -- C:\cygwin\etc\services
[2008/04/14 05:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services
[2013/03/06 12:09:36 | 002,537,631 | ---- | M] () MD5=D167E6B3E0C8C75AEA6CF7EC71FED8BD -- C:\Program Files\Wireshark\services
 
< MD5 for: SERVICES.CFG  >
[2012/12/18 07:28:18 | 000,558,791 | ---- | M] () MD5=A9983CC532F9B3FB1E87918D2313731D -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
 
< MD5 for: SERVICES.EXE  >
[2009/02/06 04:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
 
< MD5 for: SERVICES.LNK  >
[2011/11/19 14:32:43 | 000,001,602 | ---- | M] () MD5=20A25E17F913E9217416DA6C03C35E7D -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
 
< MD5 for: SERVICES.MSC  >
[2008/04/14 05:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc
 
< MD5 for: SERVICES.RDB  >
[2012/08/13 10:51:02 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb
[2012/08/13 10:51:02 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Program Files\OpenOffice.org 3\program\services.rdb
[2012/08/10 15:12:16 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb
 
< MD5 for: SVCHOST.EXE  >
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WINSOCK.DLL  >
[2008/04/14 05:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
[2008/04/14 05:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 181 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
 
< End of report >
 

OTL Extras logfile created on: 4/2/2013 10:57:46 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\mack\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.49 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 76.13% Memory free
3.83 Gb Paging File | 3.29 Gb Available in Paging File | 85.96% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 20.40 Gb Free Space | 36.51% Space Free | Partition Type: NTFS
 
Computer Name: MAINE | User Name: mack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management 
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In) 
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\{F86D9734-D358-4C5B-BC2B-6D90557FF05B}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{F86D9734-D358-4C5B-BC2B-6D90557FF05B}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
"C:\Program Files\VMware\VMware Player\vmware-authd.exe" = C:\Program Files\VMware\VMware Player\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"C:\Program Files\IceChat7\IceChat7.exe" = C:\Program Files\IceChat7\IceChat7.exe:*:Enabled:Internet Relay Chat Client -- (IceChat Networks)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\gnucash\bin\gnucash.exe" = C:\Program Files\gnucash\bin\gnucash.exe:*:Enabled:GnuCash Free Finance Manager -- ()
"C:\Program Files\gnucash\bin\gconfd-2.exe" = C:\Program Files\gnucash\bin\gconfd-2.exe:*:Enabled:GConf Settings Manager -- ()
"C:\Program Files\HP\Digital Imaging\{F86D9734-D358-4C5B-BC2B-6D90557FF05B}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{F86D9734-D358-4C5B-BC2B-6D90557FF05B}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\xOpera\opera.exe" = C:\Program Files\xOpera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Documents and Settings\mack\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\mack\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Maxthon\bin\Maxthon.exe" = C:\Program Files\Maxthon\bin\Maxthon.exe:*:Enabled:Maxthon -- (Maxthon International ltd.)
"C:\Program Files\Maxthon\bin\MxUp.exe" = C:\Program Files\Maxthon\bin\MxUp.exe:*:Enabled:MxUp -- (Maxthon International ltd.)
"C:\Program Files\VMware\VMware Player\vmware-authd.exe" = C:\Program Files\VMware\VMware Player\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Documents and Settings\mack\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\mack\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0ABBF310-94E4-4AE8-A6BD-10345A3F6439}" = Google Drive
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F1A3568-7419-4115-A207-512B9F688267}" = Creative Memories Memory Manager 2
"{0FE71BBF-15E0-4762-A595-4ECE0E09A54F}" = Pimlical
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{23170F69-40C1-2701-0920-000001000000}" = 7-Zip 9.20
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{241DBC8D-14E3-4240-8EE5-3AC35086B638}" = AVG 2013
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2B1E6CDB-306C-4C64-B192-1E465C5C3012}" = 8500A909g
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D73DC7A-2D1D-45CF-8A67-24873925C716}" = bpd_scan
"{3D843732-70CD-4DEF-A36F-AEFB87C80DC9}" = ProductContext
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{69754D89-C21E-4851-83C0-399DE63C6579}" = 8500A909_Help
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{6F8CBBFB-7986-4140-91EC-D8C7F1EC8DF3}" = AVG 2013
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{74A9AB17-2803-4E2E-9ABB-26A3A876A210}" = OneClickdigital Media Manager
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8AEA6737-8AF3-47BB-95CE-AAB62BE68985}" = MPM
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FDEDFA3-C1F2-4A8D-8727-7759D4C433E4}" = Oracle VM VirtualBox 4.2.6
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{91DDF870-EE18-44D8-9D93-F4C122B80908}" = Seagate Drive Settings Installer
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A7A02E23-805C-4AAC-B408-D59A1D53AEA6}" = BPDSoftware
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9CE0266-6801-3B33-94AD-00520085CF4B}" = Google Talk Plugin
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC4E477E-BBD4-4C68-8D6C-D10C3BB658F3}" = BPD_DSWizards
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AD0AA962-111E-41D5-A705-0E3D9178A661}" = BPDSoftware_Ini
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B318D3D1-3421-4E2A-9C63-5D8FC2457B9C}" = 8500A909_eDocs
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D07205E7-F6D3-4333-AFCC-782A07685B72}" = OverDrive Media Console
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F86D9734-D358-4C5B-BC2B-6D90557FF05B}" = HP Officejet Pro 8500 A909 Series
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"Array SSL VPN8,4,6,67" = Array Networks SSL VPN Client 8,4,6,67 (Array Networks)
"Audacity_is1" = Audacity 2.0.2
"AVG" = AVG 2013
"Creative Centrale" = Creative Centrale
"Digital Editions" = Adobe Digital Editions
"EAGLE 6.2.0" = EAGLE 6.2.0
"Ema Personal Wiki" = Ema Personal Wiki
"Ext2Ifs_for_NT501" = Ext2 IFS 1.11a for Windows XP
"GIMP-2_is1" = GIMP 2.8.4
"GnuCash_is1" = GnuCash 2.4.10
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"IceChat_is1" = IceChat 7.70 (Build 20101031)
"ie8" = Windows Internet Explorer 8
"InstallShield_{91DDF870-EE18-44D8-9D93-F4C122B80908}" = Seagate Drive Settings Installer
"KeePass Password Safe_is1" = KeePass Password Safe 1.22
"Logitech Vid" = Logitech Vid HD
"Maxthon3" = Maxthon Cloud Browser
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49a
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Opera 12.14.1738" = Opera 12.14
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"PuTTY_is1" = PuTTY version 0.62
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"Shop for HP Supplies" = Shop for HP Supplies
"StarCalc" = StarCalc 5.73
"TCP Traceroute_is1" = TCP Traceroute 1.0
"Tux Paint_is1" = Tux Paint 0.9.21c
"VLC media player" = VLC media player 2.0.5
"VMware_Player" = VMware Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.8.6 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZENMXUG" = Creative ZEN MX Documentation
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-299502267-1085031214-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/8/2013 2:00:05 PM | Computer Name = MAINE | Source = Mediprime | ID = 65535
Description = 
 
Error - 3/8/2013 2:00:05 PM | Computer Name = MAINE | Source = Mediprime | ID = 65535
Description = 
 
Error - 3/8/2013 2:00:05 PM | Computer Name = MAINE | Source = Mediprime | ID = 65535
Description = 
 
Error - 3/8/2013 2:00:05 PM | Computer Name = MAINE | Source = Mediprime | ID = 65535
Description = 
 
Error - 3/8/2013 2:00:05 PM | Computer Name = MAINE | Source = LoaderClient | ID = 65535
Description = 
 
Error - 3/12/2013 1:38:59 AM | Computer Name = MAINE | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 6.1.0.129, faulting module
 kernel32.dll, version 5.1.2600.6293, fault address 0x0000984e.
 
Error - 3/15/2013 10:37:37 AM | Computer Name = MAINE | Source = ESENT | ID = 490
Description = svchost (608) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
 for read / write access failed with system error 32 (0x00000020): "The process 
cannot access the file because it is being used by another process. ".  The open
 file operation will fail with error -1032 (0xfffffbf8).
 
Error - 3/15/2013 10:37:37 AM | Computer Name = MAINE | Source = ESENT | ID = 470
Description = Catalog Database (608) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
 is partially attached. Attachment stage: 3. Error: -1032.
 
Error - 3/24/2013 9:38:56 PM | Computer Name = MAINE | Source = Application Error | ID = 1000
Description = Faulting application ielogic.exe, version 6.11.2.104, faulting module
 prxtbwhit.dll, version 6.11.2.104, fault address 0x000026c0.
 
Error - 3/28/2013 3:14:36 PM | Computer Name = MAINE | Source = CltMngSvc | ID = 1000
Description = 
 
[ System Events ]
Error - 3/31/2013 8:13:41 PM | Computer Name = MAINE | Source = Service Control Manager | ID = 7034
Description = The Skype C2C Service service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 4/1/2013 11:22:31 AM | Computer Name = MAINE | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 4/1/2013 11:22:31 AM | Computer Name = MAINE | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 4/1/2013 11:22:31 AM | Computer Name = MAINE | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater14.2.0 service failed to start due to the following
 error:   %%2
 
Error - 4/1/2013 3:35:34 PM | Computer Name = MAINE | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 4/1/2013 3:35:34 PM | Computer Name = MAINE | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 4/1/2013 3:35:34 PM | Computer Name = MAINE | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater14.2.0 service failed to start due to the following
 error:   %%2
 
Error - 4/1/2013 8:09:52 PM | Computer Name = MAINE | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 4/1/2013 8:09:52 PM | Computer Name = MAINE | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 4/1/2013 8:09:52 PM | Computer Name = MAINE | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater14.2.0 service failed to start due to the following
 error:   %%2
 
 
< End of report >

OTL Extras logfile created on: 4/2/2013 10:57:46 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\mack\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.49 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 76.13% Memory free
3.83 Gb Paging File | 3.29 Gb Available in Paging File | 85.96% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 20.40 Gb Free Space | 36.51% Space Free | Partition Type: NTFS
 
Computer Name: MAINE | User Name: mack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management 
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In) 
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\{F86D9734-D358-4C5B-BC2B-6D90557FF05B}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{F86D9734-D358-4C5B-BC2B-6D90557FF05B}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
"C:\Program Files\VMware\VMware Player\vmware-authd.exe" = C:\Program Files\VMware\VMware Player\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"C:\Program Files\IceChat7\IceChat7.exe" = C:\Program Files\IceChat7\IceChat7.exe:*:Enabled:Internet Relay Chat Client -- (IceChat Networks)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\gnucash\bin\gnucash.exe" = C:\Program Files\gnucash\bin\gnucash.exe:*:Enabled:GnuCash Free Finance Manager -- ()
"C:\Program Files\gnucash\bin\gconfd-2.exe" = C:\Program Files\gnucash\bin\gconfd-2.exe:*:Enabled:GConf Settings Manager -- ()
"C:\Program Files\HP\Digital Imaging\{F86D9734-D358-4C5B-BC2B-6D90557FF05B}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{F86D9734-D358-4C5B-BC2B-6D90557FF05B}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\xOpera\opera.exe" = C:\Program Files\xOpera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Documents and Settings\mack\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\mack\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Maxthon\bin\Maxthon.exe" = C:\Program Files\Maxthon\bin\Maxthon.exe:*:Enabled:Maxthon -- (Maxthon International ltd.)
"C:\Program Files\Maxthon\bin\MxUp.exe" = C:\Program Files\Maxthon\bin\MxUp.exe:*:Enabled:MxUp -- (Maxthon International ltd.)
"C:\Program Files\VMware\VMware Player\vmware-authd.exe" = C:\Program Files\VMware\VMware Player\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Documents and Settings\mack\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\mack\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0ABBF310-94E4-4AE8-A6BD-10345A3F6439}" = Google Drive
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F1A3568-7419-4115-A207-512B9F688267}" = Creative Memories Memory Manager 2
"{0FE71BBF-15E0-4762-A595-4ECE0E09A54F}" = Pimlical
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{23170F69-40C1-2701-0920-000001000000}" = 7-Zip 9.20
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{241DBC8D-14E3-4240-8EE5-3AC35086B638}" = AVG 2013
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2B1E6CDB-306C-4C64-B192-1E465C5C3012}" = 8500A909g
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D73DC7A-2D1D-45CF-8A67-24873925C716}" = bpd_scan
"{3D843732-70CD-4DEF-A36F-AEFB87C80DC9}" = ProductContext
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{69754D89-C21E-4851-83C0-399DE63C6579}" = 8500A909_Help
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{6F8CBBFB-7986-4140-91EC-D8C7F1EC8DF3}" = AVG 2013
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{74A9AB17-2803-4E2E-9ABB-26A3A876A210}" = OneClickdigital Media Manager
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8AEA6737-8AF3-47BB-95CE-AAB62BE68985}" = MPM
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FDEDFA3-C1F2-4A8D-8727-7759D4C433E4}" = Oracle VM VirtualBox 4.2.6
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{91DDF870-EE18-44D8-9D93-F4C122B80908}" = Seagate Drive Settings Installer
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A7A02E23-805C-4AAC-B408-D59A1D53AEA6}" = BPDSoftware
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9CE0266-6801-3B33-94AD-00520085CF4B}" = Google Talk Plugin
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC4E477E-BBD4-4C68-8D6C-D10C3BB658F3}" = BPD_DSWizards
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AD0AA962-111E-41D5-A705-0E3D9178A661}" = BPDSoftware_Ini
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B318D3D1-3421-4E2A-9C63-5D8FC2457B9C}" = 8500A909_eDocs
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D07205E7-F6D3-4333-AFCC-782A07685B72}" = OverDrive Media Console
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F86D9734-D358-4C5B-BC2B-6D90557FF05B}" = HP Officejet Pro 8500 A909 Series
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"Array SSL VPN8,4,6,67" = Array Networks SSL VPN Client 8,4,6,67 (Array Networks)
"Audacity_is1" = Audacity 2.0.2
"AVG" = AVG 2013
"Creative Centrale" = Creative Centrale
"Digital Editions" = Adobe Digital Editions
"EAGLE 6.2.0" = EAGLE 6.2.0
"Ema Personal Wiki" = Ema Personal Wiki
"Ext2Ifs_for_NT501" = Ext2 IFS 1.11a for Windows XP
"GIMP-2_is1" = GIMP 2.8.4
"GnuCash_is1" = GnuCash 2.4.10
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"IceChat_is1" = IceChat 7.70 (Build 20101031)
"ie8" = Windows Internet Explorer 8
"InstallShield_{91DDF870-EE18-44D8-9D93-F4C122B80908}" = Seagate Drive Settings Installer
"KeePass Password Safe_is1" = KeePass Password Safe 1.22
"Logitech Vid" = Logitech Vid HD
"Maxthon3" = Maxthon Cloud Browser
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49a
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Opera 12.14.1738" = Opera 12.14
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"PuTTY_is1" = PuTTY version 0.62
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"Shop for HP Supplies" = Shop for HP Supplies
"StarCalc" = StarCalc 5.73
"TCP Traceroute_is1" = TCP Traceroute 1.0
"Tux Paint_is1" = Tux Paint 0.9.21c
"VLC media player" = VLC media player 2.0.5
"VMware_Player" = VMware Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.8.6 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZENMXUG" = Creative ZEN MX Documentation
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-299502267-1085031214-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/8/2013 2:00:05 PM | Computer Name = MAINE | Source = Mediprime | ID = 65535
Description = 
 
Error - 3/8/2013 2:00:05 PM | Computer Name = MAINE | Source = Mediprime | ID = 65535
Description = 
 
Error - 3/8/2013 2:00:05 PM | Computer Name = MAINE | Source = Mediprime | ID = 65535
Description = 
 
Error - 3/8/2013 2:00:05 PM | Computer Name = MAINE | Source = Mediprime | ID = 65535
Description = 
 
Error - 3/8/2013 2:00:05 PM | Computer Name = MAINE | Source = LoaderClient | ID = 65535
Description = 
 
Error - 3/12/2013 1:38:59 AM | Computer Name = MAINE | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 6.1.0.129, faulting module
 kernel32.dll, version 5.1.2600.6293, fault address 0x0000984e.
 
Error - 3/15/2013 10:37:37 AM | Computer Name = MAINE | Source = ESENT | ID = 490
Description = svchost (608) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
 for read / write access failed with system error 32 (0x00000020): "The process 
cannot access the file because it is being used by another process. ".  The open
 file operation will fail with error -1032 (0xfffffbf8).
 
Error - 3/15/2013 10:37:37 AM | Computer Name = MAINE | Source = ESENT | ID = 470
Description = Catalog Database (608) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
 is partially attached. Attachment stage: 3. Error: -1032.
 
Error - 3/24/2013 9:38:56 PM | Computer Name = MAINE | Source = Application Error | ID = 1000
Description = Faulting application ielogic.exe, version 6.11.2.104, faulting module
 prxtbwhit.dll, version 6.11.2.104, fault address 0x000026c0.
 
Error - 3/28/2013 3:14:36 PM | Computer Name = MAINE | Source = CltMngSvc | ID = 1000
Description = 
 
[ System Events ]
Error - 3/31/2013 8:13:41 PM | Computer Name = MAINE | Source = Service Control Manager | ID = 7034
Description = The Skype C2C Service service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 4/1/2013 11:22:31 AM | Computer Name = MAINE | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 4/1/2013 11:22:31 AM | Computer Name = MAINE | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 4/1/2013 11:22:31 AM | Computer Name = MAINE | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater14.2.0 service failed to start due to the following
 error:   %%2
 
Error - 4/1/2013 3:35:34 PM | Computer Name = MAINE | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 4/1/2013 3:35:34 PM | Computer Name = MAINE | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 4/1/2013 3:35:34 PM | Computer Name = MAINE | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater14.2.0 service failed to start due to the following
 error:   %%2
 
Error - 4/1/2013 8:09:52 PM | Computer Name = MAINE | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 4/1/2013 8:09:52 PM | Computer Name = MAINE | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 4/1/2013 8:09:52 PM | Computer Name = MAINE | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater14.2.0 service failed to start due to the following
 error:   %%2
 
 
< End of report >
 


#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:02 AM

Posted 03 April 2013 - 08:11 AM

Run OTL - Double-click OTL.exe otlDesktopIcon.png to start it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2011/06/25 23:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
IE - HKU\S-1-5-21-299502267-1085031214-1177238915-1003\..\SearchScopes\{AF5B51E0-FCD9-464D-ADFA-DDE039DE2D69}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=PSI&o=15116&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=L6&apn_dtid=YYYYYYUSUS&apn_uid=10e6c54b-e2c4-47c2-9aca-8088ec2206f8&apn_sauid=702AC8CD-5186-4387-B544-E2F6AF1333AC
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.9.3
[2013/03/25 08:55:29 | 000,001,102 | ---- | M] () -- C:\Documents and Settings\mack\Application Data\Mozilla\Firefox\Profiles\5du8myzm.default\searchplugins\whitesmoke-new-customized-web-search.xml
[2013/03/08 22:49:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/03/08 22:49:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Can you now get a DDS or ComboFix log for my review.
Let me know what other problem remains.

#10 mainemack

mainemack
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 03 April 2013 - 11:45 AM

After following your instructions, dds.com still hangs for about 12 minutes before I force a restart.  Logs pasted below.

 

========== OTL ==========
Service vToolbarUpdater14.2.0 stopped successfully!
Service vToolbarUpdater14.2.0 deleted successfully!
File C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe not found.
Service PEVSystemStart stopped successfully!
Service PEVSystemStart deleted successfully!
C:\ComboFix\pev.3XE moved successfully.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service VBoxNetFlt stopped successfully!
Service VBoxNetFlt deleted successfully!
File system32\DRIVERS\VBoxNetFlt.sys not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Registry key HKEY_USERS\S-1-5-21-299502267-1085031214-1177238915-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AF5B51E0-FCD9-464D-ADFA-DDE039DE2D69}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF5B51E0-FCD9-464D-ADFA-DDE039DE2D69}\ not found.
Prefs.js: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 removed from extensions.enabledAddons
Prefs.js: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37 removed from extensions.enabledAddons
Prefs.js: firefox@ghostery.com:2.9.3 removed from extensions.enabledAddons
C:\Documents and Settings\mack\Application Data\Mozilla\Firefox\Profiles\5du8myzm.default\searchplugins\whitesmoke-new-customized-web-search.xml moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
 
OTL by OldTimer - Version 3.2.69.0 log created on 04032013_084343
 

OTL logfile created on: 4/3/2013 9:16:08 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\mack\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.49 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 68.87% Memory free
3.83 Gb Paging File | 3.23 Gb Available in Paging File | 84.40% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 20.28 Gb Free Space | 36.28% Space Free | Partition Type: NTFS
 
Computer Name: MAINE | User Name: mack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/04/02 10:56:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mack\Desktop\OTL.exe
PRC - [2013/03/07 15:04:12 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/02/16 20:58:40 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013/01/31 11:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/12/19 16:12:12 | 000,403,992 | ---- | M] (Array Networks, Inc.) -- C:\Program Files\Array Networks\Common\8,4,6,67\arr_isrv.exe
PRC - [2012/12/19 16:11:26 | 000,309,784 | ---- | M] (Array Networks, Inc.) -- C:\Program Files\Array Networks\Array SSL VPN\8,4,6,67\arr_srvs.exe
PRC - [2012/12/11 04:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/12/10 12:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgfws.exe
PRC - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 05:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 14:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 14:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/10/22 14:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/06/09 20:30:38 | 000,334,488 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2012/06/09 20:30:34 | 000,113,304 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2012/06/09 20:30:08 | 000,064,152 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\hqtray.exe
PRC - [2012/06/09 20:29:46 | 000,404,120 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2012/06/09 19:30:12 | 000,539,288 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2012/01/17 23:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/11/11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/03 17:20:58 | 000,803,144 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
PRC - [2011/10/13 23:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/10/13 23:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/10/13 23:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/02/10 12:00:58 | 000,091,432 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe
PRC - [2008/08/12 20:49:30 | 000,405,504 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Software Update 3\SoftAuto.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/01 23:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
PRC - [2006/08/02 00:38:30 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/08/02 00:32:44 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004/12/30 01:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/06/09 20:30:50 | 000,068,760 | ---- | M] () -- C:\Program Files\VMware\VMware Player\zlib1.dll
MOD - [2012/06/09 20:30:14 | 000,970,392 | ---- | M] () -- C:\Program Files\VMware\VMware Player\libxml2.dll
MOD - [2011/11/03 17:21:06 | 000,350,024 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup\madExcept_.bpl
MOD - [2011/11/03 17:21:06 | 000,184,136 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup\madBasic_.bpl
MOD - [2011/11/03 17:21:06 | 000,050,504 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup\madDisAsm_.bpl
MOD - [2011/08/12 13:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/08/12 13:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/08/12 13:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/08/12 13:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/08/12 13:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2006/08/02 00:26:20 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/08/02 00:24:54 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2013/03/12 19:59:53 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/08 22:50:07 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/07 15:04:12 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/01/31 11:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/19 16:12:12 | 000,403,992 | ---- | M] (Array Networks, Inc.) [Auto | Running] -- C:\Program Files\Array Networks\Common\8,4,6,67\arr_isrv.exe -- (Array_Utility_Service8.4.6.67)
SRV - [2012/12/19 16:11:26 | 000,309,784 | ---- | M] (Array Networks, Inc.) [Auto | Running] -- C:\Program Files\Array Networks\Array SSL VPN\8,4,6,67\arr_srvs.exe -- (ArraySSL_VPN_Service8.4.6.67)
SRV - [2012/12/10 12:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/06/09 20:30:38 | 000,334,488 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012/06/09 20:30:34 | 000,113,304 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2012/06/09 20:29:46 | 000,404,120 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2012/06/09 19:30:12 | 000,539,288 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2012/01/17 23:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/10/13 23:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/13 23:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/02/10 12:00:58 | 000,091,432 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe -- (FreeAgentGoFlex Service)
SRV - [2010/08/19 14:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/06/25 10:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2008/05/21 04:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2007/04/01 23:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013/02/18 12:52:16 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/12/19 16:36:24 | 000,188,328 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2012/12/19 16:35:16 | 000,094,632 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2012/11/16 00:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/26 20:03:06 | 000,104,280 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2012/10/22 14:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 04:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 04:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 04:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 04:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 04:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 04:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/06/09 20:31:08 | 000,854,296 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2012/06/09 20:31:06 | 000,070,808 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci)
DRV - [2012/06/09 20:30:58 | 000,023,832 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmparport.sys -- (VMparport)
DRV - [2012/06/09 20:29:26 | 000,024,728 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2012/06/09 20:28:40 | 000,032,792 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2012/06/09 20:28:36 | 000,026,392 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2012/06/09 19:30:06 | 000,032,408 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2012/06/09 17:06:56 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2012/01/17 23:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/17 23:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2012/01/17 23:44:14 | 000,022,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2012/01/12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2012/01/12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2011/12/19 15:11:58 | 000,082,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2010/09/01 01:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/08/19 14:56:38 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2010/06/25 10:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/09/04 12:15:14 | 000,016,256 | ---- | M] (Array Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atpdrvr.sys -- (ATP)
DRV - [2008/09/25 18:35:24 | 000,181,120 | ---- | M] (Stephan Schreiber) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ext2fs.sys -- (Ext2fs)
DRV - [2008/08/28 23:45:58 | 000,051,072 | ---- | M] (Stephan Schreiber) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ifsmount.sys -- (IfsMount)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/09/04 02:14:06 | 000,006,528 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Thpevm.sys -- (Thpevm)
DRV - [2006/08/02 01:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/05/09 17:27:24 | 004,273,152 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2004/05/08 20:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.3
FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.30
FF - prefs.js..extensions.enabledAddons: %7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D:6.6.0.11664
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\mack\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\mack\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\mack\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\mack\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\mack\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/01/11 16:33:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FEFE89E5-A43F-4f4b-8211-B11D91D02135}: C:\Program Files\CoolPic - Fun Social Pictures\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{14DD0E04-D4F6-45d2-A958-F361FBD4F64F}: C:\Program Files\WBC Engine\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/28 12:14:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/01/11 16:33:45 | 000,000,000 | ---D | M]
 
[2013/03/27 09:04:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mack\Application Data\Mozilla\Extensions
[2013/03/28 12:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mack\Application Data\Mozilla\Firefox\Profiles\5du8myzm.default\extensions
[2013/03/24 06:55:07 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Documents and Settings\mack\Application Data\Mozilla\Firefox\Profiles\5du8myzm.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2013/03/21 07:42:37 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\mack\Application Data\Mozilla\Firefox\Profiles\5du8myzm.default\extensions\firefox@ghostery.com
[2013/04/03 08:43:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/08 22:49:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/06/24 20:46:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013/03/07 07:31:00 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/03/07 07:30:20 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/07 07:30:20 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = http://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\mack\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Ghostery = C:\Documents and Settings\mack\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.0_0\
CHR - Extension: AVG Security Toolbar = C:\Documents and Settings\mack\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
 
O1 HOSTS File: ([2008/04/14 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [SoftAuto.exe] C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{626C2F94-0688-4AE3-AA90-B52517776B87}: DhcpNameServer = 192.168.1.1 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACBA8920-9A0B-4CB2-80E1-EEB10AE7CCB4}: NameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/29 20:21:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{bc373801-7005-11e2-96bb-000e7b45faa5}\Shell - "" = AutoRun
O33 - MountPoints2\{bc373801-7005-11e2-96bb-000e7b45faa5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bc373801-7005-11e2-96bb-000e7b45faa5}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/03 08:43:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/02 10:56:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mack\Desktop\OTL.exe
[2013/04/02 10:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mack\Desktop\JavaRa
[2013/04/01 12:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mack\Desktop\RK_Quarantine
[2013/03/31 17:14:02 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/03/31 12:26:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/03/31 12:23:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/03/31 12:23:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/03/31 12:23:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/03/31 12:23:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/03/31 12:22:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/31 12:22:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/03/31 12:19:18 | 005,045,447 | R--- | C] (Swearware) -- C:\Documents and Settings\mack\Desktop\ComboFix.exe
[2013/03/29 04:29:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mack\Desktop\malware
[2013/03/29 04:04:21 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\mack\Desktop\aswMBR.exe
[2013/03/29 03:51:17 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2013/03/29 03:27:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2013/03/29 03:26:35 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\mack\Desktop\dds.com
[2013/03/28 13:29:04 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\mack\Desktop\TDSSKiller.exe
[2013/03/28 12:23:47 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\mack\Desktop\olddds.scr
[2013/03/28 11:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mack\AppData
[2013/03/24 18:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\CoolPic - Fun Social Pictures
[2013/03/15 21:01:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mack\Local Settings\Application Data\Array NetWorks
[2013/03/15 21:00:33 | 000,016,256 | ---- | C] (Array Networks, Inc.) -- C:\WINDOWS\System32\drivers\atpdrvr.sys
[2013/03/15 21:00:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Array Networks
[2013/03/15 21:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\Array Networks
[2013/03/15 21:00:10 | 000,301,592 | ---- | C] (Array Networks, Inc.) -- C:\WINDOWS\System32\ArrayApi.dll
[2013/03/15 21:00:10 | 000,158,232 | ---- | C] (Array Networks, Inc.) -- C:\WINDOWS\System32\arr_launch.exe
[2013/03/15 21:00:10 | 000,090,112 | ---- | C] (Array Networks, Inc.) -- C:\WINDOWS\System32\arr_ndjni.dll
[2013/03/15 21:00:10 | 000,080,408 | ---- | C] (Array Networks, Inc.) -- C:\WINDOWS\System32\arr_getp.exe
[2013/03/14 20:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mack\My Documents\traffic citation
[2013/03/08 22:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2013/03/08 22:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/08 09:13:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/03 09:03:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/03 08:59:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/03 08:52:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/03 08:52:11 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/03 08:52:10 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup Integrator Start On mack Logon.job
[2013/04/03 08:52:10 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
[2013/04/03 08:51:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/03 08:45:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1085031214-1177238915-1003UA.job
[2013/04/02 20:45:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1085031214-1177238915-1003Core.job
[2013/04/02 10:56:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mack\Desktop\OTL.exe
[2013/04/02 10:51:59 | 000,160,350 | ---- | M] () -- C:\Documents and Settings\mack\Desktop\JavaRa.zip
[2013/04/01 12:38:12 | 000,816,128 | ---- | M] () -- C:\Documents and Settings\mack\Desktop\RogueKiller.exe
[2013/03/31 17:04:46 | 000,609,993 | ---- | M] () -- C:\Documents and Settings\mack\Desktop\adwcleaner(1).exe
[2013/03/31 17:04:21 | 000,890,798 | ---- | M] () -- C:\Documents and Settings\mack\Desktop\SecurityCheck.exe
[2013/03/31 12:26:39 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/03/31 12:22:07 | 005,045,447 | R--- | M] (Swearware) -- C:\Documents and Settings\mack\Desktop\ComboFix.exe
[2013/03/29 23:48:45 | 000,024,456 | ---- | M] () -- C:\Documents and Settings\mack\Desktop\crbc040409.gif
[2013/03/29 06:08:26 | 002,522,504 | ---- | M] () -- C:\Documents and Settings\mack\Desktop\avg_rem_zeroaccess_all_1_798.exe
[2013/03/29 04:45:59 | 000,105,984 | ---- | M] () -- C:\Documents and Settings\mack\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/29 04:31:14 | 000,609,993 | ---- | M] () -- C:\Documents and Settings\mack\Desktop\AdwCleaner.exe
[2013/03/29 04:05:43 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\mack\Desktop\aswMBR.exe
[2013/03/29 03:26:36 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\mack\Desktop\dds.com
[2013/03/28 12:23:48 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\mack\Desktop\olddds.scr
[2013/03/28 12:15:44 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\mack\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/03/28 11:05:06 | 000,015,137 | ---- | M] () -- C:\Documents and Settings\mack\My Documents\ebay_selling for others.ods
[2013/03/26 18:27:42 | 000,013,403 | ---- | M] () -- C:\Documents and Settings\mack\Desktop\calm.jpg
[2013/03/25 22:28:36 | 000,008,807 | ---- | M] () -- C:\Documents and Settings\mack\Desktop\red.jpg
[2013/03/25 17:04:11 | 000,011,719 | ---- | M] () -- C:\Documents and Settings\mack\Desktop\v wishlist.ods
[2013/03/25 14:41:32 | 000,054,141 | ---- | M] () -- C:\Documents and Settings\mack\Desktop\409_sexy-cake.jpg
[2013/03/25 14:40:09 | 000,120,611 | ---- | M] () -- C:\Documents and Settings\mack\Desktop\Blue-A-Sexy-Kind-Of-Invite--Calling-all-Bachelorettes--amp--Single-Lady-Invites.jpg
[2013/03/24 18:41:16 | 000,000,884 | RHS- | M] () -- C:\Documents and Settings\mack\ntuser.pol
[2013/03/21 21:27:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/03/18 17:51:08 | 000,741,989 | ---- | M] () -- C:\Documents and Settings\mack\My Documents\DSCN3498.JPG
[2013/03/15 21:00:10 | 000,301,592 | ---- | M] (Array Networks, Inc.) -- C:\WINDOWS\System32\ArrayApi.dll
[2013/03/15 21:00:10 | 000,158,232 | ---- | M] (Array Networks, Inc.) -- C:\WINDOWS\System32\arr_launch.exe
[2013/03/15 21:00:10 | 000,090,112 | ---- | M] (Array Networks, Inc.) -- C:\WINDOWS\System32\arr_ndjni.dll
[2013/03/15 21:00:10 | 000,080,408 | ---- | M] (Array Networks, Inc.) -- C:\WINDOWS\System32\arr_getp.exe
[2013/03/13 03:30:09 | 000,497,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/13 03:30:09 | 000,086,772 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/13 03:04:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/03/09 10:36:43 | 000,012,564 | ---- | M] () -- C:\Documents and Settings\mack\My Documents\patricia.ods
[2013/03/08 22:57:47 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/03/08 22:55:01 | 000,001,491 | ---- | M] () -- C:\Documents and Settings\mack\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2013/03/08 22:54:32 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\mack\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/08 09:13:30 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/04/02 10:51:59 | 000,160,350 | ---- | C] () -- C:\Documents and Settings\mack\Desktop\JavaRa.zip
[2013/04/01 12:38:11 | 000,816,128 | ---- | C] () -- C:\Documents and Settings\mack\Desktop\RogueKiller.exe
[2013/03/31 17:04:46 | 000,609,993 | ---- | C] () -- C:\Documents and Settings\mack\Desktop\adwcleaner(1).exe
[2013/03/31 17:04:20 | 000,890,798 | ---- | C] () -- C:\Documents and Settings\mack\Desktop\SecurityCheck.exe
[2013/03/31 12:26:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/03/31 12:26:35 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/03/31 12:23:16 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/03/31 12:23:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/03/31 12:23:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/03/31 12:23:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/03/31 12:23:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/03/29 23:48:44 | 000,024,456 | ---- | C] () -- C:\Documents and Settings\mack\Desktop\crbc040409.gif
[2013/03/29 06:08:23 | 002,522,504 | ---- | C] () -- C:\Documents and Settings\mack\Desktop\avg_rem_zeroaccess_all_1_798.exe
[2013/03/29 04:31:14 | 000,609,993 | ---- | C] () -- C:\Documents and Settings\mack\Desktop\AdwCleaner.exe
[2013/03/28 12:15:44 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\mack\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/03/28 12:15:44 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\mack\Start Menu\Programs\Internet Explorer.lnk
[2013/03/26 18:27:42 | 000,013,403 | ---- | C] () -- C:\Documents and Settings\mack\Desktop\calm.jpg
[2013/03/25 22:28:35 | 000,008,807 | ---- | C] () -- C:\Documents and Settings\mack\Desktop\red.jpg
[2013/03/25 14:41:31 | 000,054,141 | ---- | C] () -- C:\Documents and Settings\mack\Desktop\409_sexy-cake.jpg
[2013/03/25 14:40:07 | 000,120,611 | ---- | C] () -- C:\Documents and Settings\mack\Desktop\Blue-A-Sexy-Kind-Of-Invite--Calling-all-Bachelorettes--amp--Single-Lady-Invites.jpg
[2013/03/24 18:41:14 | 000,000,884 | RHS- | C] () -- C:\Documents and Settings\mack\ntuser.pol
[2013/03/24 08:08:33 | 000,741,989 | ---- | C] () -- C:\Documents and Settings\mack\My Documents\DSCN3498.JPG
[2013/03/24 07:15:26 | 000,011,719 | ---- | C] () -- C:\Documents and Settings\mack\Desktop\v wishlist.ods
[2013/03/14 15:33:20 | 000,015,137 | ---- | C] () -- C:\Documents and Settings\mack\My Documents\ebay_selling for others.ods
[2013/03/08 22:55:01 | 000,001,491 | ---- | C] () -- C:\Documents and Settings\mack\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2013/03/08 22:55:01 | 000,001,479 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Wireshark.lnk
[2013/03/06 21:40:31 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1085031214-1177238915-1003UA.job
[2013/03/06 21:40:30 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1085031214-1177238915-1003Core.job
[2013/03/03 05:25:58 | 000,002,098 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\recently-used.xbel
[2013/01/11 21:33:17 | 000,231,480 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/10/29 23:13:47 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Repeat Routines
[2012/10/29 23:13:47 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\mack\Application Data\Project Templates
[2012/10/29 23:13:46 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLeo.DAT
[2012/08/30 13:55:49 | 000,002,850 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat.temp
[2012/08/30 12:00:26 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\dt.dat
[2012/06/24 22:13:08 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Pop Flute
[2012/06/24 22:11:17 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Pop Kit
[2012/06/24 22:11:16 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Podcasting
[2012/06/24 22:10:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Plants
[2012/06/24 22:10:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PPD Plugins
[2012/05/19 11:31:12 | 000,003,463 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\gnucash-mack.gnucash.20120519113112.gnucash
[2012/05/19 11:28:10 | 000,003,303 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\gnucash-mack.gnucash.20120519112810.gnucash
[2012/05/18 13:03:59 | 000,002,768 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\gnucash-mack.gnucash.20120518130359.gnucash
[2012/05/18 12:37:11 | 000,002,557 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\gnucash-mack.gnucash.20120518123711.gnucash
[2012/05/18 10:55:27 | 000,002,317 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\gnucash-mack.gnucash.20120518105527.gnucash
[2012/05/17 10:00:44 | 000,002,308 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\gnucash-mack.gnucash.20120517100044.gnucash
[2012/05/17 09:59:29 | 000,002,339 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\gnucash-mack.gnucash.20120517095929.gnucash
[2012/05/17 09:48:03 | 000,001,996 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\gnucash-mack.gnucash.20120517094803.gnucash
[2012/05/17 09:21:39 | 000,001,888 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\gnucash-mack.gnucash.20120517092139.gnucash
[2012/05/17 09:00:38 | 000,001,452 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\gnucash-mack.gnucash.20120517090038.gnucash
[2012/05/17 08:52:19 | 000,001,129 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\gnucash-mack.gnucash.20120517085219.gnucash
[2012/05/17 08:46:36 | 000,003,482 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\gnucash-mack.gnucash
[2012/03/28 14:12:49 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\PUTTY.RND
[2012/03/22 18:07:39 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\mack\gncontent.cch
[2012/02/14 16:44:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/13 21:31:51 | 000,253,670 | ---- | C] () -- C:\Documents and Settings\mack\la-bulletin-electr-sta-oper-2012
[2012/02/13 21:29:58 | 000,553,528 | ---- | C] () -- C:\Documents and Settings\mack\la-pers-application-electr-sta-oper-2009
[2012/01/03 15:40:50 | 000,232,950 | ---- | C] () -- C:\WINDOWS\hpwins22.dat
[2012/01/03 15:40:50 | 000,002,850 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat
[2011/12/18 20:18:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI
[2011/12/18 20:10:15 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\mack\Application Data\Plug-Ins
[2011/12/18 20:10:15 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\mack\Application Data\Plug-In Settings
[2011/12/18 20:10:15 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2011/12/18 20:10:15 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
[2011/12/18 20:10:14 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\mack\Application Data\Plants
[2011/12/18 20:10:14 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2011/12/18 20:06:37 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/12/18 20:04:24 | 000,105,984 | ---- | C] () -- C:\Documents and Settings\mack\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/31 21:26:54 | 000,001,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\HDACfg.dat
[2011/10/31 21:26:52 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2011/10/31 21:26:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/10/30 01:12:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/29 20:24:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/10/29 20:17:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/10/28 19:55:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/10/28 19:53:42 | 000,558,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/19 02:26:20 | 010,920,984 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2011/08/19 02:26:20 | 000,336,408 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2011/08/19 02:26:20 | 000,104,472 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2011/08/12 13:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011/07/25 23:48:54 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
 
========== ZeroAccess Check ==========
 
[2011/10/31 18:56:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/09/05 06:56:22 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/01/16 19:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2013/01/16 19:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2011/10/29 23:22:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/10/29 23:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2012/06/24 22:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Image Units
[2012/06/24 22:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Internet Services
[2012/06/15 19:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2012/06/24 22:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Keyboard Layouts
[2013/04/03 08:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/12/18 20:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2012/10/29 23:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sci-Fi
[2011/11/08 23:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2013/04/03 09:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/10/29 23:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2011/12/04 21:43:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{26D901A1-2540-4430-81DC-0317F01BD7BE}
[2011/12/04 21:43:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B7FA0661-862B-4AE4-A12A-F08D226ED546}
[2011/12/22 20:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mack\Application Data\Amazon
[2012/09/04 11:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mack\Application Data\Arduino
[2012/12/01 13:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mack\Application Data\Audacity
[2012/05/11 14:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mack\Application Data\AVG
[2013/01/16 19:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mack\Application Data\AVG2013
[2012/09/06 12:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mack\Application Data\CadSoft
[2013/03/29 03:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mack\Application Data\Dropbox
[2012/02/29 15:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mack\Application Data\IceChat
[2012/06/07 11:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mack\Application Data\KeePass
[2011/11/08 21:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mack\Application Data\Leadertech
[2012/12/26 19:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mack\Application Data\Maxthon3
[2011/12/04 20:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mack\Application Data\Mp3tag
[2012/01/11 19:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mack\Application Data\Nikon
[2012/02/06 21:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mack\Application Data\OpenOffice.org
[2012/11/16 00:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mack\Application Data\Opera
[2012/02/29 14:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mack\Application Data\OverDrive
[2012/02/14 22:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mack\Application Data\PIM
[2012/08/28 02:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mack\Application Data\Pimlico
[2011/10/31 20:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mack\Application Data\Skinux
[2013/01/16 19:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mack\Application Data\TuneUp Software
[2013/01/27 20:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mack\Application Data\TuxPaint
[2013/03/30 04:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mack\Application Data\Wireshark
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >
 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:02 AM

Posted 03 April 2013 - 12:12 PM

Only execute this if you still have some problems with the computer.

Delete your version of ComboFix
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
  • ===

    Restart the computer normally.

    Download ComboFix from any of the links below but rename it to mainemack.exe before saving it to your desktop. <- Important.

    Link 1
    Link 2
    ==================================
    • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

      Double click on the renamed ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    RcAuto1.gif

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

    Do not mouse click combofix's window while it's running. That may cause it to stall
    ====


#12 mainemack

mainemack
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 03 April 2013 - 08:12 PM

Thank you.  Yes, problems continue, cannot execute dds or combofix.

 

Followed instructions.  Newly installed renamed combofix hanged for about 20 mins before forced restart of computer.

 

Uninstalled Secunia PSI just in case it's interfering with something, and ran dds.com, which hanged for about 15 mins before forced restart of computer.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:02 AM

Posted 04 April 2013 - 07:43 AM

Other than not being able to run these tools what is the problem with this Computer?

#14 mainemack

mainemack
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 04 April 2013 - 07:47 AM

That's the sole problem, that dds and combofix won't execute.  I'm concerned it's evidence of a well-concealed attack.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:02 AM

Posted 04 April 2013 - 08:34 AM

I suspect that your AVG virus protection software is the culprit.
To test it you will have to remove AVG completely.

Run this tool for now.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push the esetFinish.png button.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users