TechSpot

Malwarebytes and Super-Antispyware not finding anything something seems amiss

Inactive
By BillAllen55
Oct 29, 2012
  1. Hello,
    Over the past few scans I've done with Super antispyware and malware bytes - neither scan has turned up with results. I would be delighted if I were to believe that. But past experience with these fine scan tools would indicate to me something is amiss. I would be very grateful if someone would take a look at requested scan logs.
    fMalwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.10.29.08

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Owner :: OWNER-PC [administrator]

    10/29/2012 9:15:37 AM
    mbam-log-2012-10-29 (09-15-37).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 204005
    Time elapsed: 13 minute(s), 2 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  2. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 421

    undefined
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-10-29 09:57:52
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM080HI rev.AB100-12
    Running: 3u2g776r.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kgloapow.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C43A49 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C7D4D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\firefox.exe[2064] ntdll.dll!LdrGetProcedureAddress + 26 77AC2239 7 Bytes JMP 60EEAB20 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2064] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 762C941E 7 Bytes JMP 61130B02 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2064] kernel32.dll!QueryPerformanceCounter + 13 762CC435 7 Bytes JMP 61130B25 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2064] kernel32.dll!LoadAppInitDlls + 355 762CF4F6 7 Bytes JMP 60EEF7A9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2064] GDI32.dll!GetViewportOrgEx + 26C 769B884B 7 Bytes JMP 61130A83 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2892] kernel32.dll!SetUnhandledExceptionFilter 762CF4FB 5 Bytes JMP 5CB250B8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
    .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2892] ole32.dll!OleLoadFromStream 765F6143 5 Bytes JMP 5D5EE11A C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2892] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2892] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2892] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2892] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2892] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2892] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2892] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001641b573ad
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001641b573b5
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001641b87504
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001641b573ad (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001641b573b5 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001641b87504 (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----
     
  3. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 421

    DDS (Ver_2012-10-19.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16421
    Run by Owner at 10:00:17 on 2012-10-29
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.237 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
    C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
    C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
    C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
    C:\Windows\system32\locator.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\System32\snmp.exe
    C:\Windows\System32\vds.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft Games\Chess\Chess.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\System32\svchost.exe -k PeerDist
    C:\Windows\system32\svchost.exe -k regsvc
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\svchost.exe -k SDRSVC
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.com/
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    uSearch Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    uProxyOverride = 192.168.*.*;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
    mRun: [MSC] c:\program files\microsoft security client\msseces.exe -hide -runkey
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
    uPolicies-Explorer: NoDriveAutoRun- = dword:0
    uPolicies-Explorer: NoDriveTypeAutoRun- = dword:0
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveAutoRun- = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun- = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:253
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-00107-0002-0007-ABCDEFFEDCBC} - <orphaned>
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
    TCP: NameServer = 216.228.160.7 216.228.160.8
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9} : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9} : DHCPNameServer = 216.228.160.7 216.228.160.8
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\3616D6075737F577962756C6563737 : NameServer = 8.8.8.8,216.228.160.7
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\3616D6075737F577962756C6563737 : DHCPNameServer = 172.16.44.186 172.16.44.185
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\4656661657C647 : NameServer = 205.171.3.25,216.228.160.7
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\4656661657C647 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\F40756E60234F6D6D657E696479702E4564777F627B6 : NameServer = 8.8.8.8,216.228.160.7
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\F40756E60234F6D6D657E696479702E4564777F627B6 : DHCPNameServer = 216.228.160.7 216.228.160.8 216.228.160.5
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\r18ei3ko.default-1343151942524\
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
    FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npatgpc.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_500_104.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
    R0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\drivers\MxEFUF32.sys [2012-8-9 102728]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-1-14 15672]
    R1 MpKsl407fd121;MpKsl407fd121;c:\programdata\microsoft\microsoft antimalware\definition updates\{161044d8-2c5a-46ea-8885-a2d61bd3e8cc}\MpKsl407fd121.sys [2012-10-29 29904]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-9-23 65192]
    R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2011-11-30 131072]
    R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-2-7 822624]
    R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\lite\NServiceEntry.exe [2012-9-7 87992]
    R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\motorola mobility\motorola device manager\MotoHelperService.exe [2012-10-2 120728]
    R2 PST Service;PST Service;c:\program files\motorola\motforwarddaemon\ForwardDaemon.exe [2012-6-15 65657]
    R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2011-8-23 368168]
    R3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\drivers\BthFilt.sys [2011-12-17 13824]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-10-29 40776]
    R3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2012-8-19 6637056]
    R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfswin7.sys [2011-10-1 581480]
    R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaywin7.sys [2011-10-1 194408]
    R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirwin7.sys [2011-10-1 21864]
    R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolwin7.sys [2011-10-1 19304]
    R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-12 136176]
    S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
    S3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys [2012-9-3 115008]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-12 136176]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2012-6-11 20864]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2012-1-25 8448]
    S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2012-6-8 23808]
    S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2011-11-8 11008]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-5-28 4233728]
    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 99272]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2012-8-17 4640000]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-30 15872]
    S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2012-8-23 24416]
    S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2012.sp5c\RpcAgentSrv.exe [2012-9-23 68760]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
    S3 Te.Service;Te.Service;c:\program files\windows kits\8.0\testing\runtimes\taef\Wex.Services.exe [2012-7-25 94208]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-30 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-13 1343400]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512]
    S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-7 250808]
    S4 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2012-9-26 136784]
    S4 BthFilterHelper;Bluetooth Feature Support;c:\program files\csr\vista profile pack\BthFilterHelper.exe [2006-11-7 127488]
    S4 HawkesUpdater;Hawkes Unattended Updater;"c:\program files\hawkes learning systems\hawkes update service manager\srvany.exe" --> c:\program files\hawkes learning systems\hawkes update service manager\srvany.exe [?]
    S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-3-18 115168]
    .
    =============== File Associations ===============
    .
    FileExt: .com: Applications\iexplore.exe="c:\program files\internet explorer\iexplore.exe" %1 [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2012-10-29 16:16:24 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{161044d8-2c5a-46ea-8885-a2d61bd3e8cc}\offreg.dll
    2012-10-29 16:16:24 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{161044d8-2c5a-46ea-8885-a2d61bd3e8cc}\MpKsl407fd121.sys
    2012-10-29 16:14:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-10-29 16:13:56 6918632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{161044d8-2c5a-46ea-8885-a2d61bd3e8cc}\mpengine.dll
    2012-10-29 14:51:02 6918632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2012-10-24 02:15:25 -------- d-----w- C:\Binaries
    2012-10-24 02:15:12 -------- d-----w- c:\program files\Motorola Media Link
    2012-10-24 02:14:32 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
    2012-10-22 14:36:57 740784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{887e8832-3d29-412a-a039-8e2c855abddc}\gapaengine.dll
    2012-10-21 20:29:53 -------- d-----w- c:\program files\Microsoft Office 15
    2012-10-21 20:24:10 -------- d-----w- c:\users\owner\appdata\local\MicrosoftStore
    2012-10-21 19:15:36 -------- d-----w- c:\program files\NoVirusThanks
    2012-10-19 01:52:34 -------- d-----w- c:\program files\iPod
    2012-10-19 01:52:31 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2012-10-19 01:52:31 -------- d-----w- c:\program files\iTunes
    2012-10-19 01:51:01 -------- d-----w- c:\program files\Bonjour
    2012-10-19 00:58:13 -------- d-----w- C:\9d7fb0384ad3000f74330d244589
    2012-10-18 21:55:00 954200 ----a-w- c:\windows\system32\XAudioD2_7.dll
    2012-10-18 21:52:58 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
    2012-10-18 21:52:58 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
    2012-10-18 21:52:57 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
    2012-10-18 21:49:45 111960 ----a-w- c:\windows\dxsdkuninst.exe
    2012-10-18 21:49:37 -------- d-----w- c:\program files\Microsoft DirectX SDK (June 2010)
    2012-10-18 21:45:39 -------- d--h--w- c:\windows\msdownld.tmp
    2012-10-14 16:24:53 -------- d-----w- c:\program files\Winmx
    2012-10-13 22:35:40 -------- d-----w- c:\users\owner\appdata\roaming\Auslogics
    2012-10-12 18:34:48 -------- d-----w- c:\windows\ehome
    2012-10-11 21:34:05 -------- d-----w- c:\users\owner\appdata\local\Apple Computer
    2012-10-11 20:48:07 3584 ----a-r- c:\users\owner\appdata\roaming\microsoft\installer\{121634b0-2f4b-11d3-ada3-00c04f52dd52}\Icon386ED4E3.exe
    2012-10-11 20:48:07 -------- d-----w- c:\program files\Windows Installer Clean Up
    2012-10-08 23:57:48 -------- d-----w- c:\windows\system32\ms-MY
    2012-10-08 23:56:20 -------- d-----r- c:\users\owner\Podcasts
    2012-10-08 23:56:11 -------- d-----w- c:\windows\system32\drivers\umdf\ko-KR
    2012-10-08 23:56:10 -------- d-----w- c:\windows\system32\drivers\umdf\ms-MY
    2012-10-08 23:56:09 -------- d-----w- c:\windows\system32\drivers\umdf\id-ID
    2012-10-08 23:56:08 -------- d-----w- c:\windows\system32\drivers\umdf\sv-SE
    2012-10-08 23:56:08 -------- d-----w- c:\windows\system32\drivers\umdf\nb-NO
    2012-10-08 23:56:07 -------- d-----w- c:\windows\system32\drivers\umdf\hu-HU
    2012-10-08 23:56:06 -------- d-----w- c:\windows\system32\drivers\umdf\fi-FI
    2012-10-08 23:56:05 -------- d-----w- c:\windows\system32\drivers\umdf\el-GR
    2012-10-08 23:56:00 -------- d-----w- c:\windows\system32\drivers\umdf\da-DK
    2012-10-07 20:30:01 -------- d-----w- c:\users\owner\appdata\roaming\SoftGrid Client
    2012-10-07 20:25:17 -------- d-----w- c:\program files\Microsoft SkyDrive
    2012-10-06 15:50:02 740784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
    2012-10-05 16:54:37 -------- d-----w- c:\users\owner\appdata\local\BACS
    2012-10-02 17:36:12 -------- d-----w- c:\users\owner\appdata\local\Programs
    2012-09-29 19:43:15 -------- d-----w- c:\program files\Microsoft
    2012-09-29 19:29:03 -------- d-----w- c:\program files\Microsoft Security Client
    .
    ==================== Find3M ====================
    .
    2012-10-27 16:43:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-27 16:43:30 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-09-30 02:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-26 17:58:02 136784 ----a-w- c:\windows\system32\atashost.exe
    2012-09-26 17:58:00 219216 ----a-w- c:\windows\system32\atsckernel.exe
    2012-09-22 23:30:17 100864 ----a-w- C:\kgloapow.sys
    2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-09-05 02:19:28 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
    2012-09-04 16:36:14 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-09-04 16:36:13 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-09-04 16:36:13 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-09-03 23:47:18 115008 ----a-w- c:\windows\system32\drivers\efavdrv.sys
    2012-08-31 17:18:09 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2012-08-31 05:03:50 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2012-08-31 05:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-08-30 18:00:08 1688 ----a-w- c:\users\owner\08-30-2012.reg
    2012-08-30 17:12:02 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-08-30 17:12:02 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-08-30 16:00:09 5602 ----a-w- c:\users\owner\ESETexe-fix.bat
    2012-08-24 16:57:48 172544 ----a-w- c:\windows\system32\wintrust.dll
    2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-08-23 22:56:08 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
    2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-21 20:12:27 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2012-08-21 20:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-08-21 20:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
    2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll
    2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll
    2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe
    2012-08-20 15:33:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 15:33:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 15:33:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 15:33:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-08-15 16:52:50 4472832 ----a-w- c:\windows\system32\GPhotos.scr
    2012-08-10 23:56:14 542208 ----a-w- c:\windows\system32\kerberos.dll
    2012-08-02 16:57:20 490496 ----a-w- c:\windows\system32\d3d10level9.dll
    .
    ============= FINISH: 10:00:47.17 ===============
     
  4. Broni

    Broni Malware Annihilator Posts: 47,654   +267

    Well, you're not saying what kind of issues you're having.

    Attach.txt part of DDS is missing.
     
  5. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 421

    Slow unresponsive, anti-spyware scans are not reporting ANYTHING. Broni, this just doesn't seem correct based on what I've seen in the past when doing these scans.
    Attach part of DDS:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-10-19.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/12/2011 6:36:07 AM
    System Uptime: 10/29/2012 7:38:22 AM (3 hours ago)
    .
    Motherboard: Dell Inc. | | 0FT292
    Processor: Genuine Intel(R) CPU T2600 @ 2.16GHz | Microprocessor | 2167/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 74 GiB total, 28.181 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Description: PS/2 Compatible Mouse
    Device ID: ACPI\PNP0F13\4&13FD3FCA&0
    Manufacturer: Microsoft
    Name: PS/2 Compatible Mouse
    PNP Device ID: ACPI\PNP0F13\4&13FD3FCA&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    RP595: 10/18/2012 6:14:14 PM - Removed Bonjour
    RP596: 10/18/2012 6:14:44 PM - Removed Apple Application Support
    RP597: 10/18/2012 6:51:46 PM - Installed iTunes
    RP598: 10/18/2012 8:39:53 PM - Installed QuickTime
    RP599: 10/21/2012 7:21:23 AM - Windows Update
    RP601: 10/21/2012 8:24:12 AM - Revo Uninstaller's restore point - Winmx Community 1
    RP603: 10/21/2012 8:27:21 AM - Revo Uninstaller's restore point - Winmx Community 1
    RP605: 10/21/2012 12:49:25 PM - SYSTEM RESTORE POINT
    RP606: 10/22/2012 7:18:33 AM - Restore Operation
    RP607: 10/22/2012 7:36:06 AM - Windows Update
    RP608: 10/23/2012 7:12:46 PM - Installed MotoCast
    RP609: 10/26/2012 2:02:46 PM - Windows Update
    RP610: 10/27/2012 9:16:36 AM - Installed Java 7 Update 9
    RP612: 10/28/2012 4:09:35 PM - Revo Uninstaller's restore point - Bing Bar
    RP614: 10/28/2012 4:12:17 PM - Revo Uninstaller's restore point - IObit Toolbar v6.1
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    7-Zip 9.22beta
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader XI
    Adobe Shockwave Player 11.6
    Adobe SVG Viewer 3.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Auslogics Disk Defrag
    Bonjour
    Broadcom NetXtreme-I Netlink Driver and Management Installer
    Broadcom TPM Driver Installer
    Canon MP Navigator EX 4.1
    Canon MX360 series MP Drivers
    Canon MX360 series User Registration
    Canon Solution Menu EX
    Canon Speed Dial Utility
    CCleaner
    Cisco WebEx Meetings
    Compatibility Pack for the 2007 Office system
    Conexant HDA D110 MDC V.92 Modem
    Digital Line Detect
    Dropbox
    FileHippo.com Update Checker
    Google Apps
    Google Drive
    Google Update Helper
    Google Updater
    HiJackThis
    Intel PROSet Wireless
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PROSet/Wireless WiFi Software
    iTunes
    Java 7 Update 7
    Jing
    Kits Configuration Installer
    Malwarebytes Anti-Malware version 1.65.1.1000
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft DirectX SDK (June 2010)
    Microsoft Mouse and Keyboard Center
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Click-to-Run 2010
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft SkyDrive
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MotoCast
    MotoHelper MergeModules
    Motorola Device Manager
    Motorola Device Software Update
    MOTOROLA MEDIA LINK
    Motorola Mobile Drivers Installation 5.9.0
    Mozilla Firefox 17.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB973685)
    MyITLab ActiveX Installer 2, 9, 8, 65535
    Office 2010 Trial Extender
    OZ776 SCR Driver V1.1.4.202
    Photobucket Desktop
    Picasa 3
    Picasa Uploader
    QuickSet
    QuickTime
    Revo Uninstaller 1.94
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
    SigmaTel Audio
    SiSoftware Sandra Lite 2012.SP5c
    SlimDrivers
    Smart Defrag 2
    SUPERAntiSpyware
    swMSM
    System Requirements Lab for Intel
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Vista Profile Pack
    Windows Driver Kit
    Windows Driver Package - Intel (NETwLv32) net (08/15/2010 13.3.0.137)
    Windows Driver Package - Intel (NETwNs32) net (07/14/2010 13.3.0.24)
    Windows Installer Clean Up
    Windows Media Center Add-in for Flash
    Windows Media Player Firefox Plugin
    Windows Mobile Device Updater Component
    Winmx Community 1
    Zune
    Zune Language Pack (CHS)
    Zune Language Pack (CHT)
    Zune Language Pack (CSY)
    Zune Language Pack (DAN)
    Zune Language Pack (DEU)
    Zune Language Pack (ELL)
    Zune Language Pack (ESP)
    Zune Language Pack (FIN)
    Zune Language Pack (FRA)
    Zune Language Pack (HUN)
    Zune Language Pack (IND)
    Zune Language Pack (ITA)
    Zune Language Pack (JPN)
    Zune Language Pack (KOR)
    Zune Language Pack (MSL)
    Zune Language Pack (NLD)
    Zune Language Pack (NOR)
    Zune Language Pack (PLK)
    Zune Language Pack (PTB)
    Zune Language Pack (PTG)
    Zune Language Pack (RUS)
    Zune Language Pack (SVE)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/29/2012 7:38:56 AM, Error: Service Control Manager [7003] - The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.
    10/29/2012 7:38:56 AM, Error: Service Control Manager [7003] - The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.
    10/29/2012 7:38:56 AM, Error: Service Control Manager [7003] - The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
    10/29/2012 7:38:53 AM, Error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
    10/23/2012 7:13:58 PM, Error: Service Control Manager [7030] - The PST Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    10/22/2012 7:24:02 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.139.100.0;1.139.100.0 Engine version: 1.1.8904.0
    10/22/2012 7:12:36 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    10/22/2012 7:12:36 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
    10/22/2012 7:12:36 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
    10/22/2012 7:12:36 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
    10/22/2012 7:12:36 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Certificate Propagation service, but this action failed with the following error: An instance of the service is already running.
    10/22/2012 7:11:36 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    10/22/2012 7:10:36 AM, Error: Service Control Manager [7034] - The Problem Reports and Solutions Control Panel Support service terminated unexpectedly. It has done this 1 time(s).
    10/22/2012 7:10:36 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/22/2012 7:10:36 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/22/2012 7:10:36 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/22/2012 7:10:36 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/22/2012 7:10:36 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/22/2012 7:10:36 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/22/2012 7:10:36 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/22/2012 7:10:36 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/22/2012 7:10:36 AM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/22/2012 7:10:36 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/22/2012 7:10:36 AM, Error: Service Control Manager [7031] - The Microsoft iSCSI Initiator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/22/2012 7:10:36 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/22/2012 7:10:36 AM, Error: Service Control Manager [7031] - The Internet Connection Sharing (ICS) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/22/2012 7:10:36 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/22/2012 7:10:36 AM, Error: Service Control Manager [7031] - The Health Key and Certificate Management service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/22/2012 7:10:36 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/22/2012 7:10:36 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/22/2012 7:10:36 AM, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/22/2012 7:10:36 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 47,654   +267

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  7. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 421

    aswMBR to follow

    RogueKiller V8.2.1 [10/29/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : Owner [Admin rights]
    Mode : Remove -- Date : 10/29/2012 10:46:54

    ¤¤¤ Bad processes : 4 ¤¤¤
    [SUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\MSVCP110.dll -> UNLOADED
    [SUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\MSVCP110.dll -> UNLOADED
    [SUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\MSVCP110.dll -> UNLOADED
    [SUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\MSVCP110.dll -> UNLOADED

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [TASK][SUSP PATH] {DADA0A5C-E67C-4C91-89CC-71F72D272F2B} : C:\Windows\System32\pcalua.exe -a C:\Users\Owner\Desktop\jre-6u26-windows-i586.exe -d C:\Users\Owner\Desktop -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: SAMSUNG HM080HI ATA Device +++++
    --- User ---
    [MBR] 0c73aefa2c61e73e8d63966c70cbbc91
    [BSP] b885cf893c28e2877b56a18dfe1cd75d : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 76217 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
     
  8. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 421

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-29 10:48:46
    -----------------------------
    10:48:46.356 OS Version: Windows 6.1.7601 Service Pack 1
    10:48:46.356 Number of processors: 2 586 0xE08
    10:48:46.366 ComputerName: OWNER-PC UserName: Owner
    10:48:47.146 Initialize success
    10:50:48.933 AVAST engine defs: 12102900
    10:52:26.308 The log file has been saved successfully to "C:\Users\Owner\Desktop\2nd Saved Log Files 10.29.2012\aswMBR.txt"
    10:52:49.084 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    10:52:49.094 Disk 0 Vendor: SAMSUNG_HM080HI AB100-12 Size: 76319MB BusType: 3
    10:52:49.294 Disk 0 MBR read successfully
    10:52:49.304 Disk 0 MBR scan
    10:52:49.314 Disk 0 Windows 7 default MBR code
    10:52:49.374 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    10:52:49.494 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 76217 MB offset 206848
    10:52:49.665 Disk 0 scanning sectors +156299264
    10:52:50.125 Disk 0 scanning C:\Windows\system32\drivers
    10:54:27.534 Service scanning
    10:54:59.509 Service MpKsl1edc1f11 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{910787C7-654E-44F3-A889-F57676AACDCF}\MpKsl1edc1f11.sys **LOCKED** 32
    10:55:46.329 Modules scanning
    10:57:10.833 Disk 0 trace - called modules:
    10:57:10.863 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
    10:57:10.873 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c5c460]
    10:57:10.883 3 CLASSPNP.SYS[891b759e] -> nt!IofCallDriver -> [0x85798918]
    10:57:10.893 5 ACPI.sys[88aa83d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8577b030]
    10:57:11.373 AVAST engine scan C:\Windows
    10:57:35.722 AVAST engine scan C:\Windows\system32
    11:16:58.386 AVAST engine scan C:\Windows\system32\drivers
    11:19:12.702 AVAST engine scan C:\Users\Owner
    11:51:12.160 AVAST engine scan C:\ProgramData
    12:02:42.648 Scan finished successfully
    12:04:42.032 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\2nd Saved Log Files 10.29.2012\MBR.dat"
    12:04:42.122 The log file has been saved successfully to "C:\Users\Owner\Desktop\2nd Saved Log Files 10.29.2012\aswMBR.txt"
     
  9. Broni

    Broni Malware Annihilator Posts: 47,654   +267

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    =============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  10. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 421

    ComboFix 12-10-29.05 - Owner 10/29/2012 12:39:36.18.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.799 [GMT -7:00]
    Running from: c:\users\Owner\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Owner\3u2g776r.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-29 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-29 17:41 . 2012-10-29 17:41 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{910787C7-654E-44F3-A889-F57676AACDCF}\MpKsl1edc1f11.sys
    2012-10-29 17:01 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{910787C7-654E-44F3-A889-F57676AACDCF}\mpengine.dll
    2012-10-29 16:26 . 2012-10-29 17:01 -------- d-----w- c:\users\Owner\Scanned Logs 10.29.2012
    2012-10-29 14:51 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-10-24 02:15 . 2012-10-24 02:15 -------- d-----w- C:\Binaries
    2012-10-24 02:15 . 2012-10-24 02:15 -------- d-----w- c:\program files\Motorola Media Link
    2012-10-24 02:14 . 2012-10-24 02:14 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
    2012-10-22 14:36 . 2012-09-29 19:30 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{887E8832-3D29-412A-A039-8E2C855ABDDC}\gapaengine.dll
    2012-10-21 20:29 . 2012-10-21 20:34 -------- d-----w- c:\program files\Microsoft Office 15
    2012-10-21 20:24 . 2012-10-22 14:21 -------- d-----w- c:\users\Owner\AppData\Local\MicrosoftStore
    2012-10-21 19:15 . 2012-10-21 19:15 -------- d-----w- c:\program files\NoVirusThanks
    2012-10-19 03:40 . 2012-10-19 03:40 -------- d-----w- c:\program files\QuickTime
    2012-10-19 01:52 . 2012-10-19 01:52 -------- d-----w- c:\program files\iPod
    2012-10-19 01:52 . 2012-10-19 01:53 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2012-10-19 01:52 . 2012-10-19 01:53 -------- d-----w- c:\program files\iTunes
    2012-10-19 01:51 . 2012-10-19 01:51 -------- d-----w- c:\program files\Apple Software Update
    2012-10-19 01:51 . 2012-10-19 01:51 -------- d-----w- c:\program files\Bonjour
    2012-10-19 01:50 . 2012-10-19 01:52 -------- d-----w- c:\program files\Common Files\Apple
    2012-10-19 00:58 . 2012-10-19 00:58 -------- d-----w- C:\9d7fb0384ad3000f74330d244589
    2012-10-18 21:55 . 2010-06-02 12:23 954200 ----a-w- c:\windows\system32\XAudioD2_7.dll
    2012-10-18 21:52 . 2008-10-15 13:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
    2012-10-18 21:52 . 2008-10-15 13:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
    2012-10-18 21:52 . 2008-10-15 13:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
    2012-10-18 21:49 . 2012-10-18 22:43 111960 ----a-w- c:\windows\dxsdkuninst.exe
    2012-10-18 21:49 . 2012-10-18 21:54 -------- d-----w- c:\program files\Microsoft DirectX SDK (June 2010)
    2012-10-18 21:45 . 2012-10-18 21:45 -------- d--h--w- c:\windows\msdownld.tmp
    2012-10-13 22:35 . 2012-10-13 22:35 -------- d-----w- c:\users\Owner\AppData\Roaming\Auslogics
    2012-10-12 18:34 . 2012-10-12 18:34 -------- d-----w- c:\program files\Windows Sidebar
    2012-10-12 18:34 . 2012-10-12 18:34 -------- d-----w- c:\windows\ehome
    2012-10-12 18:34 . 2012-10-12 18:34 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs
    2012-10-11 21:34 . 2012-10-19 01:58 -------- d-----w- c:\users\Owner\AppData\Roaming\Apple Computer
    2012-10-11 21:34 . 2012-10-11 21:34 -------- d-----w- c:\users\Owner\AppData\Local\Apple Computer
    2012-10-11 20:48 . 2012-10-11 20:48 3584 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
    2012-10-11 20:48 . 2012-10-11 20:48 -------- d-----w- c:\program files\Windows Installer Clean Up
    2012-10-11 19:09 . 2012-10-11 19:09 -------- d-----w- c:\program files\7-zip
    2012-10-08 23:57 . 2012-10-08 23:57 -------- d-----w- c:\windows\system32\ms-MY
    2012-10-08 23:56 . 2012-10-08 23:56 -------- d-----r- c:\users\Owner\Podcasts
    2012-10-08 23:56 . 2012-10-08 23:56 -------- d-----w- c:\windows\system32\drivers\UMDF\ko-KR
    2012-10-08 23:56 . 2012-10-08 23:56 -------- d-----w- c:\windows\system32\drivers\UMDF\ms-MY
    2012-10-08 23:56 . 2012-10-08 23:56 -------- d-----w- c:\windows\system32\drivers\UMDF\id-ID
    2012-10-08 23:56 . 2012-10-08 23:56 -------- d-----w- c:\windows\system32\drivers\UMDF\sv-SE
    2012-10-08 23:56 . 2012-10-08 23:56 -------- d-----w- c:\windows\system32\drivers\UMDF\nb-NO
    2012-10-08 23:56 . 2012-10-08 23:56 -------- d-----w- c:\windows\system32\drivers\UMDF\hu-HU
    2012-10-08 23:56 . 2012-10-08 23:56 -------- d-----w- c:\windows\system32\drivers\UMDF\fi-FI
    2012-10-08 23:56 . 2012-10-08 23:56 -------- d-----w- c:\windows\system32\drivers\UMDF\el-GR
    2012-10-08 23:56 . 2012-10-08 23:56 -------- d-----w- c:\windows\system32\drivers\UMDF\da-DK
    2012-10-08 23:54 . 2012-10-08 23:56 -------- d-----w- c:\program files\Zune
    2012-10-07 20:30 . 2012-10-28 23:19 -------- d-----w- c:\users\Owner\AppData\Roaming\SoftGrid Client
    2012-10-07 20:25 . 2012-10-07 20:25 -------- d-----w- c:\program files\Microsoft SkyDrive
    2012-10-06 15:50 . 2012-09-29 19:30 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-10-05 16:54 . 2012-10-05 16:55 -------- d-----w- c:\users\Owner\AppData\Local\BACS
    2012-10-02 17:36 . 2012-10-02 17:36 -------- d-----w- c:\users\Owner\AppData\Local\Programs
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-27 16:43 . 2012-03-08 00:17 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-10-27 16:43 . 2012-03-02 17:33 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-09-30 02:54 . 2011-06-17 21:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-26 17:58 . 2012-09-26 17:58 136784 ----a-w- c:\windows\system32\atashost.exe
    2012-09-26 17:58 . 2012-09-26 17:58 219216 ----a-w- c:\windows\system32\atsckernel.exe
    2012-09-22 23:30 . 2012-09-22 23:30 100864 ----a-w- C:\kgloapow.sys
    2012-09-05 02:19 . 2012-09-05 04:26 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
    2012-09-04 16:36 . 2012-09-04 16:36 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-09-04 16:36 . 2011-12-13 17:32 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-09-04 16:36 . 2011-03-12 14:54 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-09-03 23:47 . 2012-09-03 23:47 115008 ----a-w- c:\windows\system32\drivers\efavdrv.sys
    2012-08-31 05:03 . 2012-08-31 05:03 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2012-08-31 05:03 . 2012-08-31 05:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-08-30 20:10 . 2012-08-30 20:10 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-08-30 18:00 . 2012-08-30 18:00 1688 ----a-w- c:\users\Owner\08-30-2012.reg
    2012-08-30 16:00 . 2012-08-30 16:00 5602 ----a-w- c:\users\Owner\ESETexe-fix.bat
    2012-08-24 06:59 . 2012-09-22 23:19 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-08-24 06:51 . 2012-09-22 23:19 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-08-24 06:51 . 2012-09-22 23:19 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-08-24 06:47 . 2012-09-22 23:19 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-08-24 06:47 . 2012-09-22 23:19 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-08-24 06:43 . 2012-09-22 23:19 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-08-23 22:56 . 2012-08-23 22:51 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
    2012-08-22 17:16 . 2012-09-11 21:42 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-08-22 17:16 . 2012-09-11 21:42 240496 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-08-22 17:16 . 2012-09-11 21:42 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-08-22 17:16 . 2012-09-11 21:42 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-21 20:12 . 2012-09-26 14:24 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2012-08-21 20:01 . 2012-09-13 15:19 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-08-21 20:01 . 2012-08-21 20:01 106928 ----a-w- c:\windows\system32\GEARAspi.dll
    2012-08-15 16:52 . 2012-08-15 16:52 4472832 ----a-w- c:\windows\system32\GPhotos.scr
    2012-08-02 16:57 . 2012-09-11 21:42 490496 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-10-27 15:30 . 2012-09-25 18:01 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2012-10-28 23:19 220632 ----a-w- c:\users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2012-10-28 23:19 220632 ----a-w- c:\users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2012-10-28 23:19 220632 ----a-w- c:\users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2012-10-02 16:42 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2012-10-02 16:42 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2012-10-02 16:42 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2012-10-02 16:42 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
    backup=c:\windows\pss\QuickSet.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
    backup=c:\windows\pss\Run Google Web Accelerator.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CNET TechTracker.lnk]
    backup=c:\windows\pss\CNET TechTracker.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
    backup=c:\windows\pss\Dropbox.lnk.Startup
    backupExtension=.Startup
    path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    .
    [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
    backup=c:\windows\pss\Facebook Messenger.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
    backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    .
    [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
    backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-09-24 03:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-08-28 04:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2010-07-26 02:08 2569616 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
    2010-09-15 02:09 1213848 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
    2012-10-02 16:42 15687032 ----a-w- c:\program files\Google\Drive\googledrivesync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2009-02-27 01:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2009-10-02 16:34 173592 ----a-w- c:\windows\System32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2009-10-02 16:34 141848 ----a-w- c:\windows\System32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
    2012-06-27 04:36 1629280 ----a-w- c:\program files\Microsoft Device Center\ipoint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliType Pro]
    2012-06-27 04:36 1109072 ----a-w- c:\program files\Microsoft Device Center\itype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MotoCast]
    2012-10-24 02:15 2009 ----a-w- c:\program files\Motorola Mobility\MotoCast\MotoLauncher.lnk
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2009-10-02 16:34 150552 ----a-w- c:\windows\System32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyDrive]
    2012-10-28 23:19 238552 ----a-w- c:\users\Owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2012-10-16 21:34 4762496 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2011-03-12 14:42 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
    2011-08-05 19:29 159456 ----a-w- c:\program files\Zune\ZuneLauncher.exe
    .
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
    R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [x]
    R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
    R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
    R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
    R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [x]
    R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
    R3 Synth3dVsc;Synth3dVsc; [x]
    R3 Te.Service;Te.Service;c:\program files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub; [x]
    R3 VGPU;VGPU; [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [x]
    R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    R4 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [x]
    R4 BthFilterHelper;Bluetooth Feature Support;c:\program files\CSR\Vista Profile Pack\BthFilterHelper.exe [x]
    R4 HawkesUpdater;Hawkes Unattended Updater;c:\program files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe [x]
    R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
    S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\DRIVERS\MxEFUF32.sys [x]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
    S1 MpKsl1edc1f11;MpKsl1edc1f11;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{910787C7-654E-44F3-A889-F57676AACDCF}\MpKsl1edc1f11.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
    S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
    S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [x]
    S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
    S2 PST Service;PST Service;c:\program files\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
    S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
    S3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\DRIVERS\BthFilt.sys [x]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
    S3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 40092773
    *NewlyCreated* - MBAMSWISSARMY
    *NewlyCreated* - MPKSL1EDC1F11
    *Deregistered* - 40092773
    *Deregistered* - aswMBR
    *Deregistered* - kgloapow
    *Deregistered* - MBAMSwissArmy
    *Deregistered* - TrueSight
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-29 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-08 16:43]
    .
    2012-10-29 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-03-12 14:24]
    .
    2012-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-12 14:43]
    .
    2012-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-12 14:43]
    .
    .
    ------- Supplementary Scan -------
    .
    uDefault_Search_URL = hxxp://www.google.com/ie
    uStart Page = https://www.google.com/
    uInternet Settings,ProxyOverride = 192.168.*.*;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    Trusted Zone: craigslist.org\accounts
    TCP: DhcpNameServer = 216.228.160.7 216.228.160.8
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}: NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\3616D6075737F577962756C6563737: NameServer = 8.8.8.8,216.228.160.7
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\4656661657C647: NameServer = 205.171.3.25,216.228.160.7
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\F40756E60234F6D6D657E696479702E4564777F627B6: NameServer = 8.8.8.8,216.228.160.7
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\r18ei3ko.default-1343151942524\
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe
    MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
    MSConfigStartUp-DealRunner - c:\program files\DealRunner\DealRunner.exe
    MSConfigStartUp-RocketDock - c:\program files\RocketDock\RocketDock.exe
    MSConfigStartUp-Spotify Web Helper - c:\users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
    MSConfigStartUp-WinPatrol - c:\program files\BillP Studios\WinPatrol\winpatrol.exe
    AddRemove-{30DF32A9-EECA-4473-A73C-3E20F2EA9C89} - c:\programdata\{3CFC714A-D9F4-47EC-BCC5-71FDD5FB0857}\IDA-Student-Setup.exe
    AddRemove-{3CB74F0D-8AA7-42A9-A52F-7BB5944A9A91} - c:\programdata\{8994E603-573E-4A1D-BA37-8C00E4FE051E}\BAM-Student-Setup.exe
    AddRemove-{7CD6B202-CDCC-48CF-9B96-268A94BD97FB} - c:\programdata\{93906220-8503-45CF-87CB-5A54C8DE1AB2}\Hawkes Update Service Manager.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
    9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
    "{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,
    dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:6a,97,1c,dc,64,07,cd,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e6,21,91,1f,54,0e,52,44,a9,c7,62,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e6,21,91,1f,54,0e,52,44,a9,c7,62,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_500_104_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_500_104_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-10-29 12:50:11
    ComboFix-quarantined-files.txt 2012-10-29 19:50
    .
    Pre-Run: 30,528,798,720 bytes free
    Post-Run: 30,466,166,784 bytes free
    .
    - - End Of File - - C29FD78FD8ECDC8D85AF9D6BF2666B83
     
  11. Broni

    Broni Malware Annihilator Posts: 47,654   +267

    I don't see anything malicious there.
     
     
  12. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 421

    I'm trying to understand why after spending considerable time on the internet why I'm not getting any spyware found by Super Anti spyware or Mbam? This has been the condition for a period of days. Thank you for your time and look forward to your response.
     
  13. Broni

    Broni Malware Annihilator Posts: 47,654   +267

    You're very welcome [​IMG]
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.