Solved Cannot install Malwarebytes Anti-Malware: Access is denied

[Kristo92]

Hi there,

For the past month i have been having huge problems with my computer! It first started by my password to one of my email accounts getting hijacked and my hotmail email account would be blocked when i would come to it and i would see that hundreds of messages had been sent from it. I changed my password and that stopped. THEN, i started getting redirected to other sites pretty much no matter what.

I am actually having pretty much the identical problems as the user Ronson that you just recently helped out. At first rkill and malware bytes was working sufficiently for me to keep my computer up and running but now i am unable to see any of my icons and unable to open any programs. I am getting "access denied' when running malware bytes in both safe mode, normal mode, safe with networking, etc.

I was going to follow through the steps you provided Ronson, but i also read that following general instructions might be a bad idea! Anyways, any help you could provide would be greatly greatly appreciated. Thank you very much and have a good day. cheers, kris

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
Complete as many steps as you can.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[Kristo92]

Thanks so much for the quick reply. I was able to install avant, install took quite a bit of time and it looked like it removed some things, as well as install and run Malwarebytes. Here is the log after i selected "remove selected".

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8025

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

10/26/2011 2:31:29 PM
mbam-log-2011-10-26 (14-31-29).txt

Scan type: Quick scan
Objects scanned: 210865
Time elapsed: 5 minute(s), 51 second(s)

Memory Processes Infected: 6
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 15
Registry Data Items Infected: 4
Folders Infected: 1
Files Infected: 22

Memory Processes Infected:
c:\Users\kristopher\AppData\Roaming\CF67D\8A804.exe (Backdoor.Bot) -> 4240 -> Failed to unload process.
c:\Users\kristopher\AppData\Roaming\microsoft\04AC\F0B.exe (Backdoor.Bot) -> 4652 -> Failed to unload process.
c:\Users\kristopher\AppData\Roaming\7D37E\lvvm.exe (Backdoor.Bot) -> 5040 -> Failed to unload process.
c:\Users\kristopher\AppData\Roaming\uwj7del8gzhxkv\vobtzp0yc1.exe (Backdoor.Bot) -> 4636 -> Failed to unload process.
c:\programdata\qkjulydxtx.exe (Trojan.FakeAlert) -> 5652 -> Failed to unload process.
c:\programdata\6dss92c31apgjk.exe (Trojan.FakeAlert) -> 5048 -> Failed to unload process.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\F0B.exe (Backdoor.Bot) -> Value: F0B.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sRZ9hYXwjVlzyA8234A (Backdoor.Bot) -> Value: sRZ9hYXwjVlzyA8234A -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qkjUlyDxtx.exe (Trojan.FakeAlert) -> Value: qkjUlyDxtx.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jaNfdNHCfFxyI.exe (Trojan.FakeAlert) -> Value: jaNfdNHCfFxyI.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\av2F4m5QJdKR9hX8234A (Backdoor.Bot) -> Value: av2F4m5QJdKR9hX8234A -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gb3naHsKE9Tqjkl (Spyware.Zeus) -> Value: gb3naHsKE9Tqjkl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\F0B.exe (Backdoor.Bot) -> Value: F0B.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\i9hTXqjUCkBzNx0 (Spyware.Zeus) -> Value: i9hTXqjUCkBzNx0 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UobF3pmG5Q68234A (Backdoor.Bot) -> Value: UobF3pmG5Q68234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\U3pnG5aQHdKfLgX8234A (Backdoor.Bot) -> Value: U3pnG5aQHdKfLgX8234A -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4Y3Y0C3AWF7XZA7WOUXDVY (Trojan.Spyeyes) -> Value: 4Y3Y0C3AWF7XZA7WOUXDVY -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.CycBot) -> Value: Load -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\volmgr (Trojan.Agent) -> Value: volmgr -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.Bot) -> Bad: (C:\Users\Kristopher\AppData\Roaming\7D37E\lvvm.exe) Good: () -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\kristopher\AppData\Roaming\CF67D\8A804.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\kristopher\AppData\Roaming\microsoft\04AC\F0B.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\kristopher\AppData\Roaming\7D37E\lvvm.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\kristopher\AppData\Roaming\uwj7del8gzhxkv\vobtzp0yc1.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\programdata\qkjulydxtx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\6dss92c31apgjk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\janfdnhcffxyi.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\System32\yveelbzncu.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\svhostu.exe (Spyware.Zeus) -> Quarantined and deleted successfully.
c:\program files (x86)\LP\04AC\F0B.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\kristopher\AppData\Roaming\svhostu.exe (Spyware.Zeus) -> Quarantined and deleted successfully.
c:\Users\kristopher\AppData\Roaming\kh6swj7fe8tqywu\grlobtxp0c1v3n.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\kristopher\AppData\Roaming\kamh5swj7e8\hrzqhyxwkvlbz0c.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\kristopher\AppData\Roaming\chrome.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\kristopher\AppData\Roaming\firefox.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\kristopher\AppData\Roaming\java.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\yveelbzncu.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\kristopher\AppData\Local\Temp\svhostu.exe (Spyware.Zeus) -> Quarantined and deleted successfully.
c:\Users\kristopher\Desktop\system security 2011.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\Recycle.Bin\b6232f3a864.exe (Trojan.Spyeyes) -> Quarantined and deleted successfully.
c:\Users\kristopher\AppData\Roaming\ldr.ini (Malware.Trace) -> Quarantined and deleted successfully.
c:\Recycle.Bin\fffe72794b0a212 (Trojan.Spyeyes) -> Quarantined and deleted successfully.


I will go ahead now and get the information for GMER. Thank you so much for your time. You are a valuable asset to the internet world! Cheers, Kris

 

[Broni]

You're very welcome

 

[Kristo92]

Per request GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-26 15:24:52
Windows 6.0.6001 Service Pack 1
Running: 5u6dyc5b.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214f562594
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6A 0x31 0x1E 0x6D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA3 0xC2 0x71 0x19 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xAA 0xF6 0x1C 0x06 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00214f562594 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6A 0x31 0x1E 0x6D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA3 0xC2 0x71 0x19 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xAA 0xF6 0x1C 0x06 ...

---- Files - GMER 1.0.15 ----

File C:\Users\Kristopher\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PWPC76QB\bargainwholesalehdtvs.com.\swfstore.swf 0 bytes
File C:\Users\Kristopher\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bargainwholesalehdtvs.com.\settings.sol 96 bytes

---- EOF - GMER 1.0.15 ----

 

[Broni]

Go on............

 

[Kristo92]

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_22
Run by Kristopher at 15:35:08 on 2011-10-26
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4062.1837 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\RtkAudioService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Users\Kristopher\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\NetZero\exec.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\PeoplePC\ISP8330\Browser\Bartshel.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWi.exe
C:\PROGRA~2\PeoplePC\ISP8330\Browser\PPShared.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\ProgramData\saXsAQWSemKq.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\ProgramData\6DSS92c31Apgjk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files (x86)\NetZero\exec.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Kristopher\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\ping.exe
C:\Users\Kristopher\Downloads\5u6dyc5b.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.my.yahoo.com/
uSearch Bar =
mSearchAssistant =
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Pop-up Blocker: {52706ef7-d7a2-49ad-a615-e903858cf284} - C:\Program Files (x86)\NetZero\qsacc\X1IEBHO.dll
BHO: Accelerator Plugin: {656ec4b7-072b-4698-b504-2a414c1f0037} - C:\PROGRA~2\PEOPLE~1\PRPL_I~1.DLL
BHO: ShopShieldCompanion: {6e0173e2-c764-490f-8035-d4c8091774a8} - C:\Program Files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: NetZero Toolbar Helper: {fe3098b0-04a3-41fd-8ca9-bea39cb14c87} - C:\Program Files (x86)\NetZero\ucreg.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - C:\Program Files (x86)\NetZero\Toolbar.dll
TB: Shop Shield: {596de2ef-c6de-400f-9f8d-288fed8e323d} - C:\Program Files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: ShopShield: {89d719ad-0468-4539-bc75-8e59699e7912} - C:\Program Files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
uRun: [NetZero_uoltray] C:\Program Files (x86)\NetZero\exec.exe regrun
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [SmartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] "C:\Program Files (x86)\Cyberlink\Shared files\brs.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Bart Station] "C:\Program Files (x86)\PeoplePC\ISP8330\BIN\PPCOLink.exe" -STATION
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [saXsAQWSemKq.exe] C:\ProgramData\saXsAQWSemKq.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Users\Kristopher\Desktop\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware] "C:\Users\Kristopher\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRun: [1627327370] C:\Windows\TEMP\\jucheck.exe
dRun: [Motive Update] rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.dll",DllRegisterServer
dRun: [volmgr] C:\Windows\system32\config\systemprofile\AppData\Local\volmgr.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Display All Images with Full Quality - "C:\Program Files (x86)\NetZero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "C:\Program Files (x86)\NetZero\qsacc\appres.dll/227"
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {89D719AD-0468-4539-BC75-8E59699E7912} - {89D719AD-0468-4539-BC75-8E59699E7912} - C:\Program Files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
Trusted Zone: $talisma_url$
Trusted Zone: netzero.com
Trusted Zone: netzero.net
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102
TCP: Interfaces\{C2E5C1C7-AC38-419F-A30F-6745348862BC} : DhcpNameServer = 68.87.69.150 68.87.85.102
TCP: Interfaces\{C4FC6294-5DDA-496C-91A9-D4B43772E63C} : DhcpNameServer = 68.87.69.150 68.87.85.102
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Pop-up Blocker: {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files (x86)\NetZero\qsacc\X1IEBHO.dll
BHO-X64: Accelerator Plugin: {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~2\PEOPLE~1\PRPL_I~1.DLL
BHO-X64: ShopShieldCompanion: {6e0173e2-c764-490f-8035-d4c8091774a8} - C:\Program Files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader.dll
BHO-X64: 0x1 - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: NetZero Toolbar Helper: {FE3098B0-04A3-41fd-8CA9-BEA39CB14C87} - C:\Program Files (x86)\NetZero\ucreg.dll
BHO-X64: NetZero Toolbar Helper - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: ZeroBar: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files (x86)\NetZero\Toolbar.dll
TB-X64: Shop Shield: {596de2ef-c6de-400f-9f8d-288fed8e323d} - C:\Program Files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
EB-X64: {89D719AD-0468-4539-BC75-8E59699E7912} - No File
mRun-x64: [SmartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun-x64: [BDRegion] "C:\Program Files (x86)\Cyberlink\Shared files\brs.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Bart Station] "C:\Program Files (x86)\PeoplePC\ISP8330\BIN\PPCOLink.exe" -STATION
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [saXsAQWSemKq.exe] C:\ProgramData\saXsAQWSemKq.exe
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Users\Kristopher\Desktop\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Users\Kristopher\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
Hosts: 94.63.240.133 www.google.com
Hosts: 94.63.240.134 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kristopher\AppData\Roaming\Mozilla\Firefox\Profiles\4un0vwqr.default\
FF - prefs.js: browser.search.selectedEngine - Web Search...
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?utm_source=en-ha-na-us-sk&utm_medium=ha&referrer=ign_n
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 55192
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Users\Kristopher\AppData\Roaming\NeuLion\AdaptivePlugin\npadaptiveplugin_1_6_5_7131.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/06/07 08:26:23];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-4-2 146928]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 21504]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-10-26 44768]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 MBAMService;MBAMService;C:\Users\Kristopher\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-26 366152]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-10-12 517632]
R2 McciServiceHost;McciServiceHost;C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe [2010-10-12 315392]
R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2011-1-15 91392]
R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]
R2 RtkAudioService;Realtek Audio Service;C:\Windows\RTKAUDIOSERVICE.EXE [2009-12-10 139808]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 136176]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motport;Motorola USB Diagnostic Port;C:\Windows\system32\DRIVERS\motport.sys --> C:\Windows\system32\DRIVERS\motport.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-12 93184]
.
=============== Created Last 30 ================
.
2011-10-26 21:20:17 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-10-26 21:11:04 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\ezPNcA1uvDo
2011-10-26 21:10:58 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\nmH6sWJ7fLgZhCk
2011-10-26 21:10:58 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\kamH5sWJ7E8
2011-10-26 21:10:39 107520 ---ha-w- C:\Users\Kristopher\AppData\Roaming\Microsoft\04AC\7CC0.tmp
2011-10-26 21:10:35 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\EuvD2obF4m5Q6E8
2011-10-26 21:10:29 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\AfELB1ivDoF5W7E
2011-10-26 21:10:28 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\DONtxP0uc1b3n4m
2011-10-26 18:34:23 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-10-26 18:34:21 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-10-26 18:34:09 41184 ----a-w- C:\Windows\avastSS.scr
2011-10-26 18:34:00 -------- d--h--w- C:\ProgramData\AVAST Software
2011-10-26 18:34:00 -------- d-----w- C:\Program Files\AVAST Software
2011-10-26 17:08:43 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\Microsoft Corporation
2011-10-26 17:08:31 -------- d--h--w- C:\Users\Kristopher\AppData\Local\assembly
2011-10-26 17:07:48 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\mTXqjYCekVzNx0c
2011-10-26 17:07:44 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\opnG4aQH6W7E9Tq
2011-10-26 17:07:40 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\KH6sWJ7fE8TqYwU
2011-10-26 17:07:33 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\FfRL9hTXqUeIrOy
2011-10-26 17:07:32 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\GxA1uvS2b3m5Q6W
2011-10-26 17:07:28 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\ebF3pnG5aHdKfLg
2011-10-26 07:28:35 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\7D37E
2011-10-26 07:28:23 107520 ---ha-w- C:\Users\Kristopher\AppData\Roaming\Microsoft\04AC\5CBF.tmp
2011-10-26 07:28:14 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\CF67D
2011-10-26 07:28:13 288768 ---h--w- C:\Users\Kristopher\AppData\Roaming\Microsoft\04AC\F0B.exe
2011-10-26 07:28:07 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\QXqjeekIBrzONx0
2011-10-26 07:28:07 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\jmG5aQJ6dKfLh
2011-10-26 07:28:01 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\Zy1SbF3pm5Q6W8R
2011-10-26 07:27:59 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\w4am6sWJ7E8Tq
2011-10-26 07:27:59 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\UWJ7dEL8gZhXkV
2011-10-26 06:47:04 -------- d-----w- C:\Program Files (x86)\7D37E
2011-10-26 06:46:34 -------- d-----w- C:\Program Files (x86)\LP
2011-10-26 05:43:59 315702 ----a-w- C:\Windows\SysWow64\PerfStringBackup.TMP
2011-10-26 05:36:25 429968 ---ha-w- C:\ProgramData\saXsAQWSemKq.exe
2011-10-26 05:21:19 315702 ----a-w- C:\Windows\System32\PerfStringBackup.TMP
2011-10-26 05:16:59 372736 ---h--w- C:\ProgramData\6DSS92c31Apgjk.exe
2011-10-24 19:20:38 410512 ------w- C:\ProgramData\qkjUlyDxtx.exe
2011-10-21 08:52:44 8570192 ---ha-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A70A73D3-083E-47D6-8392-6F3D616B15C8}\mpengine.dll
2011-10-03 22:40:47 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\LRRZ9hhTXwjClIr
2011-10-03 22:40:37 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\CxxxA11uvS2oF3
2011-10-03 22:40:32 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\hdEEKK8fRZ9h
2011-10-03 22:40:28 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\uzzzPNNyxA1vSob
2011-10-03 22:40:23 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\JzzzPNNyxA1uS2b
2011-10-03 22:40:18 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\wKK88fRRZhTwjCe
2011-10-03 22:40:13 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\yUUCCelIIBzPNxA
2011-10-03 22:40:08 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\Malwarebytes
2011-10-03 22:40:08 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\B999hTTXqjUCkIr
2011-10-03 22:38:59 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\zVVellIBtz
2011-10-03 22:37:55 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\vnnnF44amH5sJ
2011-10-03 22:37:50 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\hGG44amHH6WJ7E8
2011-10-03 22:37:45 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\uCCwwkUVr
2011-10-03 22:37:40 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\vkkkUVVrlOBtP0c
2011-10-03 22:37:36 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\I3oonnF4amH5WJd
2011-10-03 22:37:31 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\PwwjjUVVelI
2011-10-03 22:37:27 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\fQQJJ6ddEK
2011-10-03 22:37:22 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\cRRZZ9hTXwjU
2011-10-03 22:37:18 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\LCCeelIBBzPNyA
2011-10-03 22:37:13 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\qpmmmG5aQ
2011-10-03 22:37:09 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\h999hTTXqjUCkIr
2011-10-03 22:37:04 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\DkkkIIBrzONyA0v
2011-10-03 22:37:00 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\oeeekIIVrzOtxA
2011-10-03 22:36:54 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\C11uuvSS2oF
2011-10-03 22:36:48 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\hsJJ7ddEK
2011-10-03 22:36:42 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\y33oonFF4aH5sJ7
2011-10-03 22:36:38 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\oJJJ7ddEL8gqYXk
2011-10-03 22:36:32 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\OccSS1ivD3
2011-10-03 22:36:28 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\pddEEK8ggR9hYwU
2011-10-03 22:36:23 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\rH55ssQJ7dEK
2011-10-03 22:36:18 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\AivvDD2onF4pH5Q
2011-10-03 22:36:14 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\zQQJJ7ddEKgRZhY
2011-10-03 22:36:10 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\yFFF4ppmG5s
2011-10-03 22:36:05 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\hPPPNyyxA1uv
2011-10-03 22:36:01 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\wWWWK88fR9hTqjC
2011-10-03 22:34:56 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\vGGG5ssQJ6
2011-10-03 22:34:52 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\V11uuvSS2oF3
2011-10-03 22:34:48 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\TTTTXqqjU
2011-10-03 22:34:42 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\kFF44pmG5sQ6dK
2011-10-03 22:34:37 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\PlOOBtycA2nm5Qd
2011-10-03 22:34:32 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\WyccAA1ivD2oF4m
2011-10-03 22:34:27 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\SwwjjUUVelItzNy
2011-10-03 22:34:23 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\i88ffRLL9h
2011-10-03 22:34:19 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\vBBrrzOONyx0uS2
2011-10-03 22:34:14 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\eOOONyyxA0uS2b
2011-10-03 22:34:10 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\EXqqjjYCekIVrOt
2011-10-03 22:34:05 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\gD33ppnG4aQ
2011-10-03 22:34:01 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\olllONNtxP0
2011-10-03 22:33:54 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\n2oobbF3pmG5
2011-10-03 22:33:49 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\H111uvvS2ob
2011-10-03 22:33:44 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\x6ddWWK8fRL9TXj
2011-10-03 22:33:40 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\JOONNyxxA0uS
2011-10-03 22:33:35 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\FA000uvS2ibF
2011-10-03 22:33:27 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\t33ppnGG4aQ6sK7
2011-10-03 22:33:21 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\JgTTZZqjYCwkVrO
2011-10-03 22:33:17 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\YEEEL99gTZqjC
2011-10-03 22:33:12 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\lccSS1iib
2011-10-03 22:33:08 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\UYYYCwwkUVrlBtP
2011-10-03 22:33:03 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\OF44aamH5sWJdE8
2011-10-03 22:31:57 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\AuuuvDD2obFpm5s
2011-10-03 22:30:55 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\bjYYCCekIVr
2011-10-03 22:30:51 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\lSS22ibbD3pG4QH
2011-10-03 22:30:47 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\zttxxP00ycSiv3n
2011-10-03 22:30:42 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\IgRRZZqhYXwkUeO
2011-10-03 22:30:38 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\gddEEK8ggR9
2011-10-03 22:30:34 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\Y55ssQJJ6dE8fZ9
2011-10-03 22:30:29 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\qG55ssQJ6dEK
2011-10-03 22:30:25 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\rBBBrzzPN
2011-10-03 22:30:21 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\AWWWK88fRL9hXqU
2011-10-03 22:30:16 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\r00uuvSS2ib3pG5
2011-10-03 22:30:12 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\EwwkkIVrrlNtx0u
2011-10-03 22:30:08 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\D7ffEEL8gTZqYCk
2011-10-03 22:30:03 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\donnFF4amH5sJ7E
2011-10-03 22:28:57 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\pJJJ6ddEK8fR9hX
2011-10-03 22:28:52 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\nUCCeelIBrzPyx1
2011-10-03 22:28:48 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\PooobFF3pmGaQJ
2011-10-03 22:28:44 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\fIIBBrzOOyxA0
2011-10-03 22:28:39 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\J77ffEL9gTZq
2011-10-03 22:28:35 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\QkIIVVrlONtx0uS
2011-10-03 22:28:30 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\fammHH6sWJ7fE
2011-10-03 22:28:26 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\dZqqhhYCwkUVrOt
2011-10-03 22:28:22 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\JaammH55sWJdE8g
2011-10-03 22:28:16 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\F11iivD3o
2011-10-03 22:28:12 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\akkUUVrrlOtxP
2011-10-03 22:28:07 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\OYYYXwwkUVeOBzP
2011-10-03 22:28:02 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\zhhYYXwkUVelOtP
2011-10-03 22:26:57 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\h222iibD3pnG
2011-10-03 22:26:53 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\LkkkIVVrlON
2011-10-03 22:26:48 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\ljjjYCCwkIVlOtx
2011-10-03 22:26:43 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\c222ibbD3pnGaQ6
2011-10-03 22:26:37 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\ISSS2iibF3pG5QH
2011-10-03 22:26:33 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\appnnG44aQHsW7f
2011-10-03 22:26:28 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\CwwkkIVVrlNtx0
2011-10-03 22:26:24 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\zG44aamH6s
2011-10-03 22:26:20 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\kOOBBtxxP0yS1vD
2011-10-03 22:26:15 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\FsWWJJ7dEL8gRqY
2011-10-03 22:26:11 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\gellOOBtzP0
2011-10-03 22:26:06 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\EddE8gRZ9h
2011-10-03 22:26:02 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\kQQQJ66dEK8fZ9T
2011-10-03 22:25:57 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\gEKK88fRZ9hTwjC
2011-10-03 22:25:53 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\qxxAA1uvv2obFpG
2011-10-03 22:25:48 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\DfRRLL9hTXq
2011-10-03 22:25:44 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\ySS22ibFF3nG5Q6
2011-10-03 22:25:39 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\SbbbF33pnG5aH6W
2011-10-03 22:25:35 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\oqqqjjYCwkIVlOt
2011-10-03 22:25:30 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\gaaQQH66sWKfE9g
2011-10-03 22:25:25 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\o00uucS11iD3oG4
2011-10-03 22:25:21 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\BkkUUVrrlOBxPyc
2011-10-03 22:25:17 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\jH55sWWJ7dELgRq
2011-10-03 22:25:12 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\zRRRZqqhYXwUVlO
2011-10-03 22:11:15 -------- d-----we C:\Windows\system64
2011-10-03 22:09:42 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\i666sWWK7fE9gZq
2011-10-03 22:09:42 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\cYCCwwkIVrlONx0
2011-10-03 22:09:37 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\x333pnnG4aQ6sK
2011-10-03 22:09:37 -------- d--h--w- C:\Users\Kristopher\AppData\Roaming\BYCCeekIVrzONx0
.
==================== Find3M ====================
.
.
============= FINISH: 15:35:42.28 ===============

 

[Kristo92]

I hope this helps and again thank you for the quick response and it looks like you are definitely a malware annihilator!!!

 

[Broni]

I still need Attach.txt part of DDS.
Provide that and then....

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===========================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Kristo92]

Per request:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/10/2009 1:46:48 PM
System Uptime: 10/26/2011 2:40:21 PM (1 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz | N/A | 2401/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 50.277 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_9035104D&REV_12\4&2115C92E&0&1AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_9035104D&REV_12\4&2115C92E&0&1AF0
Service:
.
Class GUID:
Description:
Device ID: ACPI\SNY5001\4&3AAC68F8&0
Manufacturer:
Name:
PNP Device ID: ACPI\SNY5001\4&3AAC68F8&0
Service:
.
Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_9035104D&REV_03\3&11583659&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_9035104D&REV_03\3&11583659&0&FB
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.0.1)
Akamai NetSession Interface
Apple Application Support
Apple Software Update
ArcSoft WebCam Companion 2
AT&T Service & Support Tool
AT&T U-verse Setup
att.net Internet Mail
avast! Free Antivirus
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Copy
Corel WinDVD 2010
Coupon Printer for Windows
CyberLink PowerDVD 10
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Driver Download Manager
Destinations
DeviceDiscovery
DJ_AIO_06_F4500_SW_MIN
F4500
File Secure Pro Viewer
Full Tilt Poker
Google Chrome
Google Earth Plug-in
Google Update Helper
GPBaseService2
GT Invoice Maker v3.02
Halo 2 for Windows Vista
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Photo Creations
HP Update
HPPhotoGadget
HPProductAssistant
HPSSupply
iCall 7.0
Java Auto Updater
Java(TM) 6 Update 22
K-Lite Mega Codec Pack 6.0.4
Magic ISO Maker v5.4 (build 0239)
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
McAfee Security Scan Plus
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MotoConnect
Mozilla Firefox 7.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetZero Internet
NeuLion Adaptive Plugin
PDF Settings CS5
PeoplePC Online
PeoplePC Simple Switch
PokerStars
QuickTime
Realtek High Definition Audio Driver
Safari
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Shop Shield Internet Explorer Companion
Skins
SmartWebPrinting
SmartWi Connection Utility
SolutionCenter
Status
Toolbox
TrayApp
TuneUp Companion 1.7.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.17
Vuze
WebReg
.
==== Event Viewer Messages From Past Week ========
.
10/26/2011 12:22:14 AM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
10/26/2011 12:22:14 AM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
10/26/2011 11:34:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
10/26/2011 11:34:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
10/26/2011 11:24:22 AM, Error: EventLog [6008] - The previous system shutdown at 11:22:11 AM on 10/26/2011 was unexpected.
10/26/2011 11:15:34 AM, Error: EventLog [6008] - The previous system shutdown at 11:13:33 AM on 10/26/2011 was unexpected.
10/26/2011 10:41:58 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DMICall spldr Wanarpv6
10/26/2011 10:41:21 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
10/26/2011 10:40:56 AM, Error: EventLog [6008] - The previous system shutdown at 10:39:03 AM on 10/26/2011 was unexpected.
10/26/2011 10:12:06 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
10/26/2011 10:03:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/26/2011 10:03:12 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC DMICall NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
10/26/2011 10:03:12 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/26/2011 10:03:12 AM, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
10/26/2011 10:03:12 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/26/2011 10:03:12 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
10/26/2011 10:03:12 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/26/2011 10:03:12 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/26/2011 10:03:12 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/26/2011 10:03:12 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/26/2011 10:03:12 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
10/26/2011 10:03:12 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
10/26/2011 10:03:12 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/26/2011 10:03:12 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/26/2011 10:03:12 AM, Error: Service Control Manager [7001] - The MotoConnect Service service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
10/26/2011 10:03:12 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/26/2011 10:03:12 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/26/2011 10:03:12 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/26/2011 10:03:12 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/26/2011 10:03:12 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
10/26/2011 10:02:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/26/2011 10:02:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/26/2011 10:02:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
10/26/2011 10:02:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/26/2011 10:02:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/26/2011 10:02:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/26/2011 10:02:06 AM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
10/26/2011 10:02:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
10/26/2011 10:02:04 AM, Error: EventLog [6008] - The previous system shutdown at 9:59:55 AM on 10/26/2011 was unexpected.
10/25/2011 11:47:25 PM, Error: Schannel [36874] - An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
10/25/2011 10:23:08 PM, Error: EventLog [6008] - The previous system shutdown at 10:20:33 PM on 10/25/2011 was unexpected.
10/25/2011 10:13:38 PM, Error: Microsoft-Windows-Eventlog [22] - The event logging service encountered an error while initializing publishing resources for channel DebugChannel. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.
10/24/2011 11:12:30 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
10/24/2011 11:12:30 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/24/2011 11:11:47 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
10/24/2011 11:11:47 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/24/2011 11:08:22 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DMICall
10/24/2011 11:08:22 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
10/24/2011 11:08:22 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
10/24/2011 11:07:48 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\DRIVERS\DMICall.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================

 

[Kristo92]

Hey there. I am having some troubles running the combofix program! After i have disabled malwarebytes and the avant virus protection, i run the combofix program in administrator mode. The program will start and will get to "completed step 50" and it will hang up and sit there. I have attempted running the program now 4-5 times all with the same results. Any help would be appreciated. Thank you

 

[Kristo92]

Here is the RKILL log

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 10/03/2011 at 15:34:36.
Operating System: Windows (TM) Vista Home Premium


Processes terminated by Rkill or while it was running:

C:\Windows\SysWOW64\NCCCekkIBrz.exe


Rkill completed on 10/03/2011 at 15:34:48.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 10/26/2011 at 10:30:38.
Operating System: Windows (TM) Vista Home Premium


Processes terminated by Rkill or while it was running:

Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 10/26/2011 at 10:33:30.
Operating System: Windows (TM) Vista Home Premium


Processes terminated by Rkill or while it was running:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe


--- ATTENTION ---

Windows was configured to use a proxy! Proxy settings have been removed.

The Proxy Server that was configured is: http=127.0.0.1:51232

If this was a valid setting, please double-click on the rk-proxy.reg file on your desktop and allow the data to be merged to restore your proxy settings.


Rkill completed on 10/26/2011 at 10:34:47.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 10/26/2011 at 10:46:55.
Operating System: Windows (TM) Vista Home Premium


Processes terminated by Rkill or while it was running:

Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 10/26/2011 at 10:54:27.
Operating System: Windows (TM) Vista Home Premium


Processes terminated by Rkill or while it was running:



--- ATTENTION ---

Windows was configured to use a proxy! Proxy settings have been removed.

The Proxy Server that was configured is: http=127.0.0.1:55657

If this was a valid setting, please double-click on the rk-proxy.reg file on your desktop and allow the data to be merged to restore your proxy settings.


Rkill completed on 10/26/2011 at 10:55:40.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 10/26/2011 at 11:22:08.
Operating System: Windows (TM) Vista Home Premium


Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 10/27/2011 at 14:34:23.
Operating System: Windows (TM) Vista Home Premium


Processes terminated by Rkill or while it was running:



--- ATTENTION ---

Windows was configured to use a proxy! Proxy settings have been removed.

The Proxy Server that was configured is:

If this was a valid setting, please double-click on the rk-proxy.reg file on your desktop and allow the data to be merged to restore your proxy settings.


Rkill completed on 10/27/2011 at 14:34:26.

 

[Kristo92]

Combofix per request!

ComboFix 11-10-27.06 - Kristopher 10/27/2011 14:42:12.3.2 - x64 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4062.3330 [GMT -7:00]
Running from: c:\users\Kristopher\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1kAlMiG2Kb7FzP.exe
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\programdata\saXsAQWSemKq.exe
c:\users\Kristopher\AppData\Local\{45222F64-B4F8-4C23-A032-719D109E314C}
c:\users\Kristopher\AppData\Local\{45222F64-B4F8-4C23-A032-719D109E314C}\chrome.manifest
c:\users\Kristopher\AppData\Local\{45222F64-B4F8-4C23-A032-719D109E314C}\chrome\content\_cfg.js
c:\users\Kristopher\AppData\Local\{45222F64-B4F8-4C23-A032-719D109E314C}\chrome\content\overlay.xul
c:\users\Kristopher\AppData\Local\{45222F64-B4F8-4C23-A032-719D109E314C}\install.rdf
c:\users\Kristopher\AppData\Roaming\AfELB1ivDoF5W7E
c:\users\Kristopher\AppData\Roaming\AfELB1ivDoF5W7E\System Security 2011.ico
c:\users\Kristopher\AppData\Roaming\cYCCwwkIVrlONx0Open Cloud AV.ico
c:\users\Kristopher\AppData\Roaming\FfRL9hTXqUeIrOy
c:\users\Kristopher\AppData\Roaming\FfRL9hTXqUeIrOy\System Security 2011.ico
c:\users\Kristopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
c:\users\Kristopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\System Restore.lnk
c:\users\Kristopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
c:\users\Kristopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security 2011
c:\users\Kristopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security 2011\System Security 2011.lnk
c:\users\Kristopher\AppData\Roaming\QXqjeekIBrzONx0
c:\users\Kristopher\AppData\Roaming\QXqjeekIBrzONx0\System Security 2011.ico
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\00000002.@
c:\windows\assembly\tmp\U\00000004.@
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\80000004.@
c:\windows\assembly\tmp\U\80000064.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.dll
c:\windows\system64
.
.
((((((((((((((((((((((((( Files Created from 2011-09-27 to 2011-10-27 )))))))))))))))))))))))))))))))
.
.
2011-10-27 21:50 . 2011-10-27 21:50 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2011-10-27 21:50 . 2011-10-27 21:50 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2011-10-27 21:50 . 2011-10-27 21:50 -------- d-----w- c:\users\Kristopher\AppData\Local\temp
2011-10-27 21:50 . 2011-10-27 21:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-26 21:20 . 2011-09-01 00:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-26 21:11 . 2011-10-26 21:11 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\ezPNcA1uvDo
2011-10-26 21:10 . 2011-10-26 21:31 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\kamH5sWJ7E8
2011-10-26 21:10 . 2011-10-26 21:10 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\nmH6sWJ7fLgZhCk
2011-10-26 21:10 . 2011-10-26 21:10 107520 ---ha-w- c:\users\Kristopher\AppData\Roaming\Microsoft\04AC\7CC0.tmp
2011-10-26 21:10 . 2011-10-26 21:10 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\EuvD2obF4m5Q6E8
2011-10-26 21:10 . 2011-10-26 21:10 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\DONtxP0uc1b3n4m
2011-10-26 18:34 . 2011-09-06 20:38 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-10-26 18:34 . 2011-09-06 20:36 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-10-26 18:34 . 2011-09-06 20:36 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-10-26 18:34 . 2011-09-06 20:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-26 18:34 . 2011-09-06 20:36 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-10-26 18:34 . 2011-09-06 20:36 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-10-26 18:34 . 2011-09-06 20:45 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-10-26 18:34 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-10-26 18:34 . 2011-09-06 20:45 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-10-26 18:34 . 2011-10-26 18:34 -------- d--h--w- c:\programdata\AVAST Software
2011-10-26 18:34 . 2011-10-26 18:34 -------- d-----w- c:\program files\AVAST Software
2011-10-26 17:08 . 2011-10-26 17:08 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\Microsoft Corporation
2011-10-26 17:08 . 2011-10-26 17:08 -------- d--h--w- c:\users\Kristopher\AppData\Local\assembly
2011-10-26 17:07 . 2011-10-26 17:07 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\mTXqjYCekVzNx0c
2011-10-26 17:07 . 2011-10-26 17:07 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\opnG4aQH6W7E9Tq
2011-10-26 17:07 . 2011-10-26 21:31 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\KH6sWJ7fE8TqYwU
2011-10-26 17:07 . 2011-10-26 17:07 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\GxA1uvS2b3m5Q6W
2011-10-26 17:07 . 2011-10-26 17:07 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\ebF3pnG5aHdKfLg
2011-10-26 07:28 . 2011-10-27 01:00 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\7D37E
2011-10-26 07:28 . 2011-10-26 07:28 107520 ---ha-w- c:\users\Kristopher\AppData\Roaming\Microsoft\04AC\5CBF.tmp
2011-10-26 07:28 . 2011-10-27 02:11 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\CF67D
2011-10-26 07:28 . 2011-10-26 07:28 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\jmG5aQJ6dKfLh
2011-10-26 07:28 . 2011-10-26 07:28 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\Zy1SbF3pm5Q6W8R
2011-10-26 07:27 . 2011-10-27 01:00 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\UWJ7dEL8gZhXkV
2011-10-26 07:27 . 2011-10-26 07:27 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\w4am6sWJ7E8Tq
2011-10-26 06:47 . 2011-10-26 18:11 -------- d-----w- c:\program files (x86)\7D37E
2011-10-26 06:46 . 2011-10-26 06:46 -------- d-----w- c:\program files (x86)\LP
2011-10-26 05:43 . 2011-10-26 05:44 315702 ----a-w- c:\windows\SysWow64\PerfStringBackup.TMP
2011-10-26 05:21 . 2011-10-27 21:33 315702 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-10-21 08:52 . 2011-10-07 04:16 8570192 ---ha-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A70A73D3-083E-47D6-8392-6F3D616B15C8}\mpengine.dll
2011-10-05 00:39 . 2011-10-05 00:39 -------- d--h--w- c:\windows\Sun
2011-10-03 22:40 . 2011-10-03 22:40 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\LRRZ9hhTXwjClIr
2011-10-03 22:40 . 2011-10-03 22:40 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\CxxxA11uvS2oF3
2011-10-03 22:40 . 2011-10-03 22:40 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\hdEEKK8fRZ9h
2011-10-03 22:40 . 2011-10-03 22:40 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\uzzzPNNyxA1vSob
2011-10-03 22:40 . 2011-10-03 22:40 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\JzzzPNNyxA1uS2b
2011-10-03 22:40 . 2011-10-03 22:40 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\wKK88fRRZhTwjCe
2011-10-03 22:40 . 2011-10-03 22:40 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\yUUCCelIIBzPNxA
2011-10-03 22:40 . 2011-10-03 22:40 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\Malwarebytes
2011-10-03 22:40 . 2011-10-03 22:40 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\B999hTTXqjUCkIr
2011-10-03 22:38 . 2011-10-03 22:38 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\zVVellIBtz
2011-10-03 22:37 . 2011-10-03 22:37 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\vnnnF44amH5sJ
2011-10-03 22:37 . 2011-10-03 22:37 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\hGG44amHH6WJ7E8
2011-10-03 22:37 . 2011-10-03 22:37 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\uCCwwkUVr
2011-10-03 22:37 . 2011-10-03 22:37 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\vkkkUVVrlOBtP0c
2011-10-03 22:37 . 2011-10-03 22:37 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\I3oonnF4amH5WJd
2011-10-03 22:37 . 2011-10-03 22:37 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\PwwjjUVVelI
2011-10-03 22:37 . 2011-10-03 22:37 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\fQQJJ6ddEK
2011-10-03 22:37 . 2011-10-03 22:37 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\cRRZZ9hTXwjU
2011-10-03 22:37 . 2011-10-03 22:37 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\LCCeelIBBzPNyA
2011-10-03 22:37 . 2011-10-03 22:37 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\qpmmmG5aQ
2011-10-03 22:37 . 2011-10-03 22:37 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\h999hTTXqjUCkIr
2011-10-03 22:37 . 2011-10-03 22:37 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\DkkkIIBrzONyA0v
2011-10-03 22:37 . 2011-10-03 22:37 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\oeeekIIVrzOtxA
2011-10-03 22:36 . 2011-10-03 22:36 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\C11uuvSS2oF
2011-10-03 22:36 . 2011-10-03 22:36 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\hsJJ7ddEK
2011-10-03 22:36 . 2011-10-03 22:36 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\y33oonFF4aH5sJ7
2011-10-03 22:36 . 2011-10-03 22:36 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\oJJJ7ddEL8gqYXk
2011-10-03 22:36 . 2011-10-03 22:36 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\OccSS1ivD3
2011-10-03 22:36 . 2011-10-03 22:36 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\pddEEK8ggR9hYwU
2011-10-03 22:36 . 2011-10-03 22:36 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\rH55ssQJ7dEK
2011-10-03 22:36 . 2011-10-03 22:36 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\AivvDD2onF4pH5Q
2011-10-03 22:36 . 2011-10-03 22:36 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\zQQJJ7ddEKgRZhY
2011-10-03 22:36 . 2011-10-03 22:36 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\yFFF4ppmG5s
2011-10-03 22:36 . 2011-10-03 22:36 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\hPPPNyyxA1uv
2011-10-03 22:36 . 2011-10-03 22:36 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\wWWWK88fR9hTqjC
2011-10-03 22:34 . 2011-10-03 22:34 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\vGGG5ssQJ6
2011-10-03 22:34 . 2011-10-03 22:34 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\V11uuvSS2oF3
2011-10-03 22:34 . 2011-10-03 22:34 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\TTTTXqqjU
2011-10-03 22:34 . 2011-10-03 22:34 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\kFF44pmG5sQ6dK
2011-10-03 22:34 . 2011-10-03 22:34 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\PlOOBtycA2nm5Qd
2011-10-03 22:34 . 2011-10-03 22:34 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\WyccAA1ivD2oF4m
2011-10-03 22:34 . 2011-10-03 22:34 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\SwwjjUUVelItzNy
2011-10-03 22:34 . 2011-10-03 22:34 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\i88ffRLL9h
2011-10-03 22:34 . 2011-10-03 22:34 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\vBBrrzOONyx0uS2
2011-10-03 22:34 . 2011-10-03 22:34 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\eOOONyyxA0uS2b
2011-10-03 22:34 . 2011-10-03 22:34 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\EXqqjjYCekIVrOt
2011-10-03 22:34 . 2011-10-03 22:34 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\gD33ppnG4aQ
2011-10-03 22:34 . 2011-10-03 22:34 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\olllONNtxP0
2011-10-03 22:33 . 2011-10-03 22:33 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\n2oobbF3pmG5
2011-10-03 22:33 . 2011-10-03 22:33 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\H111uvvS2ob
2011-10-03 22:33 . 2011-10-03 22:33 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\x6ddWWK8fRL9TXj
2011-10-03 22:33 . 2011-10-03 22:33 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\JOONNyxxA0uS
2011-10-03 22:33 . 2011-10-03 22:33 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\FA000uvS2ibF
2011-10-03 22:33 . 2011-10-03 22:33 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\t33ppnGG4aQ6sK7
2011-10-03 22:33 . 2011-10-03 22:33 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\JgTTZZqjYCwkVrO
2011-10-03 22:33 . 2011-10-03 22:33 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\YEEEL99gTZqjC
2011-10-03 22:33 . 2011-10-03 22:33 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\lccSS1iib
2011-10-03 22:33 . 2011-10-03 22:33 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\UYYYCwwkUVrlBtP
2011-10-03 22:33 . 2011-10-03 22:33 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\OF44aamH5sWJdE8
2011-10-03 22:31 . 2011-10-03 22:31 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\AuuuvDD2obFpm5s
2011-10-03 22:30 . 2011-10-03 22:30 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\bjYYCCekIVr
2011-10-03 22:30 . 2011-10-03 22:30 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\lSS22ibbD3pG4QH
2011-10-03 22:30 . 2011-10-03 22:30 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\zttxxP00ycSiv3n
2011-10-03 22:30 . 2011-10-03 22:30 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\IgRRZZqhYXwkUeO
2011-10-03 22:30 . 2011-10-03 22:30 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\gddEEK8ggR9
2011-10-03 22:30 . 2011-10-03 22:30 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\Y55ssQJJ6dE8fZ9
2011-10-03 22:30 . 2011-10-03 22:30 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\qG55ssQJ6dEK
2011-10-03 22:30 . 2011-10-03 22:30 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\rBBBrzzPN
2011-10-03 22:30 . 2011-10-03 22:30 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\AWWWK88fRL9hXqU
2011-10-03 22:30 . 2011-10-03 22:30 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\r00uuvSS2ib3pG5
2011-10-03 22:30 . 2011-10-03 22:30 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\EwwkkIVrrlNtx0u
2011-10-03 22:30 . 2011-10-03 22:30 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\D7ffEEL8gTZqYCk
2011-10-03 22:30 . 2011-10-03 22:30 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\donnFF4amH5sJ7E
2011-10-03 22:28 . 2011-10-03 22:28 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\pJJJ6ddEK8fR9hX
2011-10-03 22:28 . 2011-10-03 22:28 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\nUCCeelIBrzPyx1
2011-10-03 22:28 . 2011-10-03 22:28 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\PooobFF3pmGaQJ
2011-10-03 22:28 . 2011-10-03 22:28 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\fIIBBrzOOyxA0
2011-10-03 22:28 . 2011-10-03 22:28 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\J77ffEL9gTZq
2011-10-03 22:28 . 2011-10-03 22:28 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\QkIIVVrlONtx0uS
2011-10-03 22:28 . 2011-10-03 22:28 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\fammHH6sWJ7fE
2011-10-03 22:28 . 2011-10-03 22:28 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\dZqqhhYCwkUVrOt
2011-10-03 22:28 . 2011-10-03 22:28 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\JaammH55sWJdE8g
2011-10-03 22:28 . 2011-10-03 22:28 -------- d--h--w- c:\users\Kristopher\AppData\Roaming\F11iivD3o
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6e0173e2-c764-490f-8035-d4c8091774a8}]
2010-08-16 20:12 466944 ---ha-w- c:\program files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{596de2ef-c6de-400f-9f8d-288fed8e323d}"= "c:\program files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader.dll" [2010-08-16 466944]
.
[HKEY_CLASSES_ROOT\clsid\{596de2ef-c6de-400f-9f8d-288fed8e323d}]
[HKEY_CLASSES_ROOT\ShopShieldCompanion.ToolBar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"NetZero_uoltray"="c:\program files (x86)\NetZero\exec.exe" [2010-06-29 1776640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmartWiHelper"="c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" [2008-08-19 77824]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-04-02 75048]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-15 61440]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Bart Station"="c:\program files (x86)\PeoplePC\ISP8330\BIN\PPCOLink.exe" [2010-07-15 25936]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-20 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"Malwarebytes' Anti-Malware"="c:\users\Kristopher\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Motive Update"="c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.dll" [2011-10-05 132608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/06/07 08:26];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-04-02 16:11 146928]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 136176]
R2 MBAMService;MBAMService;c:\users\Kristopher\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
R2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-09-21 517632]
R2 McciServiceHost;McciServiceHost;c:\program files (x86)\Common Files\Motive\McciServiceHost.exe [2010-07-27 315392]
R2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2009-11-25 91392]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-09-18 139808]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 23:34]
.
2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 23:34]
.
2011-10-27 c:\windows\Tasks\User_Feed_Synchronization-{C3CEC2E4-8A50-4FE7-AD63-91F66B08230C}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6e0173e2-c764-490f-8035-d4c8091774a8}]
2010-08-16 20:12 664576 ---ha-w- c:\program files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{596de2ef-c6de-400f-9f8d-288fed8e323d}"= "c:\program files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader64.dll" [2010-08-16 664576]
.
[HKEY_CLASSES_ROOT\CLSID\{596de2ef-c6de-400f-9f8d-288fed8e323d}]
[HKEY_CLASSES_ROOT\ShopShieldCompanion.ToolBar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6453760]
"Skytel"="Skytel.exe" [2008-09-18 1826816]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-09-19 152576]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 3453440]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://att.my.yahoo.com/
mLocal Page = %SystemRoot%\system32\blank.htm
IE: Display All Images with Full Quality - "c:\program files (x86)\NetZero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files (x86)\NetZero\qsacc\appres.dll/227"
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{89D719AD-0468-4539-BC75-8E59699E7912} - {89D719AD-0468-4539-BC75-8E59699E7912} - c:\program files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader.dll
Trusted Zone: $talisma_url$
Trusted Zone: netzero.com
Trusted Zone: netzero.net
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Kristopher\AppData\Roaming\Mozilla\Firefox\Profiles\4un0vwqr.default\
FF - prefs.js: browser.search.selectedEngine - Web Search...
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?utm_source=en-ha-na-us-sk&utm_medium=ha&referrer=ign_n
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 55192
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-saXsAQWSemKq.exe - c:\programdata\saXsAQWSemKq.exe
Wow6432Node-HKU-Default-Run-volmgr - c:\windows\system32\config\systemprofile\AppData\Local\volmgr.exe
AddRemove-Yahoo! Mail - c:\windows\system32\regsvr32
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-27 14:55:09
ComboFix-quarantined-files.txt 2011-10-27 21:55
.
Pre-Run: 64,710,361,088 bytes free
Post-Run: 64,601,169,920 bytes free
.
- - End Of File - - 6A58C15F62214111AF1EB3DDDCE87138

 

[Broni]

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box
• Click OK

Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Folder::
c:\users\Kristopher\AppData\Roaming\DONtxP0uc1b3n4m
c:\users\Kristopher\AppData\Roaming\EuvD2obF4m5Q6E8
c:\users\Kristopher\AppData\Roaming\Microsoft\04AC\7CC0.tmp
c:\users\Kristopher\AppData\Roaming\nmH6sWJ7fLgZhCk
c:\users\Kristopher\AppData\Roaming\kamH5sWJ7E8
c:\users\Kristopher\AppData\Roaming\ezPNcA1uvDo
c:\users\Kristopher\AppData\Roaming\w4am6sWJ7E8Tq
c:\users\Kristopher\AppData\Roaming\UWJ7dEL8gZhXkV
c:\users\Kristopher\AppData\Roaming\Zy1SbF3pm5Q6W8R
c:\users\Kristopher\AppData\Roaming\jmG5aQJ6dKfLh
c:\users\Kristopher\AppData\Roaming\CF67D
c:\users\Kristopher\AppData\Roaming\Microsoft\04AC\5CBF.tmp
c:\users\Kristopher\AppData\Roaming\7D37E
c:\users\Kristopher\AppData\Roaming\ebF3pnG5aHdKfLg
c:\users\Kristopher\AppData\Roaming\GxA1uvS2b3m5Q6W
c:\users\Kristopher\AppData\Roaming\KH6sWJ7fE8TqYwU
c:\users\Kristopher\AppData\Roaming\opnG4aQH6W7E9Tq
c:\users\Kristopher\AppData\Roaming\mTXqjYCekVzNx0c
c:\users\Kristopher\AppData\Roaming\yUUCCelIIBzPNxA
c:\users\Kristopher\AppData\Roaming\wKK88fRRZhTwjCe
c:\users\Kristopher\AppData\Roaming\JzzzPNNyxA1uS2b
c:\users\Kristopher\AppData\Roaming\uzzzPNNyxA1vSob
c:\users\Kristopher\AppData\Roaming\hdEEKK8fRZ9h
c:\users\Kristopher\AppData\Roaming\CxxxA11uvS2oF3
c:\users\Kristopher\AppData\Roaming\LRRZ9hhTXwjClIr
c:\users\Kristopher\AppData\Roaming\OccSS1ivD3
c:\users\Kristopher\AppData\Roaming\oJJJ7ddEL8gqYXk
c:\users\Kristopher\AppData\Roaming\y33oonFF4aH5sJ7
c:\users\Kristopher\AppData\Roaming\hsJJ7ddEK
c:\users\Kristopher\AppData\Roaming\C11uuvSS2oF
c:\users\Kristopher\AppData\Roaming\oeeekIIVrzOtxA
c:\users\Kristopher\AppData\Roaming\DkkkIIBrzONyA0v
c:\users\Kristopher\AppData\Roaming\h999hTTXqjUCkIr
c:\users\Kristopher\AppData\Roaming\qpmmmG5aQ
c:\users\Kristopher\AppData\Roaming\LCCeelIBBzPNyA
c:\users\Kristopher\AppData\Roaming\cRRZZ9hTXwjU
c:\users\Kristopher\AppData\Roaming\fQQJJ6ddEK
c:\users\Kristopher\AppData\Roaming\PwwjjUVVelI
c:\users\Kristopher\AppData\Roaming\I3oonnF4amH5WJd
c:\users\Kristopher\AppData\Roaming\vkkkUVVrlOBtP0c
c:\users\Kristopher\AppData\Roaming\uCCwwkUVr
c:\users\Kristopher\AppData\Roaming\hGG44amHH6WJ7E8
c:\users\Kristopher\AppData\Roaming\vnnnF44amH5sJ
c:\users\Kristopher\AppData\Roaming\zVVellIBtz
c:\users\Kristopher\AppData\Roaming\B999hTTXqjUCkIr
c:\users\Kristopher\AppData\Roaming\vGGG5ssQJ6
c:\users\Kristopher\AppData\Roaming\wWWWK88fR9hTqjC
c:\users\Kristopher\AppData\Roaming\hPPPNyyxA1uv
c:\users\Kristopher\AppData\Roaming\yFFF4ppmG5s
c:\users\Kristopher\AppData\Roaming\zQQJJ7ddEKgRZhY
c:\users\Kristopher\AppData\Roaming\AivvDD2onF4pH5Q
c:\users\Kristopher\AppData\Roaming\rH55ssQJ7dEK
c:\users\Kristopher\AppData\Roaming\pddEEK8ggR9hYwU
c:\users\Kristopher\AppData\Roaming\V11uuvSS2oF3
c:\users\Kristopher\AppData\Roaming\FA000uvS2ibF
c:\users\Kristopher\AppData\Roaming\JOONNyxxA0uS
c:\users\Kristopher\AppData\Roaming\x6ddWWK8fRL9TXj
c:\users\Kristopher\AppData\Roaming\H111uvvS2ob
c:\users\Kristopher\AppData\Roaming\n2oobbF3pmG5
c:\users\Kristopher\AppData\Roaming\olllONNtxP0
c:\users\Kristopher\AppData\Roaming\gD33ppnG4aQ
c:\users\Kristopher\AppData\Roaming\EXqqjjYCekIVrOt
c:\users\Kristopher\AppData\Roaming\eOOONyyxA0uS2b
c:\users\Kristopher\AppData\Roaming\vBBrrzOONyx0uS2
c:\users\Kristopher\AppData\Roaming\i88ffRLL9h
c:\users\Kristopher\AppData\Roaming\SwwjjUUVelItzNy
c:\users\Kristopher\AppData\Roaming\WyccAA1ivD2oF4m
c:\users\Kristopher\AppData\Roaming\PlOOBtycA2nm5Qd
c:\users\Kristopher\AppData\Roaming\kFF44pmG5sQ6dK
c:\users\Kristopher\AppData\Roaming\TTTTXqqjU
c:\users\Kristopher\AppData\Roaming\F11iivD3o
c:\users\Kristopher\AppData\Roaming\JaammH55sWJdE8g
c:\users\Kristopher\AppData\Roaming\dZqqhhYCwkUVrOt
c:\users\Kristopher\AppData\Roaming\fammHH6sWJ7fE
c:\users\Kristopher\AppData\Roaming\QkIIVVrlONtx0uS
c:\users\Kristopher\AppData\Roaming\J77ffEL9gTZq
c:\users\Kristopher\AppData\Roaming\fIIBBrzOOyxA0
c:\users\Kristopher\AppData\Roaming\PooobFF3pmGaQJ
c:\users\Kristopher\AppData\Roaming\nUCCeelIBrzPyx1
c:\users\Kristopher\AppData\Roaming\pJJJ6ddEK8fR9hX
c:\users\Kristopher\AppData\Roaming\donnFF4amH5sJ7E
c:\users\Kristopher\AppData\Roaming\D7ffEEL8gTZqYCk
c:\users\Kristopher\AppData\Roaming\EwwkkIVrrlNtx0u
c:\users\Kristopher\AppData\Roaming\r00uuvSS2ib3pG5
c:\users\Kristopher\AppData\Roaming\AWWWK88fRL9hXqU
c:\users\Kristopher\AppData\Roaming\rBBBrzzPN
c:\users\Kristopher\AppData\Roaming\qG55ssQJ6dEK
c:\users\Kristopher\AppData\Roaming\Y55ssQJJ6dE8fZ9
c:\users\Kristopher\AppData\Roaming\gddEEK8ggR9
c:\users\Kristopher\AppData\Roaming\IgRRZZqhYXwkUeO
c:\users\Kristopher\AppData\Roaming\zttxxP00ycSiv3n
c:\users\Kristopher\AppData\Roaming\lSS22ibbD3pG4QH
c:\users\Kristopher\AppData\Roaming\bjYYCCekIVr
c:\users\Kristopher\AppData\Roaming\AuuuvDD2obFpm5s
c:\users\Kristopher\AppData\Roaming\OF44aamH5sWJdE8
c:\users\Kristopher\AppData\Roaming\UYYYCwwkUVrlBtP
c:\users\Kristopher\AppData\Roaming\lccSS1iib
c:\users\Kristopher\AppData\Roaming\YEEEL99gTZqjC
c:\users\Kristopher\AppData\Roaming\JgTTZZqjYCwkVrO
c:\users\Kristopher\AppData\Roaming\t33ppnGG4aQ6sK7


DDS::
Trusted Zone: $talisma_url$
Trusted Zone: netzero.com
Trusted Zone: netzero.net

FireFox::
FF - ProfilePath - c:\users\Kristopher\AppData\Roaming\Mozilla\Firefox\Profiles\4un0vwqr.defau lt\
FF - prefs.js: network.proxy.http_port - 55192

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[Kristo92]

Updated combofix log:

ComboFix 11-10-27.06 - Kristopher 10/28/2011 10:27:46.3.2 - x64 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4062.3259 [GMT -7:00]
Running from: c:\users\Kristopher\Desktop\ComboFix.exe
Command switches used :: c:\users\Kristopher\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kristopher\AppData\Roaming\7D37E
c:\users\Kristopher\AppData\Roaming\AivvDD2onF4pH5Q
c:\users\Kristopher\AppData\Roaming\AuuuvDD2obFpm5s
c:\users\Kristopher\AppData\Roaming\AWWWK88fRL9hXqU
c:\users\Kristopher\AppData\Roaming\B999hTTXqjUCkIr
c:\users\Kristopher\AppData\Roaming\bjYYCCekIVr
c:\users\Kristopher\AppData\Roaming\C11uuvSS2oF
c:\users\Kristopher\AppData\Roaming\CF67D
c:\users\Kristopher\AppData\Roaming\cRRZZ9hTXwjU
c:\users\Kristopher\AppData\Roaming\CxxxA11uvS2oF3
c:\users\Kristopher\AppData\Roaming\D7ffEEL8gTZqYCk
c:\users\Kristopher\AppData\Roaming\DkkkIIBrzONyA0v
c:\users\Kristopher\AppData\Roaming\donnFF4amH5sJ7E
c:\users\Kristopher\AppData\Roaming\DONtxP0uc1b3n4m
c:\users\Kristopher\AppData\Roaming\dZqqhhYCwkUVrOt
c:\users\Kristopher\AppData\Roaming\ebF3pnG5aHdKfLg
c:\users\Kristopher\AppData\Roaming\eOOONyyxA0uS2b
c:\users\Kristopher\AppData\Roaming\EuvD2obF4m5Q6E8
c:\users\Kristopher\AppData\Roaming\EwwkkIVrrlNtx0u
c:\users\Kristopher\AppData\Roaming\EXqqjjYCekIVrOt
c:\users\Kristopher\AppData\Roaming\ezPNcA1uvDo
c:\users\Kristopher\AppData\Roaming\F11iivD3o
c:\users\Kristopher\AppData\Roaming\FA000uvS2ibF
c:\users\Kristopher\AppData\Roaming\fammHH6sWJ7fE
c:\users\Kristopher\AppData\Roaming\fIIBBrzOOyxA0
c:\users\Kristopher\AppData\Roaming\fQQJJ6ddEK
c:\users\Kristopher\AppData\Roaming\gD33ppnG4aQ
c:\users\Kristopher\AppData\Roaming\gddEEK8ggR9
c:\users\Kristopher\AppData\Roaming\GxA1uvS2b3m5Q6W
c:\users\Kristopher\AppData\Roaming\H111uvvS2ob
c:\users\Kristopher\AppData\Roaming\h999hTTXqjUCkIr
c:\users\Kristopher\AppData\Roaming\hdEEKK8fRZ9h
c:\users\Kristopher\AppData\Roaming\hGG44amHH6WJ7E8
c:\users\Kristopher\AppData\Roaming\hPPPNyyxA1uv
c:\users\Kristopher\AppData\Roaming\hsJJ7ddEK
c:\users\Kristopher\AppData\Roaming\I3oonnF4amH5WJd
c:\users\Kristopher\AppData\Roaming\i88ffRLL9h
c:\users\Kristopher\AppData\Roaming\IgRRZZqhYXwkUeO
c:\users\Kristopher\AppData\Roaming\J77ffEL9gTZq
c:\users\Kristopher\AppData\Roaming\JaammH55sWJdE8g
c:\users\Kristopher\AppData\Roaming\JgTTZZqjYCwkVrO
c:\users\Kristopher\AppData\Roaming\jmG5aQJ6dKfLh
c:\users\Kristopher\AppData\Roaming\JOONNyxxA0uS
c:\users\Kristopher\AppData\Roaming\JzzzPNNyxA1uS2b
c:\users\Kristopher\AppData\Roaming\kamH5sWJ7E8
c:\users\Kristopher\AppData\Roaming\kFF44pmG5sQ6dK
c:\users\Kristopher\AppData\Roaming\KH6sWJ7fE8TqYwU
c:\users\Kristopher\AppData\Roaming\LCCeelIBBzPNyA
c:\users\Kristopher\AppData\Roaming\lccSS1iib
c:\users\Kristopher\AppData\Roaming\LRRZ9hhTXwjClIr
c:\users\Kristopher\AppData\Roaming\lSS22ibbD3pG4QH
c:\users\Kristopher\AppData\Roaming\mTXqjYCekVzNx0c
c:\users\Kristopher\AppData\Roaming\n2oobbF3pmG5
c:\users\Kristopher\AppData\Roaming\nmH6sWJ7fLgZhCk
c:\users\Kristopher\AppData\Roaming\nUCCeelIBrzPyx1
c:\users\Kristopher\AppData\Roaming\OccSS1ivD3
c:\users\Kristopher\AppData\Roaming\oeeekIIVrzOtxA
c:\users\Kristopher\AppData\Roaming\OF44aamH5sWJdE8
c:\users\Kristopher\AppData\Roaming\oJJJ7ddEL8gqYXk
c:\users\Kristopher\AppData\Roaming\olllONNtxP0
c:\users\Kristopher\AppData\Roaming\opnG4aQH6W7E9Tq
c:\users\Kristopher\AppData\Roaming\pddEEK8ggR9hYwU
c:\users\Kristopher\AppData\Roaming\pJJJ6ddEK8fR9hX
c:\users\Kristopher\AppData\Roaming\PlOOBtycA2nm5Qd
c:\users\Kristopher\AppData\Roaming\PooobFF3pmGaQJ
c:\users\Kristopher\AppData\Roaming\PwwjjUVVelI
c:\users\Kristopher\AppData\Roaming\qG55ssQJ6dEK
c:\users\Kristopher\AppData\Roaming\QkIIVVrlONtx0uS
c:\users\Kristopher\AppData\Roaming\qpmmmG5aQ
c:\users\Kristopher\AppData\Roaming\r00uuvSS2ib3pG5
c:\users\Kristopher\AppData\Roaming\rBBBrzzPN
c:\users\Kristopher\AppData\Roaming\rH55ssQJ7dEK
c:\users\Kristopher\AppData\Roaming\SwwjjUUVelItzNy
c:\users\Kristopher\AppData\Roaming\t33ppnGG4aQ6sK7
c:\users\Kristopher\AppData\Roaming\TTTTXqqjU
c:\users\Kristopher\AppData\Roaming\uCCwwkUVr
c:\users\Kristopher\AppData\Roaming\UWJ7dEL8gZhXkV
c:\users\Kristopher\AppData\Roaming\UYYYCwwkUVrlBtP
c:\users\Kristopher\AppData\Roaming\uzzzPNNyxA1vSob
c:\users\Kristopher\AppData\Roaming\V11uuvSS2oF3
c:\users\Kristopher\AppData\Roaming\vBBrrzOONyx0uS2
c:\users\Kristopher\AppData\Roaming\vGGG5ssQJ6
c:\users\Kristopher\AppData\Roaming\vkkkUVVrlOBtP0c
c:\users\Kristopher\AppData\Roaming\vnnnF44amH5sJ
c:\users\Kristopher\AppData\Roaming\w4am6sWJ7E8Tq
c:\users\Kristopher\AppData\Roaming\wKK88fRRZhTwjCe
c:\users\Kristopher\AppData\Roaming\wWWWK88fR9hTqjC
c:\users\Kristopher\AppData\Roaming\WyccAA1ivD2oF4m
c:\users\Kristopher\AppData\Roaming\x6ddWWK8fRL9TXj
c:\users\Kristopher\AppData\Roaming\y33oonFF4aH5sJ7
c:\users\Kristopher\AppData\Roaming\Y55ssQJJ6dE8fZ9
c:\users\Kristopher\AppData\Roaming\YEEEL99gTZqjC
c:\users\Kristopher\AppData\Roaming\yFFF4ppmG5s
c:\users\Kristopher\AppData\Roaming\yUUCCelIIBzPNxA
c:\users\Kristopher\AppData\Roaming\zQQJJ7ddEKgRZhY
c:\users\Kristopher\AppData\Roaming\zttxxP00ycSiv3n
c:\users\Kristopher\AppData\Roaming\zVVellIBtz
c:\users\Kristopher\AppData\Roaming\Zy1SbF3pm5Q6W8R
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-28 )))))))))))))))))))))))))))))))
.
.
2011-10-28 17:36 . 2011-10-28 17:36 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2011-10-28 17:36 . 2011-10-28 17:36 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2011-10-28 17:36 . 2011-10-28 17:36 -------- d-----w- c:\users\Kristopher\AppData\Local\temp
2011-10-28 17:36 . 2011-10-28 17:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-26 21:20 . 2011-09-01 00:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-26 21:10 . 2011-10-26 21:10 107520 ----a-w- c:\users\Kristopher\AppData\Roaming\Microsoft\04AC\7CC0.tmp
2011-10-26 18:34 . 2011-09-06 20:38 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-10-26 18:34 . 2011-09-06 20:36 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-10-26 18:34 . 2011-09-06 20:36 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-10-26 18:34 . 2011-09-06 20:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-26 18:34 . 2011-09-06 20:36 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-10-26 18:34 . 2011-09-06 20:36 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-10-26 18:34 . 2011-09-06 20:45 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-10-26 18:34 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-10-26 18:34 . 2011-09-06 20:45 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-10-26 18:34 . 2011-10-26 18:34 -------- d-----w- c:\programdata\AVAST Software
2011-10-26 18:34 . 2011-10-26 18:34 -------- d-----w- c:\program files\AVAST Software
2011-10-26 17:08 . 2011-10-26 17:08 -------- d-----w- c:\users\Kristopher\AppData\Roaming\Microsoft Corporation
2011-10-26 17:08 . 2011-10-26 17:08 -------- d-----w- c:\users\Kristopher\AppData\Local\assembly
2011-10-26 07:28 . 2011-10-26 07:28 107520 ----a-w- c:\users\Kristopher\AppData\Roaming\Microsoft\04AC\5CBF.tmp
2011-10-26 06:47 . 2011-10-26 18:11 -------- d-----w- c:\program files (x86)\7D37E
2011-10-26 06:46 . 2011-10-26 06:46 -------- d-----w- c:\program files (x86)\LP
2011-10-26 05:43 . 2011-10-26 05:44 315702 ----a-w- c:\windows\SysWow64\PerfStringBackup.TMP
2011-10-21 08:52 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A70A73D3-083E-47D6-8392-6F3D616B15C8}\mpengine.dll
2011-10-05 00:39 . 2011-10-05 00:39 -------- d-----w- c:\windows\Sun
2011-10-03 22:40 . 2011-10-03 22:40 -------- d-----w- c:\users\Kristopher\AppData\Roaming\Malwarebytes
2011-10-03 22:38 . 2011-10-03 22:38 -------- d-----w- c:\users\Kristopher\AppData\Roaming\f55ssQJ7dE
2011-10-03 22:38 . 2011-10-03 22:38 -------- d-----w- c:\users\Kristopher\AppData\Roaming\zyyycAA1ivDon
2011-10-03 22:38 . 2011-10-03 22:38 -------- d-----w- c:\users\Kristopher\AppData\Roaming\X77ddEKK8gZ9hXw
2011-10-03 22:38 . 2011-10-03 22:38 -------- d-----w- c:\users\Kristopher\AppData\Roaming\ZUVVeelIBtzP
2011-10-03 22:38 . 2011-10-03 22:38 -------- d-----w- c:\users\Kristopher\AppData\Roaming\d5sssQJ6d
2011-10-03 22:38 . 2011-10-03 22:38 -------- d-----w- c:\users\Kristopher\AppData\Roaming\kS22iibF3pn
2011-10-03 22:38 . 2011-10-03 22:38 -------- d-----w- c:\users\Kristopher\AppData\Roaming\tTTXXqjYYCkIVzN
2011-10-03 22:38 . 2011-10-03 22:38 -------- d-----w- c:\users\Kristopher\AppData\Roaming\HKK77fEEL9g
2011-10-03 22:38 . 2011-10-03 22:38 -------- d-----w- c:\users\Kristopher\AppData\Roaming\yIIVrllONtx0uc1
2011-10-03 22:38 . 2011-10-03 22:38 -------- d-----w- c:\users\Kristopher\AppData\Roaming\LuuucSS1ibD3nGa
2011-10-03 22:38 . 2011-10-03 22:38 -------- d-----w- c:\users\Kristopher\AppData\Roaming\CKKK7ffEL9gZqYC
2011-10-03 22:38 . 2011-10-03 22:38 -------- d-----w- c:\users\Kristopher\AppData\Roaming\lxxPP0uucSib
2011-10-03 22:38 . 2011-10-03 22:38 -------- d-----w- c:\users\Kristopher\AppData\Roaming\wFF44ammH5sJ7EL
2011-10-03 22:32 . 2011-10-03 22:32 -------- d-----w- c:\users\Kristopher\AppData\Roaming\klllOOBtzP0yA1v
2011-10-03 22:31 . 2011-10-03 22:31 -------- d-----w- c:\users\Kristopher\AppData\Roaming\rTTXXwjjUClIBzP
2011-10-03 22:31 . 2011-10-03 22:31 -------- d-----w- c:\users\Kristopher\AppData\Roaming\kGGG5aaQH6dK7f
2011-10-03 22:31 . 2011-10-03 22:31 -------- d-----w- c:\users\Kristopher\AppData\Roaming\iuuccS22ib3pn4a
2011-10-03 22:31 . 2011-10-03 22:31 -------- d-----w- c:\users\Kristopher\AppData\Roaming\JQQQH66sWK7EL9T
2011-10-03 22:31 . 2011-10-03 22:31 -------- d-----w- c:\users\Kristopher\AppData\Roaming\Y11iibDD3oG4aH6
2011-10-03 22:31 . 2011-10-03 22:31 -------- d-----w- c:\users\Kristopher\AppData\Roaming\TCwwwkUVrlOBtPy
2011-10-03 22:31 . 2011-10-03 22:31 -------- d-----w- c:\users\Kristopher\AppData\Roaming\dmmHH5ssWJ7ELgR
2011-10-03 22:31 . 2011-10-03 22:31 -------- d-----w- c:\users\Kristopher\AppData\Roaming\RooonFF4pmH5QJd
2011-10-03 22:31 . 2011-10-03 22:31 -------- d-----w- c:\users\Kristopher\AppData\Roaming\ONNNyxxA1u
2011-10-03 22:31 . 2011-10-03 22:31 -------- d-----w- c:\users\Kristopher\AppData\Roaming\ElllIBBrzPNyA1v
2011-10-03 22:31 . 2011-10-03 22:31 -------- d-----w- c:\users\Kristopher\AppData\Roaming\j11uuvSS2oF3pG5
2011-10-03 22:31 . 2011-10-03 22:31 -------- d-----w- c:\users\Kristopher\AppData\Roaming\mCCeekIBBrONyA0
2011-10-03 22:31 . 2011-10-03 22:31 -------- d-----w- c:\users\Kristopher\AppData\Roaming\KaaaQHH6dWKfRLg
2011-10-03 22:28 . 2011-10-03 22:28 -------- d-----w- c:\users\Kristopher\AppData\Roaming\akkUUVrrlOtxP
2011-10-03 22:28 . 2011-10-03 22:28 -------- d-----w- c:\users\Kristopher\AppData\Roaming\OYYYXwwkUVeOBzP
2011-10-03 22:28 . 2011-10-03 22:28 -------- d-----w- c:\users\Kristopher\AppData\Roaming\zhhYYXwkUVelOtP
2011-10-03 22:26 . 2011-10-03 22:26 -------- d-----w- c:\users\Kristopher\AppData\Roaming\h222iibD3pnG
2011-10-03 22:26 . 2011-10-03 22:26 -------- d-----w- c:\users\Kristopher\AppData\Roaming\LkkkIVVrlON
2011-10-03 22:26 . 2011-10-03 22:26 -------- d-----w- c:\users\Kristopher\AppData\Roaming\ljjjYCCwkIVlOtx
2011-10-03 22:26 . 2011-10-03 22:26 -------- d-----w- c:\users\Kristopher\AppData\Roaming\c222ibbD3pnGaQ6
2011-10-03 22:26 . 2011-10-03 22:26 -------- d-----w- c:\users\Kristopher\AppData\Roaming\ISSS2iibF3pG5QH
2011-10-03 22:26 . 2011-10-03 22:26 -------- d-----w- c:\users\Kristopher\AppData\Roaming\appnnG44aQHsW7f
2011-10-03 22:26 . 2011-10-03 22:26 -------- d-----w- c:\users\Kristopher\AppData\Roaming\CwwkkIVVrlNtx0
2011-10-03 22:26 . 2011-10-03 22:26 -------- d-----w- c:\users\Kristopher\AppData\Roaming\zG44aamH6s
2011-10-03 22:26 . 2011-10-03 22:26 -------- d-----w- c:\users\Kristopher\AppData\Roaming\kOOBBtxxP0yS1vD
2011-10-03 22:26 . 2011-10-03 22:26 -------- d-----w- c:\users\Kristopher\AppData\Roaming\FsWWJJ7dEL8gRqY
2011-10-03 22:26 . 2011-10-03 22:26 -------- d-----w- c:\users\Kristopher\AppData\Roaming\gellOOBtzP0
2011-10-03 22:26 . 2011-10-03 22:26 -------- d-----w- c:\users\Kristopher\AppData\Roaming\EddE8gRZ9h
2011-10-03 22:26 . 2011-10-03 22:26 -------- d-----w- c:\users\Kristopher\AppData\Roaming\kQQQJ66dEK8fZ9T
2011-10-03 22:25 . 2011-10-03 22:25 -------- d-----w- c:\users\Kristopher\AppData\Roaming\gEKK88fRZ9hTwjC
2011-10-03 22:25 . 2011-10-03 22:25 -------- d-----w- c:\users\Kristopher\AppData\Roaming\qxxAA1uvv2obFpG
2011-10-03 22:25 . 2011-10-03 22:25 -------- d-----w- c:\users\Kristopher\AppData\Roaming\DfRRLL9hTXq
2011-10-03 22:25 . 2011-10-03 22:25 -------- d-----w- c:\users\Kristopher\AppData\Roaming\ySS22ibFF3nG5Q6
2011-10-03 22:25 . 2011-10-03 22:25 -------- d-----w- c:\users\Kristopher\AppData\Roaming\SbbbF33pnG5aH6W
2011-10-03 22:25 . 2011-10-03 22:25 -------- d-----w- c:\users\Kristopher\AppData\Roaming\oqqqjjYCwkIVlOt
2011-10-03 22:25 . 2011-10-03 22:25 -------- d-----w- c:\users\Kristopher\AppData\Roaming\gaaQQH66sWKfE9g
2011-10-03 22:25 . 2011-10-03 22:25 -------- d-----w- c:\users\Kristopher\AppData\Roaming\o00uucS11iD3oG4
2011-10-03 22:25 . 2011-10-03 22:25 -------- d-----w- c:\users\Kristopher\AppData\Roaming\BkkUUVrrlOBxPyc
2011-10-03 22:25 . 2011-10-03 22:25 -------- d-----w- c:\users\Kristopher\AppData\Roaming\jH55sWWJ7dELgRq
2011-10-03 22:25 . 2011-10-03 22:25 -------- d-----w- c:\users\Kristopher\AppData\Roaming\zRRRZqqhYXwUVlO
2011-10-03 22:09 . 2011-10-03 22:09 -------- d-----w- c:\users\Kristopher\AppData\Roaming\i666sWWK7fE9gZq
2011-10-03 22:09 . 2011-10-03 22:09 -------- d-----w- c:\users\Kristopher\AppData\Roaming\cYCCwwkIVrlONx0
2011-10-03 22:09 . 2011-10-04 17:28 -------- d-----w- c:\users\Kristopher\AppData\Roaming\x333pnnG4aQ6sK
2011-10-03 22:09 . 2011-10-03 22:09 -------- d-----w- c:\users\Kristopher\AppData\Roaming\BYCCeekIVrzONx0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6e0173e2-c764-490f-8035-d4c8091774a8}]
2010-08-16 20:12 466944 ----a-w- c:\program files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{596de2ef-c6de-400f-9f8d-288fed8e323d}"= "c:\program files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader.dll" [2010-08-16 466944]
.
[HKEY_CLASSES_ROOT\clsid\{596de2ef-c6de-400f-9f8d-288fed8e323d}]
[HKEY_CLASSES_ROOT\ShopShieldCompanion.ToolBar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"NetZero_uoltray"="c:\program files (x86)\NetZero\exec.exe" [2010-06-29 1776640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmartWiHelper"="c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" [2008-08-19 77824]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-04-02 75048]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-15 61440]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Bart Station"="c:\program files (x86)\PeoplePC\ISP8330\BIN\PPCOLink.exe" [2010-07-15 25936]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-20 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"Malwarebytes' Anti-Malware"="c:\users\Kristopher\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Motive Update"="c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.dll" [2011-10-05 132608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/06/07 08:26];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-04-02 16:11 146928]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 136176]
R2 MBAMService;MBAMService;c:\users\Kristopher\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
R2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-09-21 517632]
R2 McciServiceHost;McciServiceHost;c:\program files (x86)\Common Files\Motive\McciServiceHost.exe [2010-07-27 315392]
R2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2009-11-25 91392]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-09-18 139808]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 23:34]
.
2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 23:34]
.
2011-10-27 c:\windows\Tasks\User_Feed_Synchronization-{C3CEC2E4-8A50-4FE7-AD63-91F66B08230C}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6e0173e2-c764-490f-8035-d4c8091774a8}]
2010-08-16 20:12 664576 ----a-w- c:\program files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{596de2ef-c6de-400f-9f8d-288fed8e323d}"= "c:\program files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader64.dll" [2010-08-16 664576]
.
[HKEY_CLASSES_ROOT\CLSID\{596de2ef-c6de-400f-9f8d-288fed8e323d}]
[HKEY_CLASSES_ROOT\ShopShieldCompanion.ToolBar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6453760]
"Skytel"="Skytel.exe" [2008-09-18 1826816]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-09-19 152576]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 3453440]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://att.my.yahoo.com/
mLocal Page = %SystemRoot%\system32\blank.htm
IE: Display All Images with Full Quality - "c:\program files (x86)\NetZero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files (x86)\NetZero\qsacc\appres.dll/227"
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{89D719AD-0468-4539-BC75-8E59699E7912} - {89D719AD-0468-4539-BC75-8E59699E7912} - c:\program files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader.dll
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Kristopher\AppData\Roaming\Mozilla\Firefox\Profiles\4un0vwqr.default\
FF - prefs.js: browser.search.selectedEngine - Web Search...
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?utm_source=en-ha-na-us-sk&utm_medium=ha&referrer=ign_n
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 55192
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-28 10:38:19
ComboFix-quarantined-files.txt 2011-10-28 17:38
ComboFix2.txt 2011-10-27 21:55
.
Pre-Run: 64,521,232,384 bytes free
Post-Run: 64,357,896,192 bytes free
.
- - End Of File - - E192114D344F9FFC373D570A9CA10A27

 

[Broni]

Something more serious is going on here.
It looks like possible ZeroAccess rootkit.

You never posted aswMBR log.

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[Kristo92]

Hey there. I am not able to scan using the aswmbr program. Right after i press the scan button the computer will go to a blue screen, at the top of the screen it says driver_irql_not_less_or_equal. I have tried to run the program in safe mode, in safe mode with networking and just in normal mode all with the same results. I was getting this blue screen yesterday when i attempted to post the aswmbr log. Thanks for your time.

 

[Broni]

Download Bootkit Remover to your Desktop.

• Unzip downloaded file to your Desktop.
• Double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[Kristo92]

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 1 (build 6
001), 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`05700000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[Kristo92]

14:59:04.0123 4312 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
14:59:04.0708 4312 ============================================================
14:59:04.0708 4312 Current date / time: 2011/10/30 14:59:04.0708
14:59:04.0708 4312 SystemInfo:
14:59:04.0708 4312
14:59:04.0708 4312 OS Version: 6.0.6001 ServicePack: 1.0
14:59:04.0708 4312 Product type: Workstation
14:59:04.0708 4312 ComputerName: KRISTOPHER-PC
14:59:04.0708 4312 UserName: Kristopher
14:59:04.0708 4312 Windows directory: C:\Windows
14:59:04.0708 4312 System windows directory: C:\Windows
14:59:04.0708 4312 Running under WOW64
14:59:04.0708 4312 Processor architecture: Intel x64
14:59:04.0708 4312 Number of processors: 2
14:59:04.0708 4312 Page size: 0x1000
14:59:04.0708 4312 Boot type: Normal boot
14:59:04.0708 4312 ============================================================
14:59:06.0254 4312 Initialize success
14:59:13.0094 2476 ============================================================
14:59:13.0094 2476 Scan started
14:59:13.0094 2476 Mode: Manual;
14:59:13.0095 2476 ============================================================
14:59:14.0490 2476 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
14:59:14.0502 2476 ACPI - ok
14:59:14.0661 2476 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
14:59:14.0692 2476 adp94xx - ok
14:59:14.0791 2476 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
14:59:14.0815 2476 adpahci - ok
14:59:14.0866 2476 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
14:59:14.0869 2476 adpu160m - ok
14:59:14.0963 2476 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
14:59:14.0967 2476 adpu320 - ok
14:59:15.0068 2476 AFD (9bb97042fa331a0fb4bdd98b9280a50a) C:\Windows\system32\drivers\afd.sys
14:59:15.0075 2476 AFD - ok
14:59:15.0439 2476 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
14:59:15.0454 2476 agp440 - ok
14:59:15.0540 2476 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
14:59:15.0542 2476 aic78xx - ok
14:59:15.0622 2476 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
14:59:15.0641 2476 aliide - ok
14:59:15.0709 2476 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
14:59:15.0710 2476 amdide - ok
14:59:15.0763 2476 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
14:59:15.0765 2476 AmdK8 - ok
14:59:15.0837 2476 ApfiltrService (22fecb5b3de1eb8b1b2761338922f681) C:\Windows\system32\DRIVERS\Apfiltr.sys
14:59:15.0841 2476 ApfiltrService - ok
14:59:15.0955 2476 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
14:59:15.0958 2476 arc - ok
14:59:16.0001 2476 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
14:59:16.0017 2476 arcsas - ok
14:59:16.0095 2476 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\Windows\system32\drivers\aswFsBlk.sys
14:59:16.0111 2476 aswFsBlk - ok
14:59:16.0165 2476 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys
14:59:16.0184 2476 aswMonFlt - ok
14:59:16.0242 2476 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\Windows\system32\drivers\aswRdr.sys
14:59:16.0250 2476 aswRdr - ok
14:59:16.0375 2476 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\Windows\system32\drivers\aswSnx.sys
14:59:16.0390 2476 aswSnx - ok
14:59:16.0452 2476 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\Windows\system32\drivers\aswSP.sys
14:59:16.0457 2476 aswSP - ok
14:59:16.0583 2476 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\Windows\system32\drivers\aswTdi.sys
14:59:16.0584 2476 aswTdi - ok
14:59:16.0642 2476 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
14:59:16.0650 2476 AsyncMac - ok
14:59:16.0698 2476 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
14:59:16.0699 2476 atapi - ok
14:59:17.0183 2476 atikmdag (6227b608760392992cd203ad929aa36c) C:\Windows\system32\DRIVERS\atikmdag.sys
14:59:17.0276 2476 atikmdag - ok
14:59:17.0360 2476 Beep - ok
14:59:17.0464 2476 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
14:59:17.0483 2476 blbdrive - ok
14:59:17.0565 2476 bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
14:59:17.0576 2476 bowser - ok
14:59:17.0619 2476 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
14:59:17.0635 2476 BrFiltLo - ok
14:59:17.0690 2476 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
14:59:17.0699 2476 BrFiltUp - ok
14:59:17.0804 2476 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
14:59:17.0807 2476 Brserid - ok
14:59:17.0905 2476 BrSerIf (132b32d4b0ec649edbf4123455237e6d) C:\Windows\system32\DRIVERS\BrSerIf.sys
14:59:17.0908 2476 BrSerIf - ok
14:59:17.0977 2476 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
14:59:18.0001 2476 BrSerWdm - ok
14:59:18.0052 2476 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
14:59:18.0065 2476 BrUsbMdm - ok
14:59:18.0114 2476 BrUsbSer (d014919fbcccf077aa4ba0a0e5ba713b) C:\Windows\system32\DRIVERS\BrUsbSer.sys
14:59:18.0115 2476 BrUsbSer - ok
14:59:18.0188 2476 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
14:59:18.0200 2476 BTCFilterService - ok
14:59:18.0280 2476 BthEnum (86f46c41f773da5a4a1d221c9201e3b8) C:\Windows\system32\DRIVERS\BthEnum.sys
14:59:18.0281 2476 BthEnum - ok
14:59:18.0376 2476 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
14:59:18.0378 2476 BTHMODEM - ok
14:59:18.0422 2476 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
14:59:18.0423 2476 BthPan - ok
14:59:18.0486 2476 BTHPORT (e76f40c8dffd33b6f142de90d3cabb73) C:\Windows\system32\Drivers\BTHport.sys
14:59:18.0491 2476 BTHPORT - ok
14:59:18.0533 2476 BTHUSB (cd52602d1884c6867269babcb67849c5) C:\Windows\system32\Drivers\BTHUSB.sys
14:59:18.0535 2476 BTHUSB - ok
14:59:18.0611 2476 btwaudio (243661bc849eb1a7ad141680ae62886a) C:\Windows\system32\drivers\btwaudio.sys
14:59:18.0614 2476 btwaudio - ok
14:59:18.0665 2476 btwavdt (89c6567ebd92bbd2961c634604d6670f) C:\Windows\system32\drivers\btwavdt.sys
14:59:18.0668 2476 btwavdt - ok
14:59:18.0732 2476 btwl2cap (09baf40735007bde7dd95830afcefd26) C:\Windows\system32\DRIVERS\btwl2cap.sys
14:59:18.0739 2476 btwl2cap - ok
14:59:18.0789 2476 btwrchid (2bbf56e2114fabf63c3d00828fc3c86c) C:\Windows\system32\DRIVERS\btwrchid.sys
14:59:18.0801 2476 btwrchid - ok
14:59:18.0803 2476 catchme - ok
14:59:18.0859 2476 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
14:59:18.0860 2476 cdfs - ok
14:59:18.0931 2476 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
14:59:18.0934 2476 cdrom - ok
14:59:19.0052 2476 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
14:59:19.0073 2476 circlass - ok
14:59:19.0133 2476 CLFS (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys
14:59:19.0139 2476 CLFS - ok
14:59:19.0307 2476 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
14:59:19.0308 2476 CmBatt - ok
14:59:19.0427 2476 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
14:59:19.0439 2476 cmdide - ok
14:59:19.0464 2476 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
14:59:19.0465 2476 Compbatt - ok
14:59:19.0477 2476 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
14:59:19.0480 2476 crcdisk - ok
14:59:19.0585 2476 DfsC (3725c43c9e90731eca651d506cc599a3) C:\Windows\system32\Drivers\dfsc.sys
14:59:19.0587 2476 DfsC - ok
14:59:19.0697 2476 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
14:59:19.0706 2476 disk - ok
14:59:19.0734 2476 DMICall - ok
14:59:19.0875 2476 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
14:59:19.0876 2476 Dot4 - ok
14:59:19.0928 2476 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:59:19.0929 2476 Dot4Print - ok
14:59:19.0970 2476 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
14:59:19.0971 2476 dot4usb - ok
14:59:20.0077 2476 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
14:59:20.0078 2476 drmkaud - ok
14:59:20.0263 2476 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
14:59:20.0295 2476 DXGKrnl - ok
14:59:20.0366 2476 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
14:59:20.0369 2476 E1G60 - ok
14:59:20.0434 2476 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
14:59:20.0438 2476 Ecache - ok
14:59:20.0652 2476 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
14:59:20.0672 2476 elxstor - ok
14:59:20.0746 2476 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
14:59:20.0762 2476 ErrDev - ok
14:59:20.0868 2476 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
14:59:20.0872 2476 exfat - ok
14:59:20.0918 2476 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
14:59:20.0922 2476 fastfat - ok
14:59:20.0974 2476 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
14:59:20.0991 2476 fdc - ok
14:59:21.0071 2476 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
14:59:21.0073 2476 FileInfo - ok
14:59:21.0114 2476 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
14:59:21.0116 2476 Filetrace - ok
14:59:21.0140 2476 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:59:21.0141 2476 flpydisk - ok
14:59:21.0154 2476 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
14:59:21.0158 2476 FltMgr - ok
14:59:21.0183 2476 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
14:59:21.0184 2476 Fs_Rec - ok
14:59:21.0214 2476 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
14:59:21.0216 2476 gagp30kx - ok
14:59:21.0266 2476 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:59:21.0267 2476 GEARAspiWDM - ok
14:59:21.0374 2476 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
14:59:21.0383 2476 HdAudAddService - ok
14:59:21.0557 2476 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:59:21.0558 2476 HDAudBus - ok
14:59:21.0610 2476 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
14:59:21.0613 2476 HidBth - ok
14:59:21.0654 2476 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
14:59:21.0655 2476 HidIr - ok
14:59:21.0751 2476 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
14:59:21.0753 2476 HidUsb - ok
14:59:21.0856 2476 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
14:59:21.0865 2476 HpCISSs - ok
14:59:22.0066 2476 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
14:59:22.0071 2476 HSFHWAZL - ok
14:59:22.0225 2476 HSF_DPV (e6cd7f641916484b0141d191a390d866) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
14:59:22.0247 2476 HSF_DPV - ok
14:59:22.0380 2476 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
14:59:22.0391 2476 HTTP - ok
14:59:22.0499 2476 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
14:59:22.0526 2476 i2omp - ok
14:59:22.0576 2476 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
14:59:22.0584 2476 i8042prt - ok
14:59:22.0623 2476 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
14:59:22.0628 2476 iaStorV - ok
14:59:22.0771 2476 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
14:59:22.0780 2476 iirsp - ok
14:59:22.0898 2476 IntcAzAudAddService (b3fb479a7c0626499eb5989bc087cf8d) C:\Windows\system32\drivers\RTKVHD64.sys
14:59:22.0920 2476 IntcAzAudAddService - ok
14:59:23.0045 2476 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
14:59:23.0063 2476 intelide - ok
14:59:23.0125 2476 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
14:59:23.0126 2476 intelppm - ok
14:59:23.0200 2476 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:59:23.0202 2476 IpFilterDriver - ok
14:59:23.0234 2476 IpInIp - ok
14:59:23.0266 2476 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
14:59:23.0285 2476 IPMIDRV - ok
14:59:23.0337 2476 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
14:59:23.0365 2476 IPNAT - ok
14:59:23.0501 2476 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
14:59:23.0502 2476 IRENUM - ok
14:59:23.0556 2476 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
14:59:23.0568 2476 isapnp - ok
14:59:23.0590 2476 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
14:59:23.0593 2476 iScsiPrt - ok
14:59:23.0650 2476 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
14:59:23.0664 2476 iteatapi - ok
14:59:23.0723 2476 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
14:59:23.0734 2476 iteraid - ok
14:59:23.0786 2476 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
14:59:23.0792 2476 kbdclass - ok
14:59:23.0848 2476 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
14:59:23.0858 2476 kbdhid - ok
14:59:23.0942 2476 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
14:59:23.0951 2476 KSecDD - ok
14:59:24.0011 2476 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
14:59:24.0012 2476 ksthunk - ok
14:59:24.0071 2476 libusb0 - ok
14:59:24.0098 2476 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
14:59:24.0100 2476 lltdio - ok
14:59:24.0142 2476 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
14:59:24.0167 2476 LSI_FC - ok
14:59:24.0218 2476 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
14:59:24.0241 2476 LSI_SAS - ok
14:59:24.0289 2476 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
14:59:24.0310 2476 LSI_SCSI - ok
14:59:24.0382 2476 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
14:59:24.0383 2476 luafv - ok
14:59:24.0495 2476 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
14:59:24.0504 2476 MBAMProtector - ok
14:59:24.0654 2476 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
14:59:24.0656 2476 megasas - ok
14:59:24.0733 2476 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
14:59:24.0739 2476 MegaSR - ok
14:59:24.0789 2476 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
14:59:24.0790 2476 Modem - ok
14:59:24.0850 2476 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
14:59:24.0851 2476 monitor - ok
14:59:24.0975 2476 motccgp (338ba6b7170111edc2e43b5b4eaf17df) C:\Windows\system32\DRIVERS\motccgp.sys
14:59:24.0990 2476 motccgp - ok
14:59:25.0029 2476 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
14:59:25.0030 2476 motccgpfl - ok
14:59:25.0057 2476 motmodem (e90aba3c6f01be2c456c4aa857b28646) C:\Windows\system32\DRIVERS\motmodem.sys
14:59:25.0059 2476 motmodem - ok
14:59:25.0155 2476 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
14:59:25.0156 2476 MotoSwitchService - ok
14:59:25.0197 2476 Motousbnet (db73ee608d06e415e0c4e777c6d7ba56) C:\Windows\system32\DRIVERS\Motousbnet.sys
14:59:25.0207 2476 Motousbnet - ok
14:59:25.0246 2476 motport (e90aba3c6f01be2c456c4aa857b28646) C:\Windows\system32\DRIVERS\motport.sys
14:59:25.0247 2476 motport - ok
14:59:25.0300 2476 motusbdevice (95a769d672627e10854e167c4746e91a) C:\Windows\system32\DRIVERS\motusbdevice.sys
14:59:25.0320 2476 motusbdevice - ok
14:59:25.0416 2476 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
14:59:25.0427 2476 mouclass - ok
14:59:25.0496 2476 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
14:59:25.0511 2476 mouhid - ok
14:59:25.0567 2476 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
14:59:25.0571 2476 MountMgr - ok
14:59:25.0669 2476 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
14:59:25.0671 2476 mpio - ok
14:59:25.0700 2476 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
14:59:25.0703 2476 mpsdrv - ok
14:59:25.0731 2476 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
14:59:25.0758 2476 Mraid35x - ok
14:59:25.0917 2476 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
14:59:25.0929 2476 MREMP50 - ok
14:59:26.0035 2476 MREMP50a64 (c2758df79c83a0d12a5599a040ca1818) C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS
14:59:26.0048 2476 MREMP50a64 - ok
14:59:26.0052 2476 MREMPR5 - ok
14:59:26.0058 2476 MRENDIS5 - ok
14:59:26.0103 2476 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
14:59:26.0121 2476 MRESP50 - ok
14:59:26.0174 2476 MRESP50a64 (38bd5b32e0722752be8465d2a6da43d9) C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS
14:59:26.0176 2476 MRESP50a64 - ok
14:59:26.0261 2476 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
14:59:26.0264 2476 MRxDAV - ok
14:59:26.0333 2476 mrxsmb (b698eb9acc7ecd4927d99d268918f912) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:59:26.0336 2476 mrxsmb - ok
14:59:26.0431 2476 mrxsmb10 (9a797e27fd28500ee13d43000c931435) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:59:26.0446 2476 mrxsmb10 - ok
14:59:26.0493 2476 mrxsmb20 (f9425d610712533107a264e2d5b2154b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:59:26.0508 2476 mrxsmb20 - ok
14:59:26.0532 2476 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
14:59:26.0533 2476 msahci - ok
14:59:26.0570 2476 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
14:59:26.0590 2476 msdsm - ok
14:59:26.0677 2476 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
14:59:26.0683 2476 Msfs - ok
14:59:26.0709 2476 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
14:59:26.0711 2476 msisadrv - ok
14:59:26.0750 2476 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
14:59:26.0751 2476 MSKSSRV - ok
14:59:26.0787 2476 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
14:59:26.0788 2476 MSPCLOCK - ok
14:59:26.0810 2476 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
14:59:26.0812 2476 MSPQM - ok
14:59:26.0834 2476 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
14:59:26.0838 2476 MsRPC - ok
14:59:26.0875 2476 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
14:59:26.0877 2476 mssmbios - ok
14:59:26.0950 2476 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
14:59:26.0951 2476 MSTEE - ok
14:59:27.0002 2476 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
14:59:27.0009 2476 Mup - ok
14:59:27.0122 2476 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
14:59:27.0125 2476 NativeWifiP - ok
14:59:27.0189 2476 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys
14:59:27.0198 2476 NDIS - ok
14:59:27.0207 2476 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
14:59:27.0208 2476 NdisTapi - ok
14:59:27.0238 2476 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
14:59:27.0239 2476 Ndisuio - ok
14:59:27.0254 2476 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
14:59:27.0258 2476 NdisWan - ok
14:59:27.0280 2476 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
14:59:27.0282 2476 NDProxy - ok
14:59:27.0329 2476 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
14:59:27.0331 2476 NetBIOS - ok
14:59:27.0400 2476 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
14:59:27.0404 2476 netbt - ok
14:59:27.0806 2476 NETw5v64 (263796d4f50df61c0c7ca86f746b5767) C:\Windows\system32\DRIVERS\NETw5v64.sys
14:59:27.0917 2476 NETw5v64 - ok
14:59:28.0032 2476 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
14:59:28.0047 2476 nfrd960 - ok
14:59:28.0100 2476 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
14:59:28.0111 2476 Npfs - ok
14:59:28.0123 2476 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
14:59:28.0125 2476 nsiproxy - ok
14:59:28.0210 2476 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
14:59:28.0232 2476 Ntfs - ok
14:59:28.0287 2476 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
14:59:28.0296 2476 Null - ok
14:59:28.0363 2476 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
14:59:28.0379 2476 nvraid - ok
14:59:28.0441 2476 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
14:59:28.0467 2476 nvstor - ok
14:59:28.0510 2476 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
14:59:28.0513 2476 nv_agp - ok
14:59:28.0522 2476 NwlnkFlt - ok
14:59:28.0532 2476 NwlnkFwd - ok
14:59:28.0588 2476 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
14:59:28.0589 2476 ohci1394 - ok
14:59:28.0676 2476 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
14:59:28.0678 2476 Parport - ok
14:59:28.0690 2476 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
14:59:28.0692 2476 partmgr - ok
14:59:28.0731 2476 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
14:59:28.0738 2476 pci - ok
14:59:28.0804 2476 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
14:59:28.0806 2476 pciide - ok
14:59:28.0911 2476 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
14:59:28.0931 2476 pcmcia - ok
14:59:28.0959 2476 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
14:59:28.0972 2476 PEAUTH - ok
14:59:29.0114 2476 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
14:59:29.0117 2476 PptpMiniport - ok
14:59:29.0199 2476 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
14:59:29.0218 2476 Processor - ok
14:59:29.0379 2476 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
14:59:29.0389 2476 PSched - ok
14:59:29.0488 2476 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
14:59:29.0507 2476 ql2300 - ok
14:59:29.0606 2476 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
14:59:29.0633 2476 ql40xx - ok
14:59:29.0692 2476 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
14:59:29.0705 2476 QWAVEdrv - ok
14:59:29.0727 2476 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
14:59:29.0730 2476 RasAcd - ok
14:59:29.0835 2476 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:59:29.0844 2476 Rasl2tp - ok
14:59:29.0879 2476 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
14:59:29.0881 2476 RasPppoe - ok
14:59:29.0894 2476 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
14:59:29.0896 2476 RasSstp - ok
14:59:29.0939 2476 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
14:59:29.0944 2476 rdbss - ok
14:59:29.0955 2476 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:59:29.0957 2476 RDPCDD - ok
14:59:30.0048 2476 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
14:59:30.0075 2476 rdpdr - ok
14:59:30.0247 2476 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
14:59:30.0248 2476 RDPENCDD - ok
14:59:30.0323 2476 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
14:59:30.0330 2476 RDPWD - ok
14:59:30.0389 2476 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
14:59:30.0395 2476 regi - ok
14:59:30.0519 2476 RFCOMM (f228ce2f778503cecb2b27097b5b3139) C:\Windows\system32\DRIVERS\rfcomm.sys
14:59:30.0524 2476 RFCOMM - ok
14:59:30.0555 2476 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
14:59:30.0558 2476 rspndr - ok
14:59:30.0681 2476 RTHDMIAzAudService (bff15b0d6b0567c88306b66dac264c41) C:\Windows\system32\drivers\RtHDMIVX.sys
14:59:30.0685 2476 RTHDMIAzAudService - ok
14:59:30.0772 2476 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
14:59:30.0796 2476 sbp2port - ok
14:59:30.0850 2476 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
14:59:30.0864 2476 sdbus - ok
14:59:30.0906 2476 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:59:30.0908 2476 secdrv - ok
14:59:30.0956 2476 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
14:59:30.0965 2476 Serenum - ok
14:59:31.0007 2476 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
14:59:31.0029 2476 Serial - ok
14:59:31.0075 2476 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
14:59:31.0077 2476 sermouse - ok
14:59:31.0311 2476 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\DRIVERS\sffdisk.sys
14:59:31.0337 2476 sffdisk - ok
14:59:31.0380 2476 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
14:59:31.0381 2476 sffp_mmc - ok
14:59:31.0394 2476 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:59:31.0395 2476 sffp_sd - ok
14:59:31.0419 2476 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
14:59:31.0421 2476 sfloppy - ok
14:59:31.0534 2476 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
14:59:31.0562 2476 Sftfs - ok
14:59:31.0698 2476 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
14:59:31.0703 2476 Sftplay - ok
14:59:31.0997 2476 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
14:59:31.0999 2476 Sftredir - ok
14:59:32.0250 2476 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
14:59:32.0251 2476 Sftvol - ok
14:59:32.0425 2476 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
14:59:32.0427 2476 SiSRaid2 - ok
14:59:32.0520 2476 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
14:59:32.0524 2476 SiSRaid4 - ok
14:59:32.0577 2476 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
14:59:32.0586 2476 Smb - ok
14:59:32.0604 2476 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
14:59:32.0606 2476 spldr - ok
14:59:32.0725 2476 sptd (9ab59cf736981ed1f83c6ab5faa8ba5c) C:\Windows\system32\Drivers\sptd.sys
14:59:32.0725 2476 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 9ab59cf736981ed1f83c6ab5faa8ba5c
14:59:32.0727 2476 sptd ( LockedFile.Multi.Generic ) - warning
14:59:32.0727 2476 sptd - detected LockedFile.Multi.Generic (1)
14:59:32.0890 2476 srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
14:59:32.0898 2476 srv - ok
14:59:32.0967 2476 srv2 (6c72eea39e1c37b436a6d1532999f9ec) C:\Windows\system32\DRIVERS\srv2.sys
14:59:32.0970 2476 srv2 - ok
14:59:32.0989 2476 srvnet (7f69bcf9e6fa3d93c82ee6b87812666d) C:\Windows\system32\DRIVERS\srvnet.sys
14:59:32.0992 2476 srvnet - ok
14:59:33.0124 2476 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
14:59:33.0127 2476 SSPORT - ok
14:59:33.0223 2476 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
14:59:33.0225 2476 swenum - ok
14:59:33.0279 2476 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
14:59:33.0295 2476 Symc8xx - ok
14:59:33.0315 2476 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
14:59:33.0317 2476 Sym_hi - ok
14:59:33.0350 2476 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
14:59:33.0376 2476 Sym_u3 - ok
14:59:33.0526 2476 Tcpip (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\drivers\tcpip.sys
14:59:33.0549 2476 Tcpip - ok
14:59:33.0642 2476 Tcpip6 (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\DRIVERS\tcpip.sys
14:59:33.0650 2476 Tcpip6 - ok
14:59:33.0701 2476 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
14:59:33.0703 2476 tcpipreg - ok
14:59:33.0734 2476 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
14:59:33.0736 2476 TDPIPE - ok
14:59:33.0793 2476 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
14:59:33.0807 2476 TDTCP - ok
14:59:33.0860 2476 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
14:59:33.0888 2476 tdx - ok
14:59:33.0935 2476 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
14:59:33.0938 2476 TermDD - ok
14:59:33.0984 2476 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:59:33.0986 2476 tssecsrv - ok
14:59:34.0056 2476 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
14:59:34.0057 2476 tunmp - ok
14:59:34.0167 2476 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
14:59:34.0177 2476 tunnel - ok
14:59:34.0256 2476 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
14:59:34.0272 2476 uagp35 - ok
14:59:34.0338 2476 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
14:59:34.0355 2476 udfs - ok
14:59:34.0393 2476 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
14:59:34.0396 2476 uliagpkx - ok
14:59:34.0448 2476 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
14:59:34.0454 2476 uliahci - ok
14:59:34.0580 2476 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
14:59:34.0590 2476 UlSata - ok
14:59:34.0645 2476 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
14:59:34.0660 2476 ulsata2 - ok
14:59:34.0699 2476 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
14:59:34.0701 2476 umbus - ok
14:59:34.0766 2476 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
14:59:34.0781 2476 UMPass - ok
14:59:34.0871 2476 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
14:59:34.0872 2476 USBAAPL64 - ok
14:59:34.0953 2476 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
14:59:34.0956 2476 usbccgp - ok
14:59:35.0034 2476 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
14:59:35.0036 2476 usbcir - ok
14:59:35.0080 2476 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys
14:59:35.0086 2476 usbehci - ok
14:59:35.0140 2476 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys
14:59:35.0145 2476 usbhub - ok
14:59:35.0190 2476 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
14:59:35.0192 2476 usbohci - ok
14:59:35.0260 2476 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
14:59:35.0261 2476 usbprint - ok
14:59:35.0341 2476 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
14:59:35.0342 2476 usbscan - ok
14:59:35.0403 2476 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:59:35.0406 2476 USBSTOR - ok
14:59:35.0538 2476 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
14:59:35.0539 2476 usbuhci - ok
14:59:35.0593 2476 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
14:59:35.0607 2476 usbvideo - ok
14:59:35.0650 2476 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
14:59:35.0666 2476 vga - ok
14:59:35.0711 2476 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
14:59:35.0720 2476 VgaSave - ok
14:59:35.0771 2476 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
14:59:35.0773 2476 viaide - ok
14:59:35.0784 2476 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
14:59:35.0786 2476 volmgr - ok
14:59:35.0841 2476 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
14:59:35.0848 2476 volmgrx - ok
14:59:35.0907 2476 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
14:59:35.0913 2476 volsnap - ok
14:59:36.0060 2476 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
14:59:36.0064 2476 vsmraid - ok
14:59:36.0269 2476 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
14:59:36.0279 2476 WacomPen - ok
14:59:36.0359 2476 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
14:59:36.0386 2476 Wanarp - ok
14:59:36.0391 2476 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
14:59:36.0393 2476 Wanarpv6 - ok
14:59:36.0431 2476 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
14:59:36.0433 2476 Wd - ok
14:59:36.0567 2476 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
14:59:36.0597 2476 Wdf01000 - ok
14:59:36.0770 2476 winachsf (b5c348b265178fb9ee55addb3929485d) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
14:59:36.0794 2476 winachsf - ok
14:59:36.0910 2476 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
14:59:36.0929 2476 WmiAcpi - ok
14:59:37.0001 2476 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
14:59:37.0003 2476 WpdUsb - ok
14:59:37.0156 2476 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
14:59:37.0173 2476 ws2ifsl - ok
14:59:37.0410 2476 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:59:37.0452 2476 WUDFRd - ok
14:59:37.0543 2476 xnacc (da1c23f65ef1894ab5b6ff79d81f544a) C:\Windows\system32\DRIVERS\xnacc.sys
14:59:37.0556 2476 xnacc - ok
14:59:37.0655 2476 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys
14:59:37.0660 2476 yukonx64 - ok
14:59:37.0872 2476 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl
14:59:37.0876 2476 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} - ok
14:59:37.0920 2476 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:59:37.0931 2476 \Device\Harddisk0\DR0 - ok
14:59:37.0935 2476 Boot (0x1200) (9bd57277f4d680db481b9fc6bdd273f5) \Device\Harddisk0\DR0\Partition0
14:59:37.0935 2476 \Device\Harddisk0\DR0\Partition0 - ok
14:59:37.0936 2476 ============================================================
14:59:37.0936 2476 Scan finished
14:59:37.0936 2476 ============================================================
14:59:37.0946 3776 Detected object count: 1
14:59:37.0946 3776 Actual detected object count: 1
14:59:50.0866 3776 sptd ( LockedFile.Multi.Generic ) - skipped by user
14:59:50.0866 3776 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

 

[Broni]

Good

See if you can run aswMBR now.

Also....

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

• Double-click SystemLook.exe to run it.
• Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
• Copy the content of the following box and paste it into the main textfield:
  

  :filefind
  consrv.dll
  winsrv.dll
  :reg
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

[Kristo92]

Hey there. I am still unable to scan after opening the aswmbr program. Blue screen with physical memory dump. Here is the log requested:

SystemLook 30.07.11 by jpshortstuff
Log created at 17:39 on 30/10/2011 by Kristopher
Administrator - Elevation successful

========== filefind ==========

Searching for "consrv.dll"
C:\Windows\System32\consrv.dll --a---- 54272 bytes [02:50 21/01/2008] [02:50 21/01/2008] 68689B2E7472E2CFB3F39DA8A59505D9

Searching for "winsrv.dll"
C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.0.6002.18005_none_1488ab3251d4722d\winsrv.dll --a---- 450560 bytes [17:39 13/12/2009] [07:11 11/04/2009] 36F234FD1AA7BAE559BB1C483FC76286
C:\Windows\System32\winsrv.dll --a---- 450048 bytes [15:33 13/07/2011] [15:16 20/04/2011] 2D94E4CE322F12061D3FA7DBE65E9AC5
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.0.6001.18000_none_129d322654b2a6e1\winsrv.dll --a---- 450048 bytes [02:49 21/01/2008] [02:49 21/01/2008] A9C654098A5CA39618DA9D022A6691B8
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.0.6001.18638_none_1284d01654c3b456\winsrv.dll --a---- 450048 bytes [15:33 13/07/2011] [15:16 20/04/2011] 2D94E4CE322F12061D3FA7DBE65E9AC5
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.0.6001.22904_none_132adf496dcc953f\winsrv.dll --a---- 450048 bytes [15:33 13/07/2011] [14:59 20/04/2011] CCCFC223E76D14E622D8F2BB5E90B58D
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.0.6002.18456_none_1453a37851fc0bd5\winsrv.dll --a---- 451072 bytes [15:33 13/07/2011] [16:03 20/04/2011] E5E5E593D4850B0AA24CF58B552147F3
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.0.6002.22628_none_14ffb2816aff87a1\winsrv.dll --a---- 450560 bytes [15:33 13/07/2011] [15:38 20/04/2011] 33353C4E98C0CCF7E2A817536EB58985

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Debug"=""
@="mnmsrvc"
"Kmode"="\SystemRoot\System32\win32k.sys"
"Optional"="Posix"
"Posix"="%SystemRoot%\system32\psxss.exe"
"Required"="Debug Windows"
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\CSRSS]
"CsrSrvSharedSectionBase"= 0x0000000000 (0)


-= EOF =-

 

[Broni]

Post fresh Combofix log.

 

[Kristo92]

ComboFix 11-10-30.03 - Kristopher 10/30/2011 18:17:54.3.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4062.2238 [GMT -7:00]
Running from: c:\users\Kristopher\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-31 )))))))))))))))))))))))))))))))
.
.
2011-10-31 01:27 . 2011-10-31 01:27 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2011-10-31 01:27 . 2011-10-31 01:27 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2011-10-31 01:27 . 2011-10-31 01:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-28 17:38 . 2011-10-31 01:27 -------- d-----w- c:\users\Kristopher\AppData\Local\temp
2011-10-26 21:20 . 2011-09-01 00:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-26 21:10 . 2011-10-26 21:10 107520 ----a-w- c:\users\Kristopher\AppData\Roaming\Microsoft\04AC\7CC0.tmp
2011-10-26 18:34 . 2011-09-06 20:38 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-10-26 18:34 . 2011-09-06 20:36 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-10-26 18:34 . 2011-09-06 20:36 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-10-26 18:34 . 2011-09-06 20:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-26 18:34 . 2011-09-06 20:36 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-10-26 18:34 . 2011-09-06 20:36 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-10-26 18:34 . 2011-09-06 20:45 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-10-26 18:34 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-10-26 18:34 . 2011-09-06 20:45 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-10-26 18:34 . 2011-10-26 18:34 -------- d-----w- c:\programdata\AVAST Software
2011-10-26 18:34 . 2011-10-26 18:34 -------- d-----w- c:\program files\AVAST Software
2011-10-26 17:08 . 2011-10-26 17:08 -------- d-----w- c:\users\Kristopher\AppData\Roaming\Microsoft Corporation
2011-10-26 17:08 . 2011-10-26 17:08 -------- d-----w- c:\users\Kristopher\AppData\Local\assembly
2011-10-26 07:28 . 2011-10-26 07:28 107520 ----a-w- c:\users\Kristopher\AppData\Roaming\Microsoft\04AC\5CBF.tmp
2011-10-26 06:47 . 2011-10-26 18:11 -------- d-----w- c:\program files (x86)\7D37E
2011-10-26 06:46 . 2011-10-26 06:46 -------- d-----w- c:\program files (x86)\LP
2011-10-26 05:43 . 2011-10-26 05:44 315702 ----a-w- c:\windows\SysWow64\PerfStringBackup.TMP
2011-10-21 08:52 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A70A73D3-083E-47D6-8392-6F3D616B15C8}\mpengine.dll
2011-10-05 00:39 . 2011-10-05 00:39 -------- d-----w- c:\windows\Sun
2011-10-03 22:40 . 2011-10-03 22:40 -------- d-----w- c:\users\Kristopher\AppData\Roaming\Malwarebytes
2011-10-03 22:38 . 2011-10-03 22:38 -------- d-----w- c:\users\Kristopher\AppData\Roaming\f55ssQJ7dE
2011-10-03 22:38 . 2011-10-03 22:38 -------- d-----w- c:\users\Kristopher\AppData\Roaming\zyyycAA1ivDon
2011-10-03 22:38 . 2011-10-03 22:38 -------- d-----w- c:\users\Kristopher\AppData\Roaming\X77ddEKK8gZ9hXw
2011-10-03 22:38 . 2011-10-03 22:38 -------- d-----w- c:\users\Kristopher\AppData\Roaming\ZUVVeelIBtzP
2011-10-03 22:38 . 2011-10-03 22:38 -------- d-----w- c:\users\Kristopher\AppData\Roaming\d5sssQJ6d
2011-10-03 22:38 . 2011-10-03 22:38 -------- d-----w- c:\users\Kristopher\AppData\Roaming\kS22iibF3pn
2011-10-03 22:38 . 2011-10-03 22:38 -------- d-----w- c:\users\Kristopher\AppData\Roaming\tTTXXqjYYCkIVzN
2011-10-03 22:38 . 2011-10-03 22:38 -------- d-----w- c:\users\Kristopher\AppData\Roaming\HKK77fEEL9g
2011-10-03 22:38 . 2011-10-03 22:38 -------- d-----w- c:\users\Kristopher\AppData\Roaming\yIIVrllONtx0uc1
2011-10-03 22:38 . 2011-10-03 22:38 -------- d-----w- c:\users\Kristopher\AppData\Roaming\LuuucSS1ibD3nGa
2011-10-03 22:38 . 2011-10-03 22:38 -------- d-----w- c:\users\Kristopher\AppData\Roaming\CKKK7ffEL9gZqYC
2011-10-03 22:38 . 2011-10-03 22:38 -------- d-----w- c:\users\Kristopher\AppData\Roaming\lxxPP0uucSib
2011-10-03 22:38 . 2011-10-03 22:38 -------- d-----w- c:\users\Kristopher\AppData\Roaming\wFF44ammH5sJ7EL
2011-10-03 22:32 . 2011-10-03 22:32 -------- d-----w- c:\users\Kristopher\AppData\Roaming\klllOOBtzP0yA1v
2011-10-03 22:31 . 2011-10-03 22:31 -------- d-----w- c:\users\Kristopher\AppData\Roaming\rTTXXwjjUClIBzP
2011-10-03 22:31 . 2011-10-03 22:31 -------- d-----w- c:\users\Kristopher\AppData\Roaming\kGGG5aaQH6dK7f
2011-10-03 22:31 . 2011-10-03 22:31 -------- d-----w- c:\users\Kristopher\AppData\Roaming\iuuccS22ib3pn4a
2011-10-03 22:31 . 2011-10-03 22:31 -------- d-----w- c:\users\Kristopher\AppData\Roaming\JQQQH66sWK7EL9T
2011-10-03 22:31 . 2011-10-03 22:31 -------- d-----w- c:\users\Kristopher\AppData\Roaming\Y11iibDD3oG4aH6
2011-10-03 22:31 . 2011-10-03 22:31 -------- d-----w- c:\users\Kristopher\AppData\Roaming\TCwwwkUVrlOBtPy
2011-10-03 22:31 . 2011-10-03 22:31 -------- d-----w- c:\users\Kristopher\AppData\Roaming\dmmHH5ssWJ7ELgR
2011-10-03 22:31 . 2011-10-03 22:31 -------- d-----w- c:\users\Kristopher\AppData\Roaming\RooonFF4pmH5QJd
2011-10-03 22:31 . 2011-10-03 22:31 -------- d-----w- c:\users\Kristopher\AppData\Roaming\ONNNyxxA1u
2011-10-03 22:31 . 2011-10-03 22:31 -------- d-----w- c:\users\Kristopher\AppData\Roaming\ElllIBBrzPNyA1v
2011-10-03 22:31 . 2011-10-03 22:31 -------- d-----w- c:\users\Kristopher\AppData\Roaming\j11uuvSS2oF3pG5
2011-10-03 22:31 . 2011-10-03 22:31 -------- d-----w- c:\users\Kristopher\AppData\Roaming\mCCeekIBBrONyA0
2011-10-03 22:31 . 2011-10-03 22:31 -------- d-----w- c:\users\Kristopher\AppData\Roaming\KaaaQHH6dWKfRLg
2011-10-03 22:28 . 2011-10-03 22:28 -------- d-----w- c:\users\Kristopher\AppData\Roaming\akkUUVrrlOtxP
2011-10-03 22:28 . 2011-10-03 22:28 -------- d-----w- c:\users\Kristopher\AppData\Roaming\OYYYXwwkUVeOBzP
2011-10-03 22:28 . 2011-10-03 22:28 -------- d-----w- c:\users\Kristopher\AppData\Roaming\zhhYYXwkUVelOtP
2011-10-03 22:26 . 2011-10-03 22:26 -------- d-----w- c:\users\Kristopher\AppData\Roaming\h222iibD3pnG
2011-10-03 22:26 . 2011-10-03 22:26 -------- d-----w- c:\users\Kristopher\AppData\Roaming\LkkkIVVrlON
2011-10-03 22:26 . 2011-10-03 22:26 -------- d-----w- c:\users\Kristopher\AppData\Roaming\ljjjYCCwkIVlOtx
2011-10-03 22:26 . 2011-10-03 22:26 -------- d-----w- c:\users\Kristopher\AppData\Roaming\c222ibbD3pnGaQ6
2011-10-03 22:26 . 2011-10-03 22:26 -------- d-----w- c:\users\Kristopher\AppData\Roaming\ISSS2iibF3pG5QH
2011-10-03 22:26 . 2011-10-03 22:26 -------- d-----w- c:\users\Kristopher\AppData\Roaming\appnnG44aQHsW7f
2011-10-03 22:26 . 2011-10-03 22:26 -------- d-----w- c:\users\Kristopher\AppData\Roaming\CwwkkIVVrlNtx0
2011-10-03 22:26 . 2011-10-03 22:26 -------- d-----w- c:\users\Kristopher\AppData\Roaming\zG44aamH6s
2011-10-03 22:26 . 2011-10-03 22:26 -------- d-----w- c:\users\Kristopher\AppData\Roaming\kOOBBtxxP0yS1vD
2011-10-03 22:26 . 2011-10-03 22:26 -------- d-----w- c:\users\Kristopher\AppData\Roaming\FsWWJJ7dEL8gRqY
2011-10-03 22:26 . 2011-10-03 22:26 -------- d-----w- c:\users\Kristopher\AppData\Roaming\gellOOBtzP0
2011-10-03 22:26 . 2011-10-03 22:26 -------- d-----w- c:\users\Kristopher\AppData\Roaming\EddE8gRZ9h
2011-10-03 22:26 . 2011-10-03 22:26 -------- d-----w- c:\users\Kristopher\AppData\Roaming\kQQQJ66dEK8fZ9T
2011-10-03 22:25 . 2011-10-03 22:25 -------- d-----w- c:\users\Kristopher\AppData\Roaming\gEKK88fRZ9hTwjC
2011-10-03 22:25 . 2011-10-03 22:25 -------- d-----w- c:\users\Kristopher\AppData\Roaming\qxxAA1uvv2obFpG
2011-10-03 22:25 . 2011-10-03 22:25 -------- d-----w- c:\users\Kristopher\AppData\Roaming\DfRRLL9hTXq
2011-10-03 22:25 . 2011-10-03 22:25 -------- d-----w- c:\users\Kristopher\AppData\Roaming\ySS22ibFF3nG5Q6
2011-10-03 22:25 . 2011-10-03 22:25 -------- d-----w- c:\users\Kristopher\AppData\Roaming\SbbbF33pnG5aH6W
2011-10-03 22:25 . 2011-10-03 22:25 -------- d-----w- c:\users\Kristopher\AppData\Roaming\oqqqjjYCwkIVlOt
2011-10-03 22:25 . 2011-10-03 22:25 -------- d-----w- c:\users\Kristopher\AppData\Roaming\gaaQQH66sWKfE9g
2011-10-03 22:25 . 2011-10-03 22:25 -------- d-----w- c:\users\Kristopher\AppData\Roaming\o00uucS11iD3oG4
2011-10-03 22:25 . 2011-10-03 22:25 -------- d-----w- c:\users\Kristopher\AppData\Roaming\BkkUUVrrlOBxPyc
2011-10-03 22:25 . 2011-10-03 22:25 -------- d-----w- c:\users\Kristopher\AppData\Roaming\jH55sWWJ7dELgRq
2011-10-03 22:25 . 2011-10-03 22:25 -------- d-----w- c:\users\Kristopher\AppData\Roaming\zRRRZqqhYXwUVlO
2011-10-03 22:09 . 2011-10-03 22:09 -------- d-----w- c:\users\Kristopher\AppData\Roaming\i666sWWK7fE9gZq
2011-10-03 22:09 . 2011-10-03 22:09 -------- d-----w- c:\users\Kristopher\AppData\Roaming\cYCCwwkIVrlONx0
2011-10-03 22:09 . 2011-10-04 17:28 -------- d-----w- c:\users\Kristopher\AppData\Roaming\x333pnnG4aQ6sK
2011-10-03 22:09 . 2011-10-03 22:09 -------- d-----w- c:\users\Kristopher\AppData\Roaming\BYCCeekIVrzONx0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6e0173e2-c764-490f-8035-d4c8091774a8}]
2010-08-16 20:12 466944 ----a-w- c:\program files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{596de2ef-c6de-400f-9f8d-288fed8e323d}"= "c:\program files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader.dll" [2010-08-16 466944]
.
[HKEY_CLASSES_ROOT\clsid\{596de2ef-c6de-400f-9f8d-288fed8e323d}]
[HKEY_CLASSES_ROOT\ShopShieldCompanion.ToolBar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"NetZero_uoltray"="c:\program files (x86)\NetZero\exec.exe" [2010-06-29 1776640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmartWiHelper"="c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" [2008-08-19 77824]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-04-02 75048]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-15 61440]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Bart Station"="c:\program files (x86)\PeoplePC\ISP8330\BIN\PPCOLink.exe" [2010-07-15 25936]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-20 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"Malwarebytes' Anti-Malware"="c:\users\Kristopher\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Motive Update"="c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.dll" [2011-10-05 132608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 136176]
R2 MBAMService;MBAMService;c:\users\Kristopher\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/06/07 08:26];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-04-02 16:11 146928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-09-21 517632]
S2 McciServiceHost;McciServiceHost;c:\program files (x86)\Common Files\Motive\McciServiceHost.exe [2010-07-27 315392]
S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2009-11-25 91392]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-09-18 139808]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 23:34]
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 23:34]
.
2011-10-30 c:\windows\Tasks\User_Feed_Synchronization-{C3CEC2E4-8A50-4FE7-AD63-91F66B08230C}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6e0173e2-c764-490f-8035-d4c8091774a8}]
2010-08-16 20:12 664576 ----a-w- c:\program files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{596de2ef-c6de-400f-9f8d-288fed8e323d}"= "c:\program files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader64.dll" [2010-08-16 664576]
.
[HKEY_CLASSES_ROOT\CLSID\{596de2ef-c6de-400f-9f8d-288fed8e323d}]
[HKEY_CLASSES_ROOT\ShopShieldCompanion.ToolBar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6453760]
"Skytel"="Skytel.exe" [2008-09-18 1826816]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-09-19 152576]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 3453440]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://att.my.yahoo.com/
mLocal Page = %SystemRoot%\system32\blank.htm
IE: Display All Images with Full Quality - "c:\program files (x86)\NetZero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files (x86)\NetZero\qsacc\appres.dll/227"
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{89D719AD-0468-4539-BC75-8E59699E7912} - {89D719AD-0468-4539-BC75-8E59699E7912} - c:\program files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader.dll
Trusted Zone: netzero.com
Trusted Zone: netzero.net
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Kristopher\AppData\Roaming\Mozilla\Firefox\Profiles\4un0vwqr.default\
FF - prefs.js: browser.search.selectedEngine - Web Search...
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?utm_source=en-ha-na-us-sk&utm_medium=ha&referrer=ign_n
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 55192
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-30 18:29:49
ComboFix-quarantined-files.txt 2011-10-31 01:29
ComboFix2.txt 2011-10-28 17:38
ComboFix3.txt 2011-10-27 21:55
.
Pre-Run: 64,089,567,232 bytes free
Post-Run: 64,055,169,024 bytes free
.
- - End Of File - - CDC81B7E8E371851AEECB89828C555B3