1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Windows vista freezing

Discussion in 'Malware and Virus Removal Archive' started by thomaswest, 2012/11/17.

Page 1 of 2
  1. 2012/11/17
    thomaswest

    thomaswest Inactive Thread Starter

    Joined:
    2012/11/17
    Messages:
    18
    Likes Received:
    0
    [Resolved] Windows vista freezing

    Malwarebytes Anti-Malware (Trial) 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.16.11

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 7.0.6002.16497
    West Family :: KATHERINE-PC [limited]

    Protection: Enabled

    17/11/2012 08:02:18
    mbam-log-2012-11-17 (08-02-18).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 169969
    Time elapsed: 7 minute(s), 28 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 11
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> No action taken.
    HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> N








    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-17 08:11:00
    -----------------------------
    08:11:00.804 OS Version: Windows 6.0.6002 Service Pack 2, v.113
    08:11:00.804 Number of processors: 2 586 0xF02
    08:11:00.806 ComputerName: KATHERINE-PC UserName: Katherine
    08:11:03.892 Initialize success
    08:11:17.408 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
    08:11:17.411 Disk 0 Vendor: ST3500630AS 3.AAD Size: 476940MB BusType: 3
    08:11:17.439 Disk 0 MBR read successfully
    08:11:17.442 Disk 0 MBR scan
    08:11:17.444 Disk 0 Windows VISTA default MBR code
    08:11:17.457 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1302 MB offset 63
    08:11:17.467 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 475635 MB offset 2666790
    08:11:17.473 Disk 0 scanning sectors +976768065
    08:11:17.528 Disk 0 scanning C:\Windows\system32\drivers
    08:11:22.803 Service scanning
    08:11:33.997 Modules scanning
    08:11:39.844 Disk 0 trace - called modules:
    08:11:39.871 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys
    08:11:39.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866a4180]
    08:11:40.208 3 CLASSPNP.SYS[837a63f8] -> nt!IofCallDriver -> [0x859f9918]
    08:11:40.213 5 acpi.sys[8069e6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0x859f7030]
    08:11:40.219 Scan finished successfully
    08:12:05.937 Disk 0 MBR has been saved successfully to "C:\Users\Katherine\Desktop\MBR.dat "
    08:12:05.944 The log file has been saved successfully to "C:\Users\Katherine\Desktop\aswMBR.txt "








    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3)
    AOL Uninstaller (Choose which Products to Remove)
    Apple Application Support
    Apple Software Update
    Attansic L1 Gigabit Ethernet Driver
    AVG 2013
    AVG PC TuneUp
    AVG PC TuneUp Language Pack (en-US)
    AVG Security Toolbar
    BabylonObjectInstaller
    Bandicam
    Bandisoft MPEG-1 Decoder
    Cisco EAP-FAST Module
    Cisco LEAP Module
    EPSON Attach To Email
    EPSON Printer Software
    Facebook Video Calling 1.2.0.287
    FilesFrog Update Checker
    Google Chrome
    Google Earth
    Google Update Helper
    HD Writer PE 1.0
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Intel(R) Graphics Media Accelerator Driver
    Junk Mail filter update
    LEGO Digital Designer
    LG United Mobile Driver
    Malwarebytes Anti-Malware version 1.65.1.1000
    McAfee Security Scan Plus
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2000 SR-1 Professional
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Standard 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Word Viewer 97
    Microsoft Works
    MSVCRT
    MSVCRT Redists
    NCETM Maths Resources for Primary NQTs 2008
    Norton Security Scan
    Photo Loader 2.3E
    Realtek High Definition Audio Driver
    REALTEK Wireless LAN Driver and Utility
    Registry Mechanic 9.0
    SA30xx Media Converter
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
    Serif MoviePlus X3
    Skype Toolbars
    Skypeâ„¢ 5.1
    SMART Essentials for Educators
    Ten PDF Reader 8.1
    TomTom HOME
    TomTom HOME Visual Studio Merge Modules
    Total Video Converter 3.71 100812
    Uniblue SpeedUpMyPC
    Unity Web Player (All users)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Vid-Saver
    Video Downloader
    Viewpoint Media Player
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Writer
    YTD Toolbar v6.3
    YTD Video Downloader 3.9
    .
    ==== End Of File ===========================













    DDS (Ver_2012-11-07.01) - NTFS_x86
    Internet Explorer: 7.0.6002.16497
    Run by Katherine at 8:13:23 on 2012-11-17
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.44.1033.18.2038.434 [GMT 0:00]
    .
    AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
    .
    ============== Running Processes ================
    .
    C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
    C:\Program Files\AVG\AVG2013\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Application Updater\ApplicationUpdater.exe
    C:\Program Files\AVG\AVG2013\avgfws.exe
    C:\Program Files\AVG\AVG2013\avgidsagent.exe
    C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\AVG\AVG2013\avgnsx.exe
    C:\Program Files\AVG\AVG2013\avgemcx.exe
    C:\Program Files\AVG\AVG2013\avgcsrvx.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\wpcumi.exe
    C:\Windows\System32\igfxtray.exe
    C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    C:\Program Files\Common Files\aol\1186225301\ee\aolsoftware.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\AVG\AVG2013\avgui.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
    C:\Program Files\McAfee Security Scan\2.0.189\SSScheduler.exe
    C:\Program Files\CASIO\Photo Loader\Plauto.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\notepad.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.bearshare.net
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
    uURLSearchHooks: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\ytd toolbar\ie\6.3\ytdToolbarIE.dll
    uURLSearchHooks: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - <orphaned>
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    mWinlogon: Userinit = c:\windows\system32\userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
    BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\ytd toolbar\ie\6.3\ytdToolbarIE.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\ytd toolbar\ie\6.3\ytdToolbarIE.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [EPSON Stylus Photo R360 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiboe.exe /fu "c:\users\kather~1\appdata\local\temp\E_S41FF.tmp" /EF "HKCU "
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H
    uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe "
    uRun: [AOL Dialer] c:\program files\common files\aol\acs\AOlDial.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [Facebook Update] "c:\users\katherine\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [SDP] c:\program files\filesfrog update checker\update_checker.exe /auto
    uRun: [SpeedUpMyPC] "c:\program files\uniblue\speedupmypc\launcher.exe" -d 20000
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 - "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6.4; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; WinTSI 12.01.2010)" - "http://www.freeonlinegames.com/nohotlinking/hey_taxi/hey_taxi.html "
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [GSISETUP] e:\drivers\voyage~2\setup.exe
    mRun: [Skytel] Skytel.exe
    mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
    mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
    mRun: [HostManager] c:\program files\common files\aol\1186225301\ee\AOLSoftware.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe "
    mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe "
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe "
    mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
    mRun: [B2C_AGENT] c:\programdata\lgmobileax\b2c_client\B2CNotiAgent.exe
    mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\users\kather~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\tcbhn.lnk - c:\users\katherine\appdata\roaming\browsercompanion\tcbhn.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hdwrit~1.lnk - c:\program files\common files\panasonic\hd writer autostart\HDWriterAutoStart.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.189\SSScheduler.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\photol~1.lnk - c:\program files\casio\photo loader\Plauto.exe
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    LSP: c:\windows\system32\wpclsp.dll
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {A6132015-5796-48B5-B776-16D009021D81} - hxxps://eatm.firstbank.com.tw/firstbank_ie32.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://81.137.215.15:9024/activex/AMC.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{374E3EF4-1BF1-42FB-B6B9-CCCC93AA3BC5} : DHCPNameServer = 192.168.0.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\13.2.0\ViProtocol.dll
    Notify: igfxcui - igfxdev.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-10-5 93536]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
    R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2012-9-4 50296]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-10-30 26984]
    R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-9-19 795072]
    R2 avgfws;AVG Firewall;c:\program files\avg\avg2013\avgfws.exe [2012-11-2 1340976]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-6 5814392]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-17 399432]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-17 676936]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-3-9 583640]
    R2 Realtek11nSU;Realtek11nSU;c:\program files\realtek\11n usb wireless lan utility\RtlService.exe [2011-12-10 36864]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-8-28 92632]
    R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesService32.exe [2012-8-23 1532280]
    R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\ToolbarUpdater.exe [2012-10-30 711112]
    R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2006-11-21 667648]
    R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01v32.sys [2007-5-22 48128]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-17 22856]
    R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192cu.sys [2011-12-10 602216]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesDriver32.sys [2012-7-4 10088]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-18 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.189\McCHSvc.exe [2010-9-2 227232]
    S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2006-11-2 1083520]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-11-17 08:01:16 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-17 08:01:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-11-16 18:54:37 -------- d-----w- c:\users\katherine\appdata\roaming\Malwarebytes
    2012-11-16 18:54:17 -------- d-----w- c:\programdata\Malwarebytes
    2012-11-16 18:41:59 -------- d-----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
    2012-11-16 15:55:20 -------- d-----w- c:\users\katherine\appdata\roaming\YourFileDownloader
    2012-11-11 18:28:28 -------- d-----w- C:\KP500
    2012-11-11 18:25:18 655872 ----a-w- c:\windows\system32\msvcr90.dll
    2012-11-11 18:25:18 568832 ----a-w- c:\windows\system32\msvcp90.dll
    2012-11-11 18:25:18 224768 ----a-w- c:\windows\system32\msvcm90.dll
    2012-11-11 18:25:10 53248 ----a-w- c:\windows\system32\CommonDL.dll
    2012-11-11 18:25:10 44544 ----a-w- c:\windows\system32\msxml4a.dll
    2012-11-11 18:24:55 -------- d-----w- c:\programdata\LGMOBILEAX
    2012-11-11 18:21:01 -------- d-----w- c:\program files\LG Electronics
    2012-10-31 15:40:22 32120 ----a-w- c:\windows\system32\TURegOpt.exe
    2012-10-31 15:40:21 21880 ----a-w- c:\windows\system32\authuitu.dll
    2012-10-31 15:39:12 -------- d-----w- c:\users\katherine\appdata\roaming\AVG
    2012-10-31 15:38:00 -------- d-----w- c:\programdata\AVG
    2012-10-31 15:37:53 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    2012-10-30 14:36:39 -------- d-----w- c:\users\katherine\appdata\roaming\AVG2013
    2012-10-30 14:35:08 -------- d-----w- c:\users\katherine\appdata\local\AVG Secure Search
    2012-10-30 14:34:52 -------- d-----w- c:\users\katherine\appdata\roaming\TuneUp Software
    2012-10-30 14:34:45 -------- d-----w- c:\programdata\AVG Secure Search
    2012-10-30 14:34:35 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2012-10-30 14:34:32 -------- d-----w- c:\program files\common files\AVG Secure Search
    2012-10-30 14:34:31 -------- d-----w- c:\program files\AVG Secure Search
    2012-10-30 14:31:28 -------- d-----w- c:\programdata\AVG2013
    2012-10-30 14:16:14 -------- d--h--w- c:\programdata\Common Files
    2012-10-30 14:16:14 -------- d-----w- c:\users\katherine\appdata\local\MFAData
    2012-10-30 14:16:14 -------- d-----w- c:\users\katherine\appdata\local\Avg2013
    2012-10-30 14:16:14 -------- d-----w- c:\programdata\MFAData
    2012-10-22 13:02:46 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    .
    ==================== Find3M ====================
    .
    2012-10-15 03:48:52 55776 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2012-10-11 16:45:39 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-11 16:45:39 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-10-02 03:30:38 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2012-09-21 03:46:06 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2012-09-21 03:46:00 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
    2012-09-21 03:45:54 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
    2012-09-14 03:05:20 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2012-09-04 10:39:32 50296 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
    2008-10-15 19:47:07 774144 ----a-w- c:\program files\RngInterstitial.dll
    .
    ============= FINISH: 8:19:14.09 ===============






    Hi guys im not to sure what im doing here, im not to sure if even what i have done is right? but if you could fix it for me that would be great!
    Many thanks
    Tom
     
    thomaswest,
    #1
  2. 2012/11/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =========================================

    Your MBAM log says "No action taken ".
    Re-run MBAM, fix all issues and post new log.

    Next...

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
     
    broni,
    #2


  3. to hide this advert.

  4. 2012/11/18
    thomaswest

    thomaswest Inactive Thread Starter

    Joined:
    2012/11/17
    Messages:
    18
    Likes Received:
    0
    Hello broni,
    thank you for responding so quickly, just one question.
    I have recently been using my computer and since i ran and removed the bad software with malwarebytes anti virus software, my computer doesn't seem to be freezing anymore. Does this mean that it is fixed or do i still have to do as you said when you replied to my first thread?

    Thanks
    Tom
     
    thomaswest,
    #3
  5. 2012/11/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    .....
     
    broni,
    #4
  6. 2012/11/19
    thomaswest

    thomaswest Inactive Thread Starter

    Joined:
    2012/11/17
    Messages:
    18
    Likes Received:
    0
    MBAM not working?

    For some reason when i check all the boxes in the MBAM log and click remove selected, the program doesn't respond and closes down...
     
    thomaswest,
    #5
  7. 2012/11/19
    thomaswest

    thomaswest Inactive Thread Starter

    Joined:
    2012/11/17
    Messages:
    18
    Likes Received:
    0
    Hello i have run the scan again and this time it has worked but the scan found less viruses but i have posted them below along with the results from rouge killer.
    Thanks


    Malwarebytes Anti-Malware (Trial) 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.18.03

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 7.0.6002.16497
    West Family :: KATHERINE-PC [limited]

    Protection: Enabled

    19/11/2012 18:56:03
    mbam-log-2012-11-19 (18-56-03).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 170090
    Time elapsed: 12 minute(s), 51 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 5
    C:\Users\Katherine\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Delete on reboot.
    C:\Users\Katherine\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Delete on reboot.
    C:\Users\Katherine\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Delete on reboot.
    C:\Users\West Family\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Quarantined and deleted successfully.
    C:\Users\West Family\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Quarantined and deleted successfully.

    Files Detected: 0
    (No malicious items detected)

    (end)











    RogueKiller V8.3.0 [Nov 18 2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows Vista (6.0.6002 Service Pack 2, v.113) 32 bits version
    Started in : Normal mode
    User : Katherine [Admin rights]
    Mode : Remove -- Date : 11/19/2012 19:26:24

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 6 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : EPSON Stylus Photo R360 Series (C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE /FU "C:\Users\KATHER~1\AppData\Local\Temp\E_S41FF.tmp" /EF "HKCU ") -> DELETED
    [RUN][ROGUE ST] HKCU\[...]\Run : SpeedUpMyPC ( "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" -d 20000 ) -> DELETED
    [STARTUP][SUSP PATH] tcbhn.lnk @Katherine : C:\Users\Katherine\AppData\Roaming\BrowserCompanion\tcbhn.exe -> DELETED
    [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ::1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3500630AS ATA Device +++++
    --- User ---
    [MBR] 19e855499f458d45d565132803e0f3bd
    [BSP] 6b92fa84f24b30fb871833dff3b4ac85 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 1302 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2666790 | Size: 475635 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_11192012_02d1926.txt >>
    RKreport[1]_S_11192012_02d1925.txt ; RKreport[2]_D_11192012_02d1926.txt
     
    thomaswest,
    #6
  8. 2012/11/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    For whatever reason I can't approve your last post so I'll repost it so it's visible for you...

    Hello i have run the scan again and this time it has worked but the scan found less viruses but i have posted them below along with the results from rouge killer.
    Thanks


    Malwarebytes Anti-Malware (Trial) 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.18.03

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 7.0.6002.16497
    West Family :: KATHERINE-PC [limited]

    Protection: Enabled

    19/11/2012 18:56:03
    mbam-log-2012-11-19 (18-56-03).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 170090
    Time elapsed: 12 minute(s), 51 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 5
    C:\Users\Katherine\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Delete on reboot.
    C:\Users\Katherine\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Delete on reboot.
    C:\Users\Katherine\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Delete on reboot.
    C:\Users\West Family\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Quarantined and deleted successfully.
    C:\Users\West Family\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Quarantined and deleted successfully.

    Files Detected: 0
    (No malicious items detected)

    (end)











    RogueKiller V8.3.0 [Nov 18 2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows Vista (6.0.6002 Service Pack 2, v.113) 32 bits version
    Started in : Normal mode
    User : Katherine [Admin rights]
    Mode : Remove -- Date : 11/19/2012 19:26:24

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 6 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : EPSON Stylus Photo R360 Series (C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE /FU "C:\Users\KATHER~1\AppData\Local\Temp\E_S41FF.tmp" /EF "HKCU ") -> DELETED
    [RUN][ROGUE ST] HKCU\[...]\Run : SpeedUpMyPC ( "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" -d 20000 ) -> DELETED
    [STARTUP][SUSP PATH] tcbhn.lnk @Katherine : C:\Users\Katherine\AppData\Roaming\BrowserCompanion\tcbhn.exe -> DELETED
    [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ::1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3500630AS ATA Device +++++
    --- User ---
    [MBR] 19e855499f458d45d565132803e0f3bd
    [BSP] 6b92fa84f24b30fb871833dff3b4ac85 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 1302 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2666790 | Size: 475635 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_11192012_02d1926.txt >>
    RKreport[1]_S_11192012_02d1925.txt ; RKreport[2]_D_11192012_02d1926.txt
     
    broni,
    #7
  9. 2012/11/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ===========================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
    broni,
    #8
  10. 2012/11/20
    thomaswest

    thomaswest Inactive Thread Starter

    Joined:
    2012/11/17
    Messages:
    18
    Likes Received:
    0
    Hello
    I have done as you have instructed and downloaded combo fix and it performed a scan, combo fix then said that windows system 32 was infected and then said the problem was successfully resolved. Then my computer restarted. When my computer booted back up, combo fix kept opening up and flashing round the screen so i closed the program using task manager. I believe i have done something wrong?
     
    thomaswest,
    #9
  11. 2012/11/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Re-run Combofix.
     
    broni,
    #10
  12. 2012/11/22
    thomaswest

    thomaswest Inactive Thread Starter

    Joined:
    2012/11/17
    Messages:
    18
    Likes Received:
    0
    Hi, here is the combo fix log, i couldn't fit all the text in the reply and i don't know how to add an attachment on here so i will just do two separate reply's.
    Thanks





    ComboFix 12-11-20.02 - Katherine 20/11/2012 16:28:59.1.2 - x86
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.44.1033.18.2038.871 [GMT 0:00]
    Running from: c:\users\Katherine\Downloads\ComboFix.exe
    AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
    SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Vid-Saver
    c:\program files\Vid-Saver\Uninstall.exe
    c:\program files\Vid-Saver\Vid-Saver-bg.exe
    c:\program files\Vid-Saver\Vid-Saver.exe
    c:\program files\Vid-Saver\Vid-Saver.ico
    c:\program files\Vid-Saver\Vid-Saver.ini
    c:\program files\Vid-Saver\Vid-SaverInstaller.log
    c:\users\Katherine\AppData\Local\Vid-Saver
    c:\users\Katherine\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx
    c:\users\Katherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download programs.url
    c:\users\Katherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Translator.url
    c:\users\Katherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url
    c:\users\Katherine\Desktop\Download programs.url
    c:\users\Katherine\Desktop\Videos.url
    c:\users\Katherine\Favorites\Download programs.url
    c:\users\Katherine\Favorites\Translator.url
    c:\users\Katherine\Favorites\Videos.url
    c:\users\Public\~WRL0602.tmp
    c:\users\Public\~WRL3513.tmp
    c:\users\Public\~WRL3950.tmp
    c:\users\West Family\avg_free_x86_all_2012_1913a4770.exe
    c:\users\West Family\Documents\~WRL3687.tmp
    c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
    .
    Infected copy of c:\windows\system32\Services.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.16497_none_d0ec1fe3cab1bbd7\services.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-22 to 2012-11-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-20 16:38 . 2012-11-21 21:02 -------- d-----w- c:\users\West Family\AppData\Local\temp
    2012-11-20 16:38 . 2012-11-20 16:38 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-11-20 16:38 . 2012-11-22 18:28 -------- d-----w- c:\users\Katherine\AppData\Local\temp
    2012-11-18 14:50 . 2012-11-18 14:54 -------- d-----w- c:\users\Public\peotato gun
    2012-11-18 14:40 . 2012-11-18 14:40 -------- d-----w- c:\users\Katherine\AppData\Local\Serif
    2012-11-17 08:02 . 2012-11-17 08:02 -------- d-----w- c:\users\West Family\AppData\Roaming\Malwarebytes
    2012-11-17 08:01 . 2012-11-17 08:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-11-17 08:01 . 2012-09-29 19:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-16 18:54 . 2012-11-16 18:54 -------- d-----w- c:\users\Katherine\AppData\Roaming\Malwarebytes
    2012-11-16 18:54 . 2012-11-16 18:54 -------- d-----w- c:\programdata\Malwarebytes
    2012-11-16 18:41 . 2012-11-16 18:41 -------- d-----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
    2012-11-16 15:55 . 2012-11-16 15:55 -------- d-----w- c:\users\Katherine\AppData\Roaming\YourFileDownloader
    2012-11-11 18:28 . 2012-11-11 18:28 -------- d-----w- C:\KP500
    2012-11-11 18:25 . 2006-05-04 08:33 53248 ----a-w- c:\windows\system32\CommonDL.dll
    2012-11-11 18:24 . 2012-11-11 18:25 -------- d-----w- c:\programdata\LGMOBILEAX
    2012-11-11 18:21 . 2012-11-11 18:21 -------- d-----w- c:\program files\LG Electronics
    2012-11-09 15:39 . 2012-11-09 15:39 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
    2012-11-08 16:38 . 2012-11-08 16:38 -------- d-----w- c:\users\West Family\AppData\Local\Downloaded Installations
    2012-11-08 16:36 . 2012-11-08 16:36 -------- d-----w- c:\users\West Family\AppData\Roaming\TomTom
    2012-11-08 16:36 . 2012-11-08 16:36 -------- d-----w- c:\users\West Family\AppData\Local\TomTom
    2012-10-31 15:46 . 2012-10-31 15:46 -------- d-----w- c:\users\West Family\AppData\Roaming\AVG
    2012-10-31 15:40 . 2012-08-23 11:31 21880 ----a-w- c:\windows\system32\authuitu.dll
    2012-10-31 15:39 . 2012-10-31 15:39 -------- d-----w- c:\users\Katherine\AppData\Roaming\AVG
    2012-10-31 15:38 . 2012-10-31 15:40 -------- d-----w- c:\programdata\AVG
    2012-10-31 15:37 . 2012-10-31 15:37 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    2012-10-31 15:30 . 2012-11-01 16:18 -------- d-----w- c:\users\West Family\AppData\Roaming\TuneUp Software
    2012-10-30 17:51 . 2012-10-30 17:51 -------- d-----w- c:\users\West Family\AppData\Local\AVG Secure Search
    2012-10-30 14:36 . 2012-10-30 14:48 -------- d-----w- c:\users\West Family\AppData\Local\Avg2013
    2012-10-30 14:35 . 2012-10-30 14:35 -------- d-----w- c:\users\Katherine\AppData\Local\AVG Secure Search
    2012-10-30 14:34 . 2012-10-30 14:34 -------- d-----w- c:\users\Katherine\AppData\Roaming\TuneUp Software
    2012-10-30 14:34 . 2012-10-30 18:09 -------- d-----w- c:\programdata\AVG Secure Search
    2012-10-30 14:34 . 2012-10-30 14:34 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2012-10-30 14:34 . 2012-11-21 19:08 -------- d-----w- c:\program files\Common Files\AVG Secure Search
    2012-10-30 14:34 . 2012-11-08 16:08 -------- d-----w- c:\program files\AVG Secure Search
    2012-10-30 14:16 . 2012-11-22 18:26 -------- d-----w- c:\programdata\MFAData
    2012-10-30 14:16 . 2012-10-30 14:16 -------- d--h--w- c:\programdata\Common Files
    2012-10-30 14:16 . 2012-10-30 14:16 -------- d-----w- c:\users\Katherine\AppData\Local\MFAData
    2012-10-30 14:16 . 2012-10-30 14:16 -------- d-----w- c:\users\Katherine\AppData\Local\Avg2013
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-22 13:02 . 2012-10-22 13:02 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2012-10-15 03:48 . 2012-10-15 03:48 55776 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2012-10-11 16:45 . 2012-07-10 15:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-11 16:45 . 2012-07-10 15:30 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-10-05 03:32 . 2012-10-05 03:32 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2012-10-02 03:30 . 2012-10-02 03:30 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2012-09-21 03:46 . 2012-09-21 03:46 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2012-09-21 03:46 . 2012-09-21 03:46 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
    2012-09-21 03:45 . 2012-09-21 03:45 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
    2012-09-14 03:05 . 2012-09-14 03:05 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2012-09-04 10:39 . 2012-09-04 10:39 50296 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
    2008-10-15 19:47 . 2008-10-15 19:47 774144 ----a-w- c:\program files\RngInterstitial.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
     
    thomaswest,
    #11
  13. 2012/11/22
    thomaswest

    thomaswest Inactive Thread Starter

    Joined:
    2012/11/17
    Messages:
    18
    Likes Received:
    0
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-11-08 16:07 1796552 ----a-w- c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233} "= "c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-08 1796552]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    c:\users\West Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [N/A]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HD Writer.lnk - c:\program files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2011-4-12 308640]
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.189\SSScheduler.exe [2010-9-2 255536]
    Photo Loader supervisory.lnk - c:\program files\CASIO\Photo Loader\Plauto.exe [2007-8-6 229376]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle "= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux5 "=wdmaud.drv
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Registry Helper "= "c:\program files\Registry Helper\LaunchRegistryHelper.Exe" "c:\program files\Registry Helper\RegistryHelper.Exe" /boot
    "Disk Cleaner "= "c:\program files\Disk Cleaner\LaunchDiskCleaner.Exe" "c:\program files\Disk Cleaner\DiskCleaner.Exe" /boot
    "Logitech Vid "= "c:\program files\Logitech\Vid\Vid.exe" -bootmode
    "Logitech Vid HD "= "c:\program files\Logitech\Vid\vid.exe" -bootmode
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride "= " "
    "FirewallOverride "= " "
    .
    S3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-10 16:45]
    .
    2012-11-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3426496018-1141303471-428153973-1000Core.job
    - c:\users\Katherine\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-26 14:24]
    .
    2012-11-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3426496018-1141303471-428153973-1000UA.job
    - c:\users\Katherine\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-26 14:24]
    .
    2012-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-05-14 17:09]
    .
    2012-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-05-14 17:09]
    .
    2012-11-14 c:\windows\Tasks\Norton Security Scan for Katherine.job
    - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-01-17 13:12]
    .
    2012-11-22 c:\windows\Tasks\SpeedUpMyPC.job
    - c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2012-08-25 13:27]
    .
    2012-11-22 c:\windows\Tasks\User_Feed_Synchronization-{1FD94130-27B3-4BA3-83E5-93E61898A1DA}.job
    - c:\windows\system32\msfeedssync.exe [2008-06-02 07:33]
    .
    2012-11-21 c:\windows\Tasks\User_Feed_Synchronization-{3C0B3076-D93D-469A-9FDE-BF4819B11EB9}.job
    - c:\windows\system32\msfeedssync.exe [2008-06-02 07:33]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.bearshare.net
    uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    LSP: c:\windows\system32\wpclsp.dll
    TCP: DhcpNameServer = 192.168.0.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    DPF: {A6132015-5796-48B5-B776-16D009021D81} - hxxps://eatm.firstbank.com.tw/firstbank_ie32.cab
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://81.137.215.15:9024/activex/AMC.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
    URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Toolbar-10 - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-11-22 18:23
    Windows 6.0.6002 Service Pack 2, v.113 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Data]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Networking]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Networking 4.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for Oracle]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for SqlServer]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NETFramework]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\3xHybrid]
    "ImagePath "= "system32\DRIVERS\3xHybrid.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ACPI]
    "ImagePath "= "system32\drivers\acpi.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AdobeARMservice]
    "ImagePath "= "\ "c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe\" "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AdobeFlashPlayerUpdateSvc]
    "ImagePath "= "c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adp94xx]
    "ImagePath "= "\SystemRoot\system32\drivers\adp94xx.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpahci]
    "ImagePath "= "\SystemRoot\system32\drivers\adpahci.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpu160m]
    "ImagePath "= "\SystemRoot\system32\drivers\adpu160m.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpu320]
    "ImagePath "= "\SystemRoot\system32\drivers\adpu320.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adsi]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AeLookupSvc]
    "ServiceDll "= "%SystemRoot%\System32\aelupsvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AFD]
    "ImagePath "= "\SystemRoot\system32\drivers\afd.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\agp440]
    "ImagePath "= "\SystemRoot\system32\drivers\agp440.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aic78xx]
    "ImagePath "= "\SystemRoot\system32\drivers\djsvs.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ALG]
    "ImagePath "= "%SystemRoot%\System32\alg.exe "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aliide]
    "ImagePath "= "\SystemRoot\system32\drivers\aliide.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amdagp]
    "ImagePath "= "\SystemRoot\system32\drivers\amdagp.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amdide]
    "ImagePath "= "\SystemRoot\system32\drivers\amdide.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AmdK7]
    "ImagePath "= "\SystemRoot\system32\drivers\amdk7.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AmdK8]
    "ImagePath "= "\SystemRoot\system32\drivers\amdk8.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\anvsnddrv]
    "ImagePath "= "system32\drivers\anvsnddrv.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AOL ACS]
    "ImagePath "= "\ "c:\program files\Common Files\AOL\ACS\AOLAcsd.exe\" "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Appinfo]
    "ServiceDll "= "%SystemRoot%\System32\appinfo.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Application Updater]
    "ImagePath "= "\ "c:\program files\Application Updater\ApplicationUpdater.exe\" "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AppMgmt]
    "ServiceDll "= "%SystemRoot%\System32\appmgmts.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\arc]
    "ImagePath "= "\SystemRoot\system32\drivers\arc.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\arcsas]
    "ImagePath "= "\SystemRoot\system32\drivers\arcsas.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AsyncMac]
    "ImagePath "= "system32\DRIVERS\asyncmac.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atapi]
    "ImagePath "= "system32\drivers\atapi.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AtcL001]
    "ImagePath "= "system32\DRIVERS\atl01v32.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AudioEndpointBuilder]
    "ServiceDll "= "%SystemRoot%\System32\Audiosrv.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Audiosrv]
    "ServiceDll "= "%SystemRoot%\System32\Audiosrv.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avg]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgfwfd]
    "ImagePath "= "system32\DRIVERS\avgfwd6x.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avgfws]
    "ImagePath "= "\ "c:\program files\AVG\AVG2013\avgfws.exe\" "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSAgent]
    "ImagePath "= "\ "c:\program files\AVG\AVG2013\avgidsagent.exe\" "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSDriver]
    "ImagePath "= "system32\DRIVERS\avgidsdriverx.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSHX]
    "ImagePath "= "system32\DRIVERS\avgidshx.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSShim]
    "ImagePath "= "system32\DRIVERS\avgidsshimx.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgldx86]
    "ImagePath "= "system32\DRIVERS\avgldx86.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avglogx]
    "ImagePath "= "system32\DRIVERS\avglogx.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgmfx86]
    "ImagePath "= "system32\DRIVERS\avgmfx86.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgrkx86]
    "ImagePath "= "system32\DRIVERS\avgrkx86.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgtdix]
    "ImagePath "= "system32\DRIVERS\avgtdix.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avgtp]
    "ImagePath "= "\??\c:\windows\system32\drivers\avgtpx86.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avgwd]
    "ImagePath "= "\ "c:\program files\AVG\AVG2013\avgwdsvc.exe\" "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BattC]
    "MofImagePath "= "system32\drivers\battc.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Beep]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BFE]
    "ServiceDll "= "%SystemRoot%\System32\bfe.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BITS]
    "ServiceDll "= "%systemroot%\system32\qmgr.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\blbdrive]
    "ImagePath "= "\SystemRoot\system32\drivers\blbdrive.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bowser]
    "ImagePath "= "system32\DRIVERS\bowser.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrFiltLo]
    "ImagePath "= "\SystemRoot\system32\drivers\brfiltlo.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrFiltUp]
    "ImagePath "= "\SystemRoot\system32\drivers\brfiltup.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Browser]
    "ServiceDll "= "%SystemRoot%\System32\browser.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Brserid]
    "ImagePath "= "\SystemRoot\system32\drivers\brserid.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrSerWdm]
    "ImagePath "= "\SystemRoot\system32\drivers\brserwdm.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrUsbMdm]
    "ImagePath "= "\SystemRoot\system32\drivers\brusbmdm.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrUsbSer]
    "ImagePath "= "\SystemRoot\system32\drivers\brusbser.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHMODEM]
    "ImagePath "= "\SystemRoot\system32\drivers\bthmodem.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\catchme]
    "ImagePath "= "\??\c:\users\KATHER~1\AppData\Local\Temp\catchme.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdfs]
    "ImagePath "= "system32\DRIVERS\cdfs.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdrom]
    "ImagePath "= "system32\DRIVERS\cdrom.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CertPropSvc]
    "ServiceDll "= "%SystemRoot%\System32\certprop.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\circlass]
    "ImagePath "= "\SystemRoot\system32\drivers\circlass.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CLFS]
    "ImagePath "= "System32\CLFS.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\clr_optimization_v2.0.50727_32]
    "ImagePath "= "%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\clr_optimization_v4.0.30319_32]
    "ImagePath "= "c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cmdide]
    "ImagePath "= "\SystemRoot\system32\drivers\cmdide.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Compbatt]
    "ImagePath "= "\SystemRoot\system32\drivers\compbatt.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\COMSysApp]
    "ImagePath "= "%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\crcdisk]
    "ImagePath "= "system32\drivers\crcdisk.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Crusoe]
    "ImagePath "= "\SystemRoot\system32\drivers\crusoe.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\crypt32]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CryptSvc]
    "ServiceDll "= "%SystemRoot%\system32\cryptsvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DCLocator]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DcomLaunch]
    "ServiceDll "= "%SystemRoot%\system32\rpcss.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DfsC]
    "ImagePath "= "System32\Drivers\dfsc.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DFSR]
    "ImagePath "= "%SystemRoot%\system32\DFSR.exe "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dhcp]
    "ServiceDll "= "%SystemRoot%\system32\dhcpcsvc.dll "
    --
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\disk]
    "ImagePath "= "system32\drivers\disk.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dnscache]
    "ServiceDll "= "%SystemRoot%\System32\dnsrslvr.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dot3svc]
    "ServiceDll "= "%SystemRoot%\System32\dot3svc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DPS]
    "ServiceDll "= "%SystemRoot%\system32\dps.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\drmkaud]
    "ImagePath "= "system32\drivers\drmkaud.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DXGKrnl]
    "ImagePath "= "\SystemRoot\System32\drivers\dxgkrnl.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\E1G60]
    "ImagePath "= "system32\DRIVERS\E1G60I32.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EapHost]
    "ServiceDll "= "%SystemRoot%\System32\eapsvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ecache]
    "ImagePath "= "System32\drivers\ecache.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ehRecvr]
    "ImagePath "= "%systemroot%\ehome\ehRecvr.exe "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ehSched]
    "ImagePath "= "%systemroot%\ehome\ehsched.exe "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ehstart]
    "ServiceDll "= "%SystemRoot%\ehome\ehstart.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\elxstor]
    "ImagePath "= "\SystemRoot\system32\drivers\elxstor.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EmdCache]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EMDMgmt]
    "ServiceDll "= "%systemroot%\system32\emdmgmt.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ESENT]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Eventlog]
    "ServiceDll "= "%SystemRoot%\System32\wevtsvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EventSystem]
    "ServiceDll "= "%systemroot%\system32\es.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\exfat]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fastfat]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fdc]
    "ImagePath "= "system32\DRIVERS\fdc.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fdPHost]
    "ServiceDll "= "%SystemRoot%\system32\fdPHost.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FDResPub]
    "ServiceDll "= "%SystemRoot%\system32\fdrespub.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FileInfo]
    "ImagePath "= "system32\drivers\fileinfo.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Filetrace]
    "ImagePath "= "system32\drivers\filetrace.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\flpydisk]
    "ImagePath "= "system32\DRIVERS\flpydisk.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FltMgr]
    "ImagePath "= "system32\drivers\fltmgr.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FontCache3.0.0.0]
    "ImagePath "= "%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fssfltr]
    "ImagePath "= "system32\DRIVERS\fssfltr.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fsssvc]
    "ImagePath "= "\ "c:\program files\Windows Live\Family Safety\fsssvc.exe\" "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fs_Rec]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gagp30kx]
    "ImagePath "= "\SystemRoot\system32\drivers\gagp30kx.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GEARAspiWDM]
    "ImagePath "= "system32\DRIVERS\GEARAspiWDM.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gpsvc]
    "ServiceDll "= "%SystemRoot%\System32\gpsvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gupdate]
    "ImagePath "= "\ "c:\program files\Google\Update\GoogleUpdate.exe\" /svc "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gupdatem]
    "ImagePath "= "\ "c:\program files\Google\Update\GoogleUpdate.exe\" /medsvc "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HdAudAddService]
    "ImagePath "= "system32\drivers\HdAudio.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HDAudBus]
    "ImagePath "= "system32\DRIVERS\HDAudBus.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidBth]
    "ImagePath "= "\SystemRoot\system32\drivers\hidbth.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidIr]
    "ImagePath "= "\SystemRoot\system32\drivers\hidir.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hidserv]
    "ServiceDll "= "%SystemRoot%\System32\hidserv.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidUsb]
    "ImagePath "= "system32\DRIVERS\hidusb.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hkmsvc]
    "ServiceDLL "= "%SystemRoot%\system32\kmsvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HpCISSs]
    "ImagePath "= "\SystemRoot\system32\drivers\hpcisss.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HTTP]
    "ImagePath "= "system32\drivers\HTTP.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i2omp]
    "ImagePath "= "\SystemRoot\system32\drivers\i2omp.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i8042prt]
    "ImagePath "= "system32\DRIVERS\i8042prt.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ialm]
    "ImagePath "= "system32\DRIVERS\igdkmd32.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iaStorV]
    "ImagePath "= "\SystemRoot\system32\drivers\iastorv.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\idsvc]
    "ImagePath "= "\ "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\" "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\igfx]
    "ImagePath "= "system32\DRIVERS\igdkmd32.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iirsp]
    "ImagePath "= "\SystemRoot\system32\drivers\iirsp.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IKEEXT]
    "ServiceDll "= "%SystemRoot%\System32\ikeext.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\inetaccs]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IntcAzAudAddService]
    "ImagePath "= "system32\drivers\RTKVHDA.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\intelide]
    "ImagePath "= "system32\drivers\intelide.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\intelppm]
    "ImagePath "= "system32\DRIVERS\intelppm.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPBusEnum]
    "ServiceDll "= "%SystemRoot%\system32\ipbusenum.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpFilterDriver]
    "ImagePath "= "system32\DRIVERS\ipfltdrv.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iphlpsvc]
    "ServiceDll "= "%SystemRoot%\System32\iphlpsvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpInIp]
    "ImagePath "= "system32\DRIVERS\ipinip.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPMIDRV]
    "ImagePath "= "\SystemRoot\system32\drivers\ipmidrv.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPNAT]
    "ImagePath "= "system32\DRIVERS\ipnat.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IRENUM]
    "ImagePath "= "system32\drivers\irenum.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\isapnp]
    "ImagePath "= "\SystemRoot\system32\drivers\isapnp.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iScsiPrt]
    "ImagePath "= "system32\DRIVERS\msiscsi.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iteatapi]
    "ImagePath "= "\SystemRoot\system32\drivers\iteatapi.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iteraid]
    "ImagePath "= "\SystemRoot\system32\drivers\iteraid.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kbdclass]
    "ImagePath "= "system32\DRIVERS\kbdclass.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kbdhid]
    "ImagePath "= "system32\DRIVERS\kbdhid.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KeyIso]
    "ImagePath "= "%SystemRoot%\system32\lsass.exe "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KSecDD]
    "ImagePath "= "System32\Drivers\ksecdd.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KtmRm]
    "ServiceDll "= "%systemroot%\system32\msdtckrm.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LanmanServer]
    "ServiceDll "= "%SystemRoot%\System32\srvsvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LanmanWorkstation]
    "ServiceDll "= "%SystemRoot%\System32\wkssvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ldap]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lltdio]
    "ImagePath "= "system32\DRIVERS\lltdio.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lltdsvc]
    "ServiceDll "= "%SystemRoot%\System32\lltdsvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lmhosts]
    "ServiceDll "= "%SystemRoot%\System32\lmhsvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Lsa]
    .
     
    thomaswest,
    #12
  14. 2012/11/22
    thomaswest

    thomaswest Inactive Thread Starter

    Joined:
    2012/11/17
    Messages:
    18
    Likes Received:
    0
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_FC]
    "ImagePath "= "\SystemRoot\system32\drivers\lsi_fc.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_SAS]
    "ImagePath "= "\SystemRoot\system32\drivers\lsi_sas.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_SCSI]
    "ImagePath "= "\SystemRoot\system32\drivers\lsi_scsi.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\luafv]
    "ImagePath "= "\SystemRoot\system32\drivers\luafv.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LVPr2Mon]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LVUVC]
    "ImagePath "= "system32\DRIVERS\lvuvc.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MBAMProtector]
    "ImagePath "= "\??\c:\windows\system32\drivers\mbam.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MBAMScheduler]
    "ImagePath "= "\ "c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe\" "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MBAMService]
    "ImagePath "= "\ "c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe\" "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\McComponentHostService]
    "ImagePath "= "\ "c:\program files\McAfee Security Scan\2.0.189\McCHSvc.exe\" "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mcx2Svc]
    "ServiceDll "= "%SystemRoot%\system32\Mcx2Svc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\megasas]
    "ImagePath "= "\SystemRoot\system32\drivers\megasas.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MMCSS]
    "ServiceDll "= "%SystemRoot%\system32\mmcss.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Modem]
    "ImagePath "= "system32\drivers\modem.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\monitor]
    "ImagePath "= "system32\DRIVERS\monitor.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mouclass]
    "ImagePath "= "system32\DRIVERS\mouclass.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mouhid]
    "ImagePath "= "system32\DRIVERS\mouhid.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MountMgr]
    "ImagePath "= "System32\drivers\mountmgr.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mpio]
    "ImagePath "= "\SystemRoot\system32\drivers\mpio.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mpsdrv]
    "ImagePath "= "System32\drivers\mpsdrv.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc]
    "ServiceDll "= "%SystemRoot%\system32\mpssvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mraid35x]
    "ImagePath "= "\SystemRoot\system32\drivers\mraid35x.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MRxDAV]
    "ImagePath "= "\SystemRoot\system32\drivers\mrxdav.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb]
    "ImagePath "= "system32\DRIVERS\mrxsmb.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb10]
    "ImagePath "= "system32\DRIVERS\mrxsmb10.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb20]
    "ImagePath "= "system32\DRIVERS\mrxsmb20.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msahci]
    "ImagePath "= "\SystemRoot\system32\drivers\msahci.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msdsm]
    "ImagePath "= "\SystemRoot\system32\drivers\msdsm.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC]
    "ImagePath "= "%SystemRoot%\System32\msdtc.exe "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC Bridge 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC Bridge 4.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Msfs]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msisadrv]
    "ImagePath "= "system32\drivers\msisadrv.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSiSCSI]
    "ServiceDll "= "%systemroot%\system32\iscsiexe.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msiserver]
    "ImagePath "= "%systemroot%\system32\msiexec.exe /V "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSKSSRV]
    "ImagePath "= "system32\drivers\MSKSSRV.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPCLOCK]
    "ImagePath "= "system32\drivers\MSPCLOCK.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPQM]
    "ImagePath "= "system32\drivers\MSPQM.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MsRPC]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSSCNTRS]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mssmbios]
    "ImagePath "= "system32\DRIVERS\mssmbios.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSTEE]
    "ImagePath "= "system32\drivers\MSTEE.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MTsensor]
    "ImagePath "= "system32\DRIVERS\ASACPI.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mup]
    "ImagePath "= "System32\Drivers\mup.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\napagent]
    "ServiceDLL "= "%SystemRoot%\system32\qagentRT.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NativeWifiP]
    "ImagePath "= "system32\DRIVERS\nwifi.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDIS]
    "ImagePath "= "system32\drivers\ndis.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisTapi]
    "ImagePath "= "system32\DRIVERS\ndistapi.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ndisuio]
    "ImagePath "= "system32\DRIVERS\ndisuio.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisWan]
    "ImagePath "= "system32\DRIVERS\ndiswan.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDProxy]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetBIOS]
    "ImagePath "= "system32\DRIVERS\netbios.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\netbt]
    "ImagePath "= "System32\DRIVERS\netbt.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netlogon]
    "ImagePath "= "%SystemRoot%\system32\lsass.exe "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netman]
    "ServiceDll "= "%SystemRoot%\System32\netman.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\netprofm]
    "ServiceDll "= "%SystemRoot%\System32\netprofm.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetTcpPortSharing]
    "ImagePath "= "\ "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\" "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nfrd960]
    "ImagePath "= "\SystemRoot\system32\drivers\nfrd960.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NlaSvc]
    "ServiceDll "= "%SystemRoot%\System32\nlasvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Npfs]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nsi]
    "ServiceDll "= "%systemroot%\system32\nsisvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nsiproxy]
    "ImagePath "= "system32\drivers\nsiproxy.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NTDS]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ntfs]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ntrigdigi]
    "ImagePath "= "\SystemRoot\system32\drivers\ntrigdigi.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Null]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NVENETFD]
    "ImagePath "= "system32\DRIVERS\nvm60x32.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvraid]
    "ImagePath "= "\SystemRoot\system32\drivers\nvraid.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvstor]
    "ImagePath "= "\SystemRoot\system32\drivers\nvstor.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nv_agp]
    "ImagePath "= "\SystemRoot\system32\drivers\nv_agp.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFlt]
    "ImagePath "= "system32\DRIVERS\nwlnkflt.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFwd]
    "ImagePath "= "system32\DRIVERS\nwlnkfwd.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\odserv]
    "ImagePath "= "\ "c:\program files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\" "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ohci1394]
    "ImagePath "= "system32\DRIVERS\ohci1394.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ose]
    "ImagePath "= "\ "c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\" "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Outlook]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\p2pimsvc]
    "ServiceDll "= "%SystemRoot%\system32\p2psvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\p2psvc]
    "ServiceDll "= "%SystemRoot%\system32\p2psvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parport]
    "ImagePath "= "system32\DRIVERS\parport.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\partmgr]
    "ImagePath "= "System32\drivers\partmgr.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parvdm]
    "ImagePath "= "system32\DRIVERS\parvdm.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PcaSvc]
    "ServiceDll "= "%SystemRoot%\System32\pcasvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pci]
    "ImagePath "= "system32\drivers\pci.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pciide]
    "ImagePath "= "\SystemRoot\system32\drivers\pciide.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pcmcia]
    "ImagePath "= "\SystemRoot\system32\drivers\pcmcia.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCToolsSSDMonitorSvc]
    "ImagePath "= "c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PEAUTH]
    "ImagePath "= "system32\drivers\peauth.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfDisk]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfNet]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfOS]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfProc]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ph3xIB32]
    "ImagePath "= "system32\DRIVERS\Ph3xIB32.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pla]
    "ServiceDll "= "%systemroot%\system32\pla.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PlugPlay]
    "ServiceDll "= "%SystemRoot%\system32\umpnpmgr.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PNRPAutoReg]
    "ServiceDll "= "%SystemRoot%\system32\p2psvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PNRPsvc]
    "ServiceDll "= "%SystemRoot%\system32\p2psvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PolicyAgent]
    "ServiceDll "= "%SystemRoot%\System32\ipsecsvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PortProxy]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PptpMiniport]
    "ImagePath "= "system32\DRIVERS\raspptp.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Processor]
    "ImagePath "= "\SystemRoot\system32\drivers\processr.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProfSvc]
    "ServiceDll "= "%systemroot%\system32\profsvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProtectedStorage]
    "ImagePath "= "%SystemRoot%\system32\lsass.exe "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSched]
    "ImagePath "= "system32\DRIVERS\pacer.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PxHelp20]
    "ImagePath "= "System32\Drivers\PxHelp20.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql2300]
    "ImagePath "= "\SystemRoot\system32\drivers\ql2300.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql40xx]
    "ImagePath "= "\SystemRoot\system32\drivers\ql40xx.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\QWAVE]
    "ServiceDll "= "%windir%\system32\qwave.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\QWAVEdrv]
    "ImagePath "= "\SystemRoot\system32\drivers\qwavedrv.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAcd]
    "ImagePath "= "System32\DRIVERS\rasacd.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAuto]
    "ServiceDll "= "%SystemRoot%\System32\rasauto.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Rasl2tp]
    "ImagePath "= "system32\DRIVERS\rasl2tp.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasMan]
    "ServiceDll "= "%SystemRoot%\System32\rasmans.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasPppoe]
    "ImagePath "= "system32\DRIVERS\raspppoe.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasSstp]
    "ImagePath "= "system32\DRIVERS\rassstp.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdbss]
    "ImagePath "= "system32\DRIVERS\rdbss.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPCDD]
    "ImagePath "= "System32\DRIVERS\RDPCDD.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPDD]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdpdr]
    "ImagePath "= "\SystemRoot\system32\drivers\rdpdr.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPENCDD]
    "ImagePath "= "system32\drivers\rdpencdd.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPNP]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPWD]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Realtek11nSU]
    "ImagePath "= "c:\program files\Realtek\11n USB Wireless LAN Utility\RtlService.exe "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteAccess]
    "ServiceDLL "= "%SystemRoot%\System32\mprdim.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteRegistry]
    "ServiceDll "= "%SystemRoot%\system32\regsvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcLocator]
    "ImagePath "= "%SystemRoot%\system32\locator.exe "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcSs]
    "ServiceDll "= "%SystemRoot%\system32\rpcss.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rspndr]
    "ImagePath "= "system32\DRIVERS\rspndr.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RTL8192cu]
    "ImagePath "= "system32\DRIVERS\RTL8192cu.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SamSs]
    "ImagePath "= "%SystemRoot%\system32\lsass.exe "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sbp2port]
    "ImagePath "= "\SystemRoot\system32\drivers\sbp2port.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCardSvr]
    "ServiceDll "= "%SystemRoot%\System32\SCardSvr.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Schedule]
    "ServiceDll "= "%systemroot%\system32\schedsvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCPolicySvc]
    "ServiceDll "= "%SystemRoot%\System32\certprop.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SDRSVC]
    "ServiceDll "= "%Systemroot%\System32\SDRSVC.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\secdrv]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\seclogon]
    "ServiceDll "= "%windir%\system32\seclogon.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SENS]
    "ServiceDll "= "%SystemRoot%\system32\sens.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Serenum]
    "ImagePath "= "system32\DRIVERS\serenum.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Serial]
    "ImagePath "= "system32\DRIVERS\serial.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sermouse]
    "ImagePath "= "\SystemRoot\system32\drivers\sermouse.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelOperation 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelService 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SessionEnv]
    "ServiceDLL "= "%SystemRoot%\system32\sessenv.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffdisk]
    "ImagePath "= "\SystemRoot\system32\drivers\sffdisk.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffp_mmc]
    "ImagePath "= "\SystemRoot\system32\drivers\sffp_mmc.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffp_sd]
    "ImagePath "= "\SystemRoot\system32\drivers\sffp_sd.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sfloppy]
    "ImagePath "= "\SystemRoot\system32\drivers\sfloppy.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SharedAccess]
    "ServiceDll "= "%SystemRoot%\System32\ipnathlp.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ShellHWDetection]
    "ServiceDll "= "%SystemRoot%\System32\shsvcs.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sisagp]
    "ImagePath "= "\SystemRoot\system32\drivers\sisagp.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiSRaid2]
    "ImagePath "= "\SystemRoot\system32\drivers\sisraid2.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiSRaid4]
    "ImagePath "= "\SystemRoot\system32\drivers\sisraid4.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\slsvc]
    "ImagePath "= "%SystemRoot%\system32\SLsvc.exe "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SLUINotify]
    "ServiceDll "= "%SystemRoot%\system32\SLUINotify.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SMARTVHidMini2000x86]
    "ImagePath "= "system32\DRIVERS\SMARTVHidMini2000x86.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Smb]
    "ImagePath "= "system32\DRIVERS\smb.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SMSvcHost 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SMSvcHost 4.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SNMPTRAP]
    "ImagePath "= "%SystemRoot%\System32\snmptrap.exe "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\spldr]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Spooler]
    "ImagePath "= "%SystemRoot%\System32\spoolsv.exe "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srv]
    "ImagePath "= "System32\DRIVERS\srv.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srv2]
    "ImagePath "= "System32\DRIVERS\srv2.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srvnet]
    "ImagePath "= "System32\DRIVERS\srvnet.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SSDPSRV]
    "ServiceDll "= "%SystemRoot%\System32\ssdpsrv.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SstpSvc]
    "ServiceDll "= "%SystemRoot%\system32\sstpsvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\StillCam]
    "ImagePath "= "system32\DRIVERS\serscan.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\stisvc]
    "ServiceDll "= "%SystemRoot%\System32\wiaservc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swenum]
    "ImagePath "= "system32\DRIVERS\swenum.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swprv]
    "ServiceDll "= "%Systemroot%\System32\swprv.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Symc8xx]
    "ImagePath "= "\SystemRoot\system32\drivers\symc8xx.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sym_hi]
    "ImagePath "= "\SystemRoot\system32\drivers\sym_hi.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sym_u3]
    "ImagePath "= "\SystemRoot\system32\drivers\sym_u3.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SysMain]
    "ServiceDll "= "%systemroot%\system32\sysmain.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TabletInputService]
    "ServiceDll "= "%SystemRoot%\System32\TabSvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TapiSrv]
    "ServiceDll "= "%SystemRoot%\System32\tapisrv.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TBS]
    "ServiceDll "= "%SystemRoot%\System32\tbssvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip]
    "ImagePath "= "System32\drivers\tcpip.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6]
    "ImagePath "= "system32\DRIVERS\tcpip.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tcpipreg]
    "ImagePath "= "System32\drivers\tcpipreg.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDPIPE]
    "ImagePath "= "system32\drivers\tdpipe.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDTCP]
    "ImagePath "= "system32\drivers\tdtcp.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tdx]
    "ImagePath "= "system32\DRIVERS\tdx.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermDD]
    "ImagePath "= "system32\DRIVERS\termdd.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermService]
    "ServiceDll "= "%SystemRoot%\System32\termsrv.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Themes]
    "ServiceDll "= "%SystemRoot%\system32\shsvcs.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\THREADORDER]
    "ServiceDll "= "%SystemRoot%\system32\mmcss.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TomTomHOMEService]
    "ImagePath "= "\ "c:\program files\TomTom HOME 2\TomTomHOMEService.exe\" "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrkWks]
    "ServiceDll "= "%SystemRoot%\System32\trkwks.dll "
    --
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrustedInstaller]
    "ImagePath "= "%SystemRoot%\servicing\TrustedInstaller.exe "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TSDDD]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tssecsrv]
    "ImagePath "= "System32\DRIVERS\tssecsrv.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TuneUp.UtilitiesSvc]
    "ImagePath "= "\ "c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe\" "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TuneUpUtilitiesDrv]
    "ImagePath "= "\??\c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tunmp]
    "ImagePath "= "system32\DRIVERS\tunmp.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tunnel]
    "ImagePath "= "system32\DRIVERS\tunnel.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uagp35]
    "ImagePath "= "\SystemRoot\system32\drivers\uagp35.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\udfs]
    "ImagePath "= "system32\DRIVERS\udfs.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UGatherer]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UGTHRSVC]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UI0Detect]
    "ImagePath "= "%SystemRoot%\system32\UI0Detect.exe "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uliagpkx]
    "ImagePath "= "\SystemRoot\system32\drivers\uliagpkx.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uliahci]
    "ImagePath "= "\SystemRoot\system32\drivers\uliahci.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UlSata]
    "ImagePath "= "\SystemRoot\system32\drivers\ulsata.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ulsata2]
    "ImagePath "= "\SystemRoot\system32\drivers\ulsata2.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\umbus]
    "ImagePath "= "system32\DRIVERS\umbus.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\upnphost]
    "ServiceDll "= "%SystemRoot%\System32\upnphost.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usb]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbaudio]
    "ImagePath "= "system32\drivers\usbaudio.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbccgp]
    "ImagePath "= "system32\DRIVERS\usbccgp.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbcir]
    "ImagePath "= "\SystemRoot\system32\drivers\usbcir.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbehci]
    "ImagePath "= "system32\DRIVERS\usbehci.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbhub]
    "ImagePath "= "system32\DRIVERS\usbhub.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbohci]
    "ImagePath "= "system32\DRIVERS\usbohci.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbprint]
    "ImagePath "= "system32\DRIVERS\usbprint.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBSTOR]
    "ImagePath "= "system32\DRIVERS\USBSTOR.SYS "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbuhci]
    "ImagePath "= "system32\DRIVERS\usbuhci.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbvideo]
    "ImagePath "= "System32\Drivers\usbvideo.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UxSms]
    "ServiceDll "= "%SystemRoot%\System32\uxsms.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vds]
    "ImagePath "= "%SystemRoot%\System32\vds.exe "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vga]
    "ImagePath "= "system32\DRIVERS\vgapnp.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VgaSave]
    "ImagePath "= "\SystemRoot\System32\drivers\vga.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp]
    "ImagePath "= "\SystemRoot\system32\drivers\viaagp.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ViaC7]
    "ImagePath "= "\SystemRoot\system32\drivers\viac7.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaide]
    "ImagePath "= "\SystemRoot\system32\drivers\viaide.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volmgr]
    "ImagePath "= "system32\drivers\volmgr.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volmgrx]
    "ImagePath "= "System32\drivers\volmgrx.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volsnap]
    "ImagePath "= "system32\drivers\volsnap.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsmraid]
    "ImagePath "= "\SystemRoot\system32\drivers\vsmraid.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VSS]
    "ImagePath "= "%systemroot%\system32\vssvc.exe "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vToolbarUpdater13.2.0]
    "ImagePath "= "c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VXD]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\W32Time]
    "ServiceDll "= "%systemroot%\system32\w32time.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\W3SVC]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WacomPen]
    "ImagePath "= "\SystemRoot\system32\drivers\wacompen.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wanarp]
    "ImagePath "= "system32\DRIVERS\wanarp.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wanarpv6]
    "ImagePath "= "system32\DRIVERS\wanarp.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wanatw]
    "ImagePath "= "system32\DRIVERS\wanatw4.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wcncsvc]
    "ServiceDll "= "%SystemRoot%\System32\wcncsvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WcsPlugInService]
    "ServiceDll "= "%SystemRoot%\System32\WcsPlugInService.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wd]
    "ImagePath "= "\SystemRoot\system32\drivers\wd.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wdf01000]
    "ImagePath "= "system32\drivers\Wdf01000.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WdiServiceHost]
    "ServiceDll "= "%SystemRoot%\system32\wdi.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WdiSystemHost]
    "ServiceDll "= "%SystemRoot%\system32\wdi.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WebClient]
    "ServiceDll "= "%SystemRoot%\System32\webclnt.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wecsvc]
    "ServiceDll "= "%SystemRoot%\system32\wecsvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wercplsupport]
    "ServiceDll "= "%SystemRoot%\System32\wercplsupport.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WerSvc]
    "ServiceDll "= "%SystemRoot%\System32\WerSvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinDefend]
    "ServiceDll "= "%ProgramFiles%\Windows Defender\mpsvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinHttpAutoProxySvc]
    "ServiceDll "= "winhttp.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Winmgmt]
    "ServiceDll "= "%SystemRoot%\system32\wbem\WMIsvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinRM]
    "ServiceDll "= "%SystemRoot%\system32\WsmSvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Winsock]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinSock2]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinUsb]
    "ImagePath "= "system32\DRIVERS\WinUSB.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wlansvc]
    "ServiceDll "= "%SystemRoot%\System32\wlansvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmiAcpi]
    "ImagePath "= "\SystemRoot\system32\drivers\wmiacpi.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmiApRpl]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wmiApSrv]
    "ImagePath "= "%systemroot%\system32\wbem\WmiApSrv.exe "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WMPNetworkSvc]
    "ImagePath "= "\ "%ProgramFiles%\Windows Media Player\wmpnetwk.exe\" "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WPCSvc]
    "ServiceDll "= "%SystemRoot%\System32\wpcsvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WPDBusEnum]
    "ServiceDll "= "%SystemRoot%\system32\wpdbusenum.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WpdUsb]
    "ImagePath "= "system32\DRIVERS\wpdusb.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WPFFontCache_v0400]
    "ImagePath "= "c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ws2ifsl]
    "ImagePath "= "\SystemRoot\system32\drivers\ws2ifsl.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WSearch]
    "ImagePath "= "%systemroot%\system32\SearchIndexer.exe /Embedding "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WSearchIdxPi]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wuauserv]
    "ServiceDll "= "%systemroot%\system32\wuaueng.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WUDFRd]
    "ImagePath "= "system32\DRIVERS\WUDFRd.sys "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wudfsvc]
    "ServiceDll "= "%SystemRoot%\System32\WUDFSvc.dll "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\xmlprov]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{374E3EF4-1BF1-42FB-B6B9-CCCC93AA3BC5}]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{3D5C4CD3-CBBA-4697-A595-5ABA5CFEE320}]
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(5616)
    c:\program files\Common Files\AOL\ACS\WLHook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\progra~1\AVG\AVG2013\avgrsx.exe
    c:\program files\AVG\AVG2013\avgcsrvx.exe
    c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
    c:\program files\Application Updater\ApplicationUpdater.exe
    c:\program files\AVG\AVG2013\avgfws.exe
    c:\program files\AVG\AVG2013\avgidsagent.exe
    c:\program files\AVG\AVG2013\avgwdsvc.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\program files\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
    c:\program files\TomTom HOME 2\TomTomHOMEService.exe
    c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
    c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
    c:\windows\system32\WUDFHost.exe
    c:\program files\AVG\AVG2013\avgnsx.exe
    c:\program files\AVG\AVG2013\avgemcx.exe
    c:\program files\AVG\AVG2013\avgcsrvx.exe
    c:\windows\RtHDVCpl.exe
    c:\windows\System32\wpcumi.exe
    c:\windows\System32\igfxtray.exe
    c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    c:\program files\Common Files\aol\1186225301\ee\aolsoftware.exe
    c:\windows\System32\hkcmd.exe
    c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
    c:\program files\AVG Secure Search\vprot.exe
    c:\program files\AVG\AVG2013\avgui.exe
    c:\program files\Windows Sidebar\sidebar.exe
    c:\windows\ehome\ehtray.exe
    c:\program files\Registry Mechanic\RMTray.exe
    c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
    c:\program files\Common Files\aol\acs\AOLDial.exe
    c:\program files\Skype\Phone\Skype.exe
    c:\program files\FilesFrog Update Checker\update_checker.exe
    c:\program files\Windows Media Player\wmpnscfg.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\ehome\ehmsas.exe
    c:\windows\system32\WerCon.exe
    c:\windows\system32\RacAgent.exe
    c:\windows\system32\SLUI.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2012-11-22 18:37:38 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-11-22 18:37
    .
    Pre-Run: 369,169,469,440 bytes free
    Post-Run: 368,096,768,000 bytes free
    .
    - - End Of File - - 45ED9425BFE80045C13B9E8A14125BE9
     
    thomaswest,
    #13
  15. 2012/11/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Looks good.

    How is computer doing?

    ==========================

    Uninstall McAfee Security Scan Plus and Norton Security Scan, typical foistware.

    ==========================

    Unless you installed Viewpoint Manager knowledgeably...
    Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
    Uninstall any of the following programs associated with Viewpoint:
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar
    This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ( "drive-by-install ") as it is installed without your consent through programs like AOl, AIM, Compuserve, etc.

    ===========================

    Uninstall Uniblue SpeedUpMyPC and Registry Mechanic.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry ". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results ".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ====================================

    Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    ==============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #14
  16. 2012/11/23
    thomaswest

    thomaswest Inactive Thread Starter

    Joined:
    2012/11/17
    Messages:
    18
    Likes Received:
    0
    Hello,
    My computer is working swiftly again and i haven't had the system freeze or crash which is great! Thank you for your help, just shows how much i know about computers:confused:...








    # AdwCleaner v2.008 - Logfile created 11/23/2012 at 16:12:30
    # Updated 17/11/2012 by Xplode
    # Operating system : Windows Vista (TM) Home Premium Service Pack 2, v.113 (32 bits)
    # User : Katherine - KATHERINE-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Katherine\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
    Deleted on reboot : C:\ProgramData\AVG Secure Search
    File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
    File Deleted : C:\user.js
    File Deleted : C:\Users\Katherine\AppData\Roaming\Mozilla\Firefox\Profiles\o8counvu.default\searchplugins\Conduit.xml
    File Deleted : C:\Users\Katherine\AppData\Roaming\Mozilla\Firefox\Profiles\o8counvu.default\searchplugins\mywebsearch.xml
    File Deleted : C:\Users\Katherine\AppData\Roaming\Mozilla\Firefox\Profiles\o8counvu.default\searchplugins\SearchTheWeb.xml
    File Deleted : C:\Users\Katherine\Desktop\Check for Updates.lnk
    File Deleted : C:\Users\West Family\AppData\Roaming\Mozilla\Firefox\Profiles\3d1lgqwd.default\searchplugins\mywebsearch.xml
    Folder Deleted : C:\Users\Katherine\AppData\LocalLow\bbrs_002.tb
    Folder Deleted : C:\Users\Katherine\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Katherine\AppData\LocalLow\ConduitEngine
    Folder Deleted : C:\Users\Katherine\AppData\LocalLow\Kiwee Toolbar
    Folder Deleted : C:\Users\Katherine\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Katherine\AppData\LocalLow\Search Settings
    Folder Deleted : C:\Users\Katherine\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\Katherine\AppData\Roaming\BrowserCompanion
    Folder Deleted : C:\Users\Katherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
    Folder Deleted : C:\Users\Katherine\AppData\Roaming\Mozilla\Firefox\Profiles\o8counvu.default\Conduit
    Folder Deleted : C:\Users\Katherine\AppData\Roaming\Mozilla\Firefox\Profiles\o8counvu.default\CT2269050
    Folder Deleted : C:\Users\Katherine\AppData\Roaming\Mozilla\Firefox\Profiles\o8counvu.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
    Folder Deleted : C:\Users\Katherine\AppData\Roaming\Mozilla\Firefox\Profiles\o8counvu.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
    Folder Deleted : C:\Users\Katherine\AppData\Roaming\Mozilla\Firefox\Profiles\o8counvu.default\extensions\ffxtlbr@babylon.com
    Folder Deleted : C:\Users\Katherine\AppData\Roaming\Mozilla\Firefox\Profiles\o8counvu.default\extensions\ffxtlbr@incredibar.com
    Folder Deleted : C:\Users\Katherine\AppData\Roaming\OpenCandy
    Folder Deleted : C:\Users\Katherine\AppData\Roaming\yourfiledownloader
    Folder Deleted : C:\Users\West Family\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\West Family\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\West Family\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\West Family\AppData\LocalLow\FunWebProducts
    Folder Deleted : C:\Users\West Family\AppData\LocalLow\Kiwee Toolbar
    Folder Deleted : C:\Users\West Family\AppData\LocalLow\MyWebSearch
    Folder Deleted : C:\Users\West Family\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\West Family\AppData\LocalLow\Search Settings
    Folder Deleted : C:\Users\West Family\AppData\Roaming\AGI
    Folder Deleted : C:\Users\West Family\AppData\Roaming\Iminent

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AGI
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\Binary Noise\mPlayer\kiwee_toolbar_installer.exe
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\InstalledBrowserExtensions
    Key Deleted : HKCU\Software\Microsoft\Babylon
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowserCompanion
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FilesFrog Update Checker
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Search Settings
    Key Deleted : HKCU\Software\Somoto
    Key Deleted : HKLM\Software\Application Updater
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\Software\BrowserCompanion
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A5461FCA-320C-4D6F-A150-A53823CE8142}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\contenthandler.dll
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E6375F37-E4D1-4F51-B651-4658C27AC5BF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E16A203-C0AA-4D44-ACC5-38A70A8C76DA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5663B370-F3C3-40D1-9C46-0E800AA4D0E8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2452474
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT340574
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Key Deleted : HKLM\Software\Iminent
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6E15D3C4-C6FC-4F02-B130-77CC5B1F09DB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\Software\Search Settings
    Key Deleted : HKLM\Software\Viewpoint
    Key Deleted : HKLM\Software\Web Assistant
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v7.0.6002.16497

    [OK] Registry is clean.

    -\\ Mozilla Firefox v [Unable to get version]

    Profile name : default
    File : C:\Users\Katherine\AppData\Roaming\Mozilla\Firefox\Profiles\o8counvu.default\prefs.js

    C:\Users\Katherine\AppData\Roaming\Mozilla\Firefox\Profiles\o8counvu.default\user.js ... Deleted !

    Deleted : user_pref( "CT2269050.AboutPrivacyUrl ", "hxxp://www.conduit.com/privacy/Default.aspx ");
    Deleted : user_pref( "CT2269050.CTID ", "CT2269050 ");
    Deleted : user_pref( "CT2269050.CurrentServerDate ", "3-4-2011 ");
    Deleted : user_pref( "CT2269050.DialogsAlignMode ", "LTR ");
    Deleted : user_pref( "CT2269050.EMailNotifierPollDate ", "Tue Jan 11 2011 20:10:37 GMT+0000 (GMT Standard Time) "[...]
    Deleted : user_pref( "CT2269050.FirstServerDate ", "4-10-2010 ");
    Deleted : user_pref( "CT2269050.FirstTime ", true);
    Deleted : user_pref( "CT2269050.FixPageNotFoundErrors ", true);
    Deleted : user_pref( "CT2269050.GroupingServerCheckInterval ", 1440);
    Deleted : user_pref( "CT2269050.GroupingServiceUrl ", "hxxp://grouping.services.conduit.com/ ");
    Deleted : user_pref( "CT2269050.Initialize ", true);
    Deleted : user_pref( "CT2269050.InitializeCommonPrefs ", true);
    Deleted : user_pref( "CT2269050.InstalledDate ", "Mon Oct 04 2010 08:46:09 GMT+0100 (GMT Daylight Time) ");
    Deleted : user_pref( "CT2269050.InvalidateCache ", false);
    Deleted : user_pref( "CT2269050.IsGrouping ", false);
    Deleted : user_pref( "CT2269050.IsMulticommunity ", false);
    Deleted : user_pref( "CT2269050.IsOpenThankYouPage ", false);
    Deleted : user_pref( "CT2269050.IsOpenUninstallPage ", false);
    Deleted : user_pref( "CT2269050.LanguagePackLastCheckTime ", "Sun Apr 03 2011 10:16:53 GMT+0100 (GMT Daylight Ti[...]
    Deleted : user_pref( "CT2269050.LanguagePackReloadIntervalMM ", 1440);
    Deleted : user_pref( "CT2269050.LanguagePackServiceUrl ", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Deleted : user_pref( "CT2269050.LastLogin_2.5.8.6 ", "Sun Apr 03 2011 10:16:54 GMT+0100 (GMT Daylight Time) ");
    Deleted : user_pref( "CT2269050.LatestVersion ", "3.3.3.2 ");
    Deleted : user_pref( "CT2269050.Locale ", "en ");
    Deleted : user_pref( "CT2269050.LoginCache ", 4);
    Deleted : user_pref( "CT2269050.MCDetectTooltipHeight ", "83 ");
    Deleted : user_pref( "CT2269050.MCDetectTooltipUrl ", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1 ");
    Deleted : user_pref( "CT2269050.MCDetectTooltipWidth ", "295 ");
    Deleted : user_pref( "CT2269050.RadioIsPodcast ", false);
    Deleted : user_pref( "CT2269050.RadioLastCheckTime ", "Sun Apr 03 2011 10:16:53 GMT+0100 (GMT Daylight Time) ");
    Deleted : user_pref( "CT2269050.RadioLastUpdateIPServer ", "3 ");
    Deleted : user_pref( "CT2269050.RadioLastUpdateServer ", "129132338014870000 ");
    Deleted : user_pref( "CT2269050.RadioMediaID ", "12473383 ");
    Deleted : user_pref( "CT2269050.RadioMediaType ", "Media Player ");
    Deleted : user_pref( "CT2269050.RadioMenuSelectedID ", "EBRadioMenu_CT226905012473383 ");
    Deleted : user_pref( "CT2269050.RadioStationName ", "Hotmix%20108 ");
    Deleted : user_pref( "CT2269050.RadioStationURL ", "hxxp://67.202.67.18:8082 ");
    Deleted : user_pref( "CT2269050.SHRINK_TOOLBAR ", 1);
    Deleted : user_pref( "CT2269050.SavedHomepage ", "hxxp://go.microsoft.com/fwlink/?LinkId=69157 ");
    Deleted : user_pref( "CT2269050.SearchEngine ", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
    Deleted : user_pref( "CT2269050.SearchFromAddressBarIsInit ", true);
    Deleted : user_pref( "CT2269050.SearchFromAddressBarUrl ", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
    Deleted : user_pref( "CT2269050.SearchInNewTabEnabled ", true);
    Deleted : user_pref( "CT2269050.SearchInNewTabIntervalMM ", 1440);
    Deleted : user_pref( "CT2269050.SearchInNewTabLastCheckTime ", "Sun Apr 03 2011 10:16:53 GMT+0100 (GMT Daylight [...]
    Deleted : user_pref( "CT2269050.SearchInNewTabServiceUrl ", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Deleted : user_pref( "CT2269050.SearchInNewTabUsageUrl ", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
    Deleted : user_pref( "CT2269050.SettingsCheckIntervalMin ", 120);
    Deleted : user_pref( "CT2269050.SettingsLastCheckTime ", "Sun Apr 03 2011 10:16:52 GMT+0100 (GMT Daylight Time) "[...]
    Deleted : user_pref( "CT2269050.SettingsLastUpdate ", "1300785496 ");
    Deleted : user_pref( "CT2269050.ThirdPartyComponentsInterval ", 504);
    Deleted : user_pref( "CT2269050.ThirdPartyComponentsLastCheck ", "Sun Apr 03 2011 10:16:52 GMT+0100 (GMT Dayligh[...]
    Deleted : user_pref( "CT2269050.ThirdPartyComponentsLastUpdate ", "1246790578 ");
    Deleted : user_pref( "CT2269050.TrusteLinkUrl ", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID ");
    Deleted : user_pref( "CT2269050.UserID ", "UN74470477811991756 ");
    Deleted : user_pref( "CT2269050.ValidationData_Toolbar ", 0);
    Deleted : user_pref( "CT2269050.WeatherNetwork ", " ");
    Deleted : user_pref( "CT2269050.WeatherPollDate ", "Sun Apr 03 2011 10:16:54 GMT+0100 (GMT Daylight Time) ");
    Deleted : user_pref( "CT2269050.WeatherUnit ", "C ");
    Deleted : user_pref( "CT2269050.alertChannelId ", "666138 ");
    Deleted : user_pref( "CT2269050.clientLogIsEnabled ", false);
    Deleted : user_pref( "CT2269050.clientLogServiceUrl ", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
    Deleted : user_pref( "CT2269050.myStuffEnabled ", true);
    Deleted : user_pref( "CT2269050.myStuffPublihserMinWidth ", 400);
    Deleted : user_pref( "CT2269050.myStuffSearchUrl ", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Deleted : user_pref( "CT2269050.myStuffServiceIntervalMM ", 1440);
    Deleted : user_pref( "CT2269050.myStuffServiceUrl ", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Deleted : user_pref( "CT2269050.uninstallLogServiceUrl ", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
    Deleted : user_pref( "CommunityToolbar.SearchFromAddressBarSavedUrl ", "hxxp://www.mywebsearch.com/jsp/cfg_redir[...]
    Deleted : user_pref( "CommunityToolbar.ToolbarsList ", "CT2269050 ");
    Deleted : user_pref( "CommunityToolbar.ToolbarsList2 ", "CT2269050 ");
    Deleted : user_pref( "CommunityToolbar.facebook.settingsLastCheckTime ", "Sun Apr 03 2011 10:16:53 GMT+0100 (GMT[...]
    Deleted : user_pref( "CommunityToolbar.keywordURLSelectedCTID ", "CT2269050 ");
    Deleted : user_pref( "browser.search.defaulturl ", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&Sea[...]
    Deleted : user_pref( "browser.startup.homepage ", "hxxp://search.iminent.com/?appId=81d575de-9d19-4e04-b53d-4553[...]
    Deleted : user_pref( "extensions.facemoods.DNSErrUrl ", "hxxp://start.facemoods.com/?a=grupo&f=5 ");
    Deleted : user_pref( "extensions.facemoods.aflt ", "grupo ");
    Deleted : user_pref( "extensions.facemoods.dfltSrch ", true);
    Deleted : user_pref( "extensions.facemoods.dfltSrchPrvdr ", "Facemoods Search ");
    Deleted : user_pref( "extensions.facemoods.dnsErr ", true);
    Deleted : user_pref( "extensions.facemoods.firstRun ", true);
    Deleted : user_pref( "extensions.facemoods.hmpg ", true);
    Deleted : user_pref( "extensions.facemoods.hmpgUrl ", "hxxp://start.facemoods.com/?a=grupo ");
    Deleted : user_pref( "extensions.facemoods.id ", "44d4f56900000000000000a1b08e2bdf ");
    Deleted : user_pref( "extensions.facemoods.instlDay ", "15341 ");
    Deleted : user_pref( "extensions.facemoods.mntz ", " ");
    Deleted : user_pref( "extensions.facemoods.newTab ", true);
    Deleted : user_pref( "extensions.facemoods.newTabUrl ", "hxxp://start.facemoods.com/?a=grupo&f=2 ");
    Deleted : user_pref( "extensions.facemoods.prtnrId ", "facemoods.com ");
    Deleted : user_pref( "extensions.facemoods.searchProviderAdded ", true);
    Deleted : user_pref( "extensions.facemoods.sid ", "b79a0e1fbe284c5cba4c92757ba8aed0 ");
    Deleted : user_pref( "extensions.facemoods.tlbrSrchUrl ", "hxxp://start.facemoods.com/?a=grupo&f=3 ");
    Deleted : user_pref( "extensions.facemoods.vrsn ", "1.4.17.11 ");
    Deleted : user_pref( "extensions.mywebsearch.openSearchURL ", "hxxp://search.mywebsearch.com/mywebsearch/opensea[...]
    Deleted : user_pref( "extensions.mywebsearch.prevKwdEnabled ", true);
    Deleted : user_pref( "extensions.mywebsearch.prevKwdURL ", "chrome://real-networks-partner/locale/partner.proper[...]
    Deleted : user_pref( "startup.homepage_override_url ", "hxxp://www.ask.com?o=13162&l=null ");
    Deleted : user_pref( "extensions.crossriderapp3491.adsOldValue ", -1);

    Profile name : default
    File : C:\Users\West Family\AppData\Roaming\Mozilla\Firefox\Profiles\3d1lgqwd.default\prefs.js

    Deleted : user_pref( "browser.search.defaultenginename ", "AVG Secure Search ");
    Deleted : user_pref( "browser.search.selectedEngine ", "AVG Secure Search ");
    Deleted : user_pref( "extensions.mywebsearch.openSearchURL ", "hxxp://search.mywebsearch.com/mywebsearch/opensea[...]
    Deleted : user_pref( "extensions.mywebsearch.prevKwdEnabled ", true);
    Deleted : user_pref( "extensions.mywebsearch.prevKwdURL ", "chrome://real-networks-partner/locale/partner.proper[...]

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Katherine\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Users\West Family\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.64] : icon_url = "hxxp://isearch.avg.com/favicon.ico ",
    Deleted [l.67] : keyword = "isearch.avg.com ",
    Deleted [l.70] : search_url = "hxxp://isearch.avg.com/search?cid={348F47F3-B342-4EF8-87B0-421AF9E8EC04}&mid=8b[...]

    *************************

    AdwCleaner[R1].txt - [32277 octets] - [23/11/2012 16:03:22]
    AdwCleaner[R2].txt - [31270 octets] - [23/11/2012 16:10:01]
    AdwCleaner[R3].txt - [31286 octets] - [23/11/2012 16:11:57]
    AdwCleaner[S1].txt - [424 octets] - [23/11/2012 16:07:21]
    AdwCleaner[S2].txt - [383 octets] - [23/11/2012 16:10:12]
    AdwCleaner[S3].txt - [30727 octets] - [23/11/2012 16:12:30]

    ########## EOF - C:\AdwCleaner[S3].txt - [30788 octets] ##########
     
    thomaswest,
    #15
  17. 2012/11/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Otl?..
     
    broni,
    #16
  18. 2012/11/24
    thomaswest

    thomaswest Inactive Thread Starter

    Joined:
    2012/11/17
    Messages:
    18
    Likes Received:
    0
    OTL logfile created on: 24/11/2012 15:16:09 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Katherine\Downloads
    Windows Vista Home Premium Edition Service Pack 2, v.113 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.16497)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1.99 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 54.21% Memory free
    4.22 Gb Paging File | 3.23 Gb Available in Paging File | 76.62% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 464.49 Gb Total Space | 344.85 Gb Free Space | 74.24% Space Free | Partition Type: NTFS

    Computer Name: KATHERINE-PC | User Name: Katherine | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/11/24 15:15:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Katherine\Downloads\OTL.exe
    PRC - [2012/10/30 14:34:02 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/08/28 07:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    PRC - [2012/08/28 07:41:06 | 000,247,768 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    PRC - [2012/08/27 14:24:38 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Katherine\AppData\Local\Facebook\Update\FacebookUpdate.exe
    PRC - [2012/04/04 05:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2010/07/27 18:33:18 | 001,167,360 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
    PRC - [2010/06/21 14:02:00 | 000,308,640 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
    PRC - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe
    PRC - [2008/12/02 21:50:54 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2007/05/10 16:10:06 | 004,468,736 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2006/11/14 14:01:21 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\aol\1186225301\ee\aolsoftware.exe
    PRC - [2006/11/02 12:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
    PRC - [2006/10/23 12:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
    PRC - [2004/12/01 14:28:48 | 000,229,376 | ---- | M] (CASIO COMPUTER CO.,LTD.) -- C:\Program Files\CASIO\Photo Loader\Plauto.exe


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV - [2012/10/30 14:34:02 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
    SRV - [2012/10/11 16:45:39 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/08/28 07:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2012/04/04 05:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
    SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2006/10/23 12:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SMARTVHidMini2000x86.sys -- (SMARTVHidMini2000x86)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
    DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\avgtdix.sys -- (Avgtdix)
    DRV - File not found [File_System | Disabled | Running] -- system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\avgidsshimx.sys -- (AVGIDSShim)
    DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\avgidshx.sys -- (AVGIDSHX)
    DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\avgidsdriverx.sys -- (AVGIDSDriver)
    DRV - File not found [Kernel | Disabled | Stop_Pending] -- system32\DRIVERS\avgfwd6x.sys -- (Avgfwfd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\anvsnddrv.sys -- (anvsnddrv)
    DRV - [2012/10/30 14:34:03 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
    DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2010/07/13 03:14:26 | 000,602,216 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192cu.sys -- (RTL8192cu)
    DRV - [2010/05/14 21:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
    DRV - [2008/10/17 19:33:38 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2006/11/21 18:33:02 | 000,667,648 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
    DRV - [2006/11/16 21:24:54 | 000,048,128 | ---- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atl01v32.sys -- (AtcL001)
    DRV - [2006/11/02 08:27:22 | 001,083,520 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
    DRV - [2006/11/02 07:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
    DRV - [2006/11/01 20:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)
    DRV - [2006/10/18 12:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.aol.co.uk/web?isinit=true&query=%s
    IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-3426496018-1141303471-428153973-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.net
    IE - HKU\S-1-5-21-3426496018-1141303471-428153973-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3426496018-1141303471-428153973-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-3426496018-1141303471-428153973-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-3426496018-1141303471-428153973-1000\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
    IE - HKU\S-1-5-21-3426496018-1141303471-428153973-1000\..\SearchScopes\{A2A60FE8-43C1-465A-BF0D-1FC52A6EA45C}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    IE - HKU\S-1-5-21-3426496018-1141303471-428153973-1000\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    IE - HKU\S-1-5-21-3426496018-1141303471-428153973-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050
    IE - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\URLSearchHook: *{00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found
    IE - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
    IE - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found
    IE - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    IE - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.aol.co.uk/web?isinit=true&query=%s
    IE - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
    IE - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={348F47F3-B342-4EF8-87B0-421AF9E8EC04}&mid=8b0e8b0314a747d085b8d14acce4e9e6-53cf2c1e7f3c6eafce8c1252152cd2721bb1746f&lang=en&ds=AVG&pr=pr&d=2012-10-30 14:34:37&v=13.2.0.4&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    IE - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1
    IE - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultthis.engineName: "Search "
    FF - prefs.js..extensions.enabledAddons: firefox@red-cog.com:2.9
    FF - prefs.js..browser.search.defaultenginename: "Yahoo "
    FF - prefs.js..browser.search.selectedEngine: "Yahoo "
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&ilc=12&p= "
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811 "
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Katherine\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/12/21 14:50:38 | 000,000,000 | ---D | M]

    [2010/04/09 20:23:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katherine\AppData\Roaming\Mozilla\Extensions
    [2010/04/09 20:23:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katherine\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
    [2012/11/23 16:12:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katherine\AppData\Roaming\Mozilla\Firefox\Profiles\o8counvu.default\extensions
    [2012/07/10 15:22:08 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Katherine\AppData\Roaming\Mozilla\Firefox\Profiles\o8counvu.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2012/08/07 13:46:37 | 000,000,000 | ---D | M] ( "Vid-Saver ") -- C:\Users\Katherine\AppData\Roaming\Mozilla\Firefox\Profiles\o8counvu.default\extensions\crossriderapp3491@crossrider.com
    [2012/09/03 19:15:57 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Katherine\AppData\Roaming\Mozilla\Firefox\Profiles\o8counvu.default\extensions\OneClickDownload@OneClickDownload.com
    [2012/07/10 15:31:31 | 000,014,961 | ---- | M] () (No name found) -- C:\Users\Katherine\AppData\Roaming\Mozilla\Firefox\Profiles\o8counvu.default\extensions\firefox@red-cog.com.xpi
    [2010/10/03 12:36:12 | 000,001,819 | ---- | M] () -- C:\Users\Katherine\AppData\Roaming\Mozilla\Firefox\Profiles\o8counvu.default\searchplugins\bing.xml
    [2012/07/10 15:33:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/03/15 18:38:27 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    File not found (No name found) -- C:\PROGRAM FILES\BEARSHARE APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION
    [2005/04/27 20:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npracplug.dll

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
    CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Katherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
    CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Katherine\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll

    O1 HOSTS File: ([2012/11/22 18:23:27 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1000\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
    O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
    O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
    O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\Toolbar\WebBrowser: (no name) - {BC04B34E-5DD8-465A-A5E0-86F7C11BC009} - No CLSID value found.
    O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
    O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\Toolbar\WebBrowser: (no name) - {CA4EEDB3-5719-4E27-A478-8D13F761C28D} - No CLSID value found.
    O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
    O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
    O4 - HKLM..\Run: [GSISETUP] E:\drivers\VOYAGE~2\setup.exe File not found
    O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1186225301\ee\aolsoftware.exe (America Online, Inc.)
    O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
    O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
    O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3426496018-1141303471-428153973-1000..\Run: [AOL Dialer] C:\Program Files\Common Files\aol\acs\AOLDial.exe (AOL LLC)
    O4 - HKU\S-1-5-21-3426496018-1141303471-428153973-1000..\Run: [Facebook Update] C:\Users\Katherine\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKU\S-1-5-21-3426496018-1141303471-428153973-1000..\Run: [SDP] C:\Program Files\FilesFrog Update Checker\update_checker.exe /auto File not found
    O4 - HKU\S-1-5-21-3426496018-1141303471-428153973-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O4 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all File not found
    O4 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001..\Run: [Logitech Vid HD] "C:\Program Files\Logitech\Vid\vid.exe" -bootmode File not found
    O4 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
    O4 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O4 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - Startup: C:\Users\West Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3426496018-1141303471-428153973-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3426496018-1141303471-428153973-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-3426496018-1141303471-428153973-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-3426496018-1141303471-428153973-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O7 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O15 - HKU\S-1-5-21-3426496018-1141303471-428153973-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O15 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {A6132015-5796-48B5-B776-16D009021D81} https://eatm.firstbank.com.tw/firstbank_ie32.cab (FirstBankATM Class)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://81.137.215.15:9024/activex/AMC.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
    O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{374E3EF4-1BF1-42FB-B6B9-CCCC93AA3BC5}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop BackupWallPaper: C:\Users\Katherine\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\S-1-5-21-3426496018-1141303471-428153973-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/11/22 18:26:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/11/20 16:38:17 | 000,000,000 | ---D | C] -- C:\Users\Katherine\AppData\Local\temp
    [2012/11/20 16:38:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/11/20 16:26:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/11/20 16:26:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/11/20 16:26:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/11/20 16:25:55 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/11/20 16:25:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/11/19 19:24:28 | 000,000,000 | ---D | C] -- C:\Users\Katherine\Desktop\RK_Quarantine
    [2012/11/18 14:40:10 | 000,000,000 | ---D | C] -- C:\Users\Katherine\AppData\Local\Serif
    [2012/11/18 14:40:10 | 000,000,000 | ---D | C] -- C:\Users\Katherine\Documents\MoviePlus
    [2012/11/17 08:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/11/17 08:01:16 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/11/17 08:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/11/16 18:54:37 | 000,000,000 | ---D | C] -- C:\Users\Katherine\AppData\Roaming\Malwarebytes
    [2012/11/16 18:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/11/16 18:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
    [2012/11/15 15:42:31 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/11/11 18:28:28 | 000,000,000 | ---D | C] -- C:\KP500
    [2012/11/11 18:25:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGMobile Support Tool
    [2012/11/11 18:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\LGMOBILEAX
    [2012/11/11 18:21:01 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
    [2012/11/08 16:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
    [2012/10/31 15:39:12 | 000,000,000 | ---D | C] -- C:\Users\Katherine\AppData\Roaming\AVG
    [2012/10/31 15:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
    [2012/10/31 15:37:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    [2012/10/30 14:34:52 | 000,000,000 | ---D | C] -- C:\Users\Katherine\AppData\Roaming\TuneUp Software
    [2012/10/30 14:34:35 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
    [2012/10/30 14:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
    [2012/10/30 14:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
    [2012/10/30 14:16:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2012/10/30 14:16:14 | 000,000,000 | ---D | C] -- C:\Users\Katherine\AppData\Local\MFAData
    [2012/10/30 14:16:14 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2012/10/30 14:16:14 | 000,000,000 | ---D | C] -- C:\Users\Katherine\AppData\Local\Avg2013
    [2012/10/29 17:41:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2009/07/17 19:08:06 | 1021,494,137 | ---- | C] (Activision ) -- C:\Users\Katherine\CoDWaW-1.4-1.5-PatchSetup.exe
    [2008/10/15 19:47:20 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

    ========== Files - Modified Within 30 Days ==========

    [2012/11/24 14:59:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/11/24 14:58:48 | 000,004,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/11/24 14:58:48 | 000,004,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/11/24 14:58:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/11/24 14:58:41 | 2138,234,880 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/24 14:58:39 | 225,709,429 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/11/24 14:55:30 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1FD94130-27B3-4BA3-83E5-93E61898A1DA}.job
    [2012/11/24 14:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/11/24 14:28:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/11/24 12:29:00 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3426496018-1141303471-428153973-1000UA.job
    [2012/11/24 08:30:03 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3C0B3076-D93D-469A-9FDE-BF4819B11EB9}.job
    [2012/11/22 21:00:10 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/11/22 21:00:10 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/11/22 18:32:10 | 000,005,216 | ---- | M] () -- C:\Users\Katherine\AppData\Local\d3d9caps.dat
    [2012/11/22 18:23:27 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/11/20 15:29:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3426496018-1141303471-428153973-1000Core.job
    [2012/11/18 14:54:13 | 000,082,432 | ---- | M] () -- C:\Users\Katherine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/11/17 08:12:05 | 000,000,512 | ---- | M] () -- C:\Users\Katherine\Desktop\MBR.dat
    [2012/11/17 08:01:18 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/11 18:25:39 | 000,002,413 | ---- | M] () -- C:\Windows\System32\lgAxconfig.ini
    [2012/11/11 18:25:18 | 000,000,789 | ---- | M] () -- C:\Users\Katherine\Desktop\LGMobile Support Tool.lnk
    [2012/10/30 14:34:03 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
    [2012/10/29 17:41:13 | 000,001,981 | ---- | M] () -- C:\Users\Katherine\Desktop\Google Chrome.lnk
    [2012/10/29 17:41:13 | 000,001,965 | ---- | M] () -- C:\Users\Katherine\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

    ========== Files Created - No Company Name ==========

    [2012/11/20 16:26:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/11/20 16:26:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/11/20 16:26:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/11/20 16:26:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/11/20 16:26:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/11/17 08:12:05 | 000,000,512 | ---- | C] () -- C:\Users\Katherine\Desktop\MBR.dat
    [2012/11/17 08:01:18 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/11 18:25:18 | 000,000,789 | ---- | C] () -- C:\Users\Katherine\Desktop\LGMobile Support Tool.lnk
    [2012/11/11 18:25:10 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
    [2012/11/11 18:25:10 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
    [2012/10/30 13:54:53 | 2138,234,880 | -HS- | C] () -- C:\hiberfil.sys
    [2012/10/29 17:41:13 | 000,001,981 | ---- | C] () -- C:\Users\Katherine\Desktop\Google Chrome.lnk
    [2012/10/29 17:41:13 | 000,001,965 | ---- | C] () -- C:\Users\Katherine\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/07/09 14:53:44 | 000,067,100 | ---- | C] () -- C:\Users\Katherine\xs1qpp_webber-snatches-victory-from-alonso_sport.htm
    [2011/12/10 13:06:20 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
    [2011/09/19 07:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
    [2011/09/19 07:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
    [2011/08/13 11:04:32 | 000,001,940 | ---- | C] () -- C:\Users\Katherine\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2010/11/11 20:09:27 | 000,027,568 | ---- | C] () -- C:\Users\Katherine\Nigeria.notebook
    [2010/05/16 17:41:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/06/15 10:47:38 | 000,000,142 | ---- | C] () -- C:\Users\Katherine\GamersHell.url
    [2008/10/15 07:58:47 | 000,000,552 | ---- | C] () -- C:\Users\Katherine\AppData\Local\d3d8caps.dat
    [2008/10/15 07:58:42 | 000,005,216 | ---- | C] () -- C:\Users\Katherine\AppData\Local\d3d9caps.dat
    [2008/08/18 19:21:17 | 000,000,632 | RHS- | C] () -- C:\Users\Katherine\ntuser.pol
    [2008/07/22 20:52:00 | 000,000,431 | ---- | C] () -- C:\Users\Katherine\dialog.xlb
    [2008/05/31 07:57:45 | 000,001,426 | ---- | C] () -- C:\ProgramData\productlist.xml
    [2008/03/19 20:27:56 | 000,000,852 | ---- | C] () -- C:\Users\Katherine\AppData\Roaming\wklnhst.dat
    [2007/10/03 16:29:34 | 000,459,608 | ---- | C] () -- C:\Users\Katherine\FrontBack.wav
    [2007/10/03 16:29:27 | 000,599,422 | R--- | C] () -- C:\Users\Katherine\Frontmenu2.jpg
    [2007/10/03 16:29:21 | 000,637,643 | R--- | C] () -- C:\Users\Katherine\Frontmenu1.jpg
    [2007/10/03 16:29:16 | 000,607,935 | R--- | C] () -- C:\Users\Katherine\Frontmenu5.jpg
    [2007/07/29 21:23:46 | 000,082,432 | ---- | C] () -- C:\Users\Katherine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    " " = %SystemRoot%\system32\shell32.dll -- [2008/10/17 21:22:50 | 011,584,512 | ---- | M] (Microsoft Corporation)

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    " " = %SystemRoot%\system32\shell32.dll -- [2008/10/17 21:22:50 | 011,584,512 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    " " = %systemroot%\system32\wbem\fastprox.dll -- [2008/01/19 07:34:21 | 000,614,400 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    " " = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/19 07:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012/11/09 15:39:40 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
    [2012/11/09 15:39:40 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
    [2010/03/11 21:16:14 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\Amazon
    [2012/10/31 15:39:12 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\AVG
    [2012/06/12 18:04:00 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\BANDISOFT
    [2007/10/14 11:53:20 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\Capita
    [2008/09/10 22:00:43 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2012/08/29 19:07:41 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\DVDVideoSoft
    [2008/07/28 18:51:31 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\EPSON
    [2010/10/25 09:09:03 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\FUJIFILM
    [2009/11/24 20:42:48 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\GetRightToGo
    [2011/07/18 11:09:28 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\go
    [2010/06/11 15:39:38 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\Leadertech
    [2010/11/27 13:45:38 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\LEGO Company
    [2012/10/07 16:10:06 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\MusicNet
    [2012/11/18 14:40:10 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\Serif
    [2007/10/01 18:28:47 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\SMART Technologies Inc
    [2012/03/28 20:59:52 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\Sony
    [2008/03/19 20:27:58 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\Template
    [2008/09/10 22:17:42 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\Ten PDF Reader
    [2011/07/23 12:31:00 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\Tific
    [2010/04/09 20:22:59 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\TomTom
    [2012/10/30 14:34:52 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\TuneUp Software
    [2012/01/02 19:30:46 | 000,000,000 | ---D | M] -- C:\Users\Katherine\AppData\Roaming\W3i, LLC
    [2009/05/11 18:45:16 | 000,000,000 | ---D | M] -- C:\Users\West Family\AppData\Roaming\Amazon
    [2012/10/31 15:46:07 | 000,000,000 | ---D | M] -- C:\Users\West Family\AppData\Roaming\AVG
    [2012/01/02 19:31:32 | 000,000,000 | ---D | M] -- C:\Users\West Family\AppData\Roaming\com.w3i.FlipToast
    [2010/10/19 16:10:52 | 000,000,000 | ---D | M] -- C:\Users\West Family\AppData\Roaming\CoSoSys
    [2012/08/29 18:47:23 | 000,000,000 | ---D | M] -- C:\Users\West Family\AppData\Roaming\DVDVideoSoft
    [2008/10/05 14:31:45 | 000,000,000 | ---D | M] -- C:\Users\West Family\AppData\Roaming\EPSON
    [2010/06/04 15:33:32 | 000,000,000 | ---D | M] -- C:\Users\West Family\AppData\Roaming\FUJIFILM
    [2010/01/17 17:55:39 | 000,000,000 | ---D | M] -- C:\Users\West Family\AppData\Roaming\GetRightToGo
    [2011/07/21 15:02:34 | 000,000,000 | ---D | M] -- C:\Users\West Family\AppData\Roaming\go
    [2010/12/12 08:26:13 | 000,000,000 | ---D | M] -- C:\Users\West Family\AppData\Roaming\LEGO Company
    [2011/12/10 14:44:39 | 000,000,000 | ---D | M] -- C:\Users\West Family\AppData\Roaming\Philips
    [2011/04/19 20:32:39 | 000,000,000 | ---D | M] -- C:\Users\West Family\AppData\Roaming\Serif
    [2008/10/05 14:54:04 | 000,000,000 | ---D | M] -- C:\Users\West Family\AppData\Roaming\SMART Technologies Inc
    [2012/03/26 19:29:08 | 000,000,000 | ---D | M] -- C:\Users\West Family\AppData\Roaming\Sony
    [2009/02/19 13:32:11 | 000,000,000 | ---D | M] -- C:\Users\West Family\AppData\Roaming\Ten PDF Reader
    [2012/11/08 16:36:31 | 000,000,000 | ---D | M] -- C:\Users\West Family\AppData\Roaming\TomTom
    [2012/11/01 16:18:51 | 000,000,000 | ---D | M] -- C:\Users\West Family\AppData\Roaming\TuneUp Software

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:D1B5B4F1

    < End of report >
     
    thomaswest,
    #17
  19. 2012/11/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Reinstall AVG as soon as possible.

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\URLSearchHook: *{00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found
IE - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1000\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\Toolbar\WebBrowser: (no name) - {BC04B34E-5DD8-465A-A5E0-86F7C11BC009} - No CLSID value found.
O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\Toolbar\WebBrowser: (no name) - {CA4EEDB3-5719-4E27-A478-8D13F761C28D} - No CLSID value found.
O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [GSISETUP] E:\drivers\VOYAGE~2\setup.exe File not found
O4 - HKLM..\Run: [ROC_roc_ssl_v12]  "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [vProt]  "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-21-3426496018-1141303471-428153973-1000..\Run: [SDP] C:\Program Files\FilesFrog Update Checker\update_checker.exe /auto File not found
O4 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all File not found
O4 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001..\Run: [Logitech Vid HD]  "C:\Program Files\Logitech\Vid\vid.exe" -bootmode File not found
O4 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001..\Run: [swg]  "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - Startup: C:\Users\West Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O15 - HKU\S-1-5-21-3426496018-1141303471-428153973-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://81.137.215.15:9024/activex/AMC.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolb...lerControl.cab (Reg Error: Key error.)
O37 - HKU\S-1-5-21-3426496018-1141303471-428153973-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:D1B5B4F1

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ==============================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan ".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #18
  20. 2012/11/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Reinstall AVG as soon as possible.

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\URLSearchHook: *{00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found
IE - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1000\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\Toolbar\WebBrowser: (no name) - {BC04B34E-5DD8-465A-A5E0-86F7C11BC009} - No CLSID value found.
O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\Toolbar\WebBrowser: (no name) - {CA4EEDB3-5719-4E27-A478-8D13F761C28D} - No CLSID value found.
O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [GSISETUP] E:\drivers\VOYAGE~2\setup.exe File not found
O4 - HKLM..\Run: [ROC_roc_ssl_v12]  "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [vProt]  "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-21-3426496018-1141303471-428153973-1000..\Run: [SDP] C:\Program Files\FilesFrog Update Checker\update_checker.exe /auto File not found
O4 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all File not found
O4 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001..\Run: [Logitech Vid HD]  "C:\Program Files\Logitech\Vid\vid.exe" -bootmode File not found
O4 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001..\Run: [swg]  "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - Startup: C:\Users\West Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O15 - HKU\S-1-5-21-3426496018-1141303471-428153973-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-3426496018-1141303471-428153973-1001\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://81.137.215.15:9024/activex/AMC.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolb...lerControl.cab (Reg Error: Key error.)
O37 - HKU\S-1-5-21-3426496018-1141303471-428153973-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:D1B5B4F1

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ==============================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan ".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #19
  21. 2012/11/24
    thomaswest

    thomaswest Inactive Thread Starter

    Joined:
    2012/11/17
    Messages:
    18
    Likes Received:
    0
    Hello Broni,
    As i ran the TFC scan, my computer froze and i had to re-boot it manually, i was then greeted with a black screen saying 'Windows has failed to start, a recent software or hardware installation may be the cause'. Then a blue screen appeared and said 'A problem has been detected and windows has been shut down to prevent damage to your computer'. It then said below that message: IRQL_NOT_LESS_OR_EQUAL and i had to re-boot the computer manually again.
    After several attempts of rebooting i had to use system restore and managed to get it to work. I don't know if this means anything or not so i just thoguht i might put it in the reply just in case.
    Here are the logs you requested.




    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3426496018-1141303471-428153973-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\*{00A6FAF6-072E-44cf-8957-5838F569A31D} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{00A6FAF6-072E-44cf-8957-5838F569A31D}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3426496018-1141303471-428153973-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3426496018-1141303471-428153973-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3426496018-1141303471-428153973-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-3426496018-1141303471-428153973-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3426496018-1141303471-428153973-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3426496018-1141303471-428153973-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3426496018-1141303471-428153973-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3426496018-1141303471-428153973-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3426496018-1141303471-428153973-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3426496018-1141303471-428153973-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3426496018-1141303471-428153973-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC04B34E-5DD8-465A-A5E0-86F7C11BC009} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC04B34E-5DD8-465A-A5E0-86F7C11BC009}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3426496018-1141303471-428153973-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3426496018-1141303471-428153973-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CA4EEDB3-5719-4E27-A478-8D13F761C28D} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA4EEDB3-5719-4E27-A478-8D13F761C28D}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3426496018-1141303471-428153973-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3426496018-1141303471-428153973-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3426496018-1141303471-428153973-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GSISETUP not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_ssl_v12 not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt not found.
    Registry value HKEY_USERS\S-1-5-21-3426496018-1141303471-428153973-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SDP not found.
    Registry value HKEY_USERS\S-1-5-21-3426496018-1141303471-428153973-1001\Software\Microsoft\Windows\CurrentVersion\Run\\kdx deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-3426496018-1141303471-428153973-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Logitech Vid HD deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-3426496018-1141303471-428153973-1001\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
    C:\Users\West Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk moved successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-3426496018-1141303471-428153973-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-3426496018-1141303471-428153973-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
    Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}
    C:\Windows\Downloaded Program Files\setup.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\Windows\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {DE625294-70E6-45ED-B895-CFFA13AEB044}
    C:\Windows\Downloaded Program Files\setup.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DE625294-70E6-45ED-B895-CFFA13AEB044}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE625294-70E6-45ED-B895-CFFA13AEB044}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DE625294-70E6-45ED-B895-CFFA13AEB044}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE625294-70E6-45ED-B895-CFFA13AEB044}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Starting removal of ActiveX control CabBuilder
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\CabBuilder\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\CabBuilder\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\CabBuilder\ not found.
    Registry key HKEY_USERS\S-1-5-21-3426496018-1141303471-428153973-1000_Classes\.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-3426496018-1141303471-428153973-1000_Classes\ComFile\ not found.
    HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully!
    ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Katherine
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 9649289 bytes
    ->Java cache emptied: 5924741 bytes
    ->FireFox cache emptied: 38070840 bytes
    ->Google Chrome cache emptied: 109728091 bytes
    ->Apple Safari cache emptied: 63304704 bytes
    ->Flash cache emptied: 5856 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: West Family
    ->Temp folder emptied: 32848 bytes
    ->Temporary Internet Files folder emptied: 57076065 bytes
    ->Java cache emptied: 6772566 bytes
    ->FireFox cache emptied: 7559044 bytes
    ->Google Chrome cache emptied: 383244352 bytes
    ->Apple Safari cache emptied: 5164032 bytes
    ->Flash cache emptied: 1341163 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1924 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 656.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Katherine
    ->Java cache emptied: 0 bytes

    User: Public

    User: West Family
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Katherine
    ->Flash cache emptied: 0 bytes

    User: Public

    User: West Family
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 11242012_190819

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
    thomaswest,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...