Solved Unable to remove infection...

BillAllen55

BillAllen55

Posts: 363   +0
I'm having difficulty removing infections from my OS. I've tried using Super Anti-spyware repeatedly without joy. I'm including requested text showing what I've attempted to resolve this situation. The obvious reason I've contacted you is for the stated problem that I'm unable to remove the infections listed the other reason is that the system (dell laptop) is considerably slower than in past days. Thanks in advance for your assistance.
ComboFix 12-09-22.02 - Owner 09/22/2012 16:03:08.16.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.1121 [GMT -7:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\CouponDropDown
c:\program files\CouponDropDown\CouponDropDown-bg.exe
c:\program files\CouponDropDown\CouponDropDown.dll
c:\program files\CouponDropDown\CouponDropDown.exe
c:\program files\CouponDropDown\CouponDropDown.ico
c:\program files\CouponDropDown\CouponDropDown.ini
c:\program files\CouponDropDown\CouponDropDownInstaller.log
c:\program files\CouponDropDown\Uninstall.exe
c:\users\Owner\AppData\Local\CouponDropDown
c:\users\Owner\AppData\Local\CouponDropDown\Chrome\CouponDropDown.crx
.
Infected copy of c:\windows\system32\samsrv.dll was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.1.7601.17514_none_b3f5c348ff36a76f\samsrv.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-08-22 to 2012-09-22 )))))))))))))))))))))))))))))))
.
.
2012-09-22 23:11 . 2012-09-22 23:13 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-09-22 23:11 . 2012-09-22 23:11 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-22 23:11 . 2012-09-22 23:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-18 14:41 . 2012-09-18 14:41 -------- d-----w- c:\users\Default\AppData\Local\Google
2012-09-15 22:11 . 2012-09-15 22:11 -------- d-----w- c:\users\Owner\AppData\Roaming\Photobucket
2012-09-15 22:10 . 2012-09-15 22:11 -------- d-----w- c:\program files\Photobucket Desktop
2012-09-13 19:39 . 2012-09-13 20:04 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-13 19:38 . 2012-09-13 19:38 -------- d-----w- c:\program files\Apple Software Update
2012-09-13 19:38 . 2012-09-13 19:38 -------- d-----w- c:\program files\Bonjour
2012-09-13 18:57 . 2012-09-13 18:57 -------- d-----w- c:\users\Owner\AppData\Roaming\URSoft
2012-09-13 18:57 . 2012-09-13 18:57 -------- d-----w- c:\program files\Your Uninstaller! 7
2012-09-13 15:19 . 2012-08-21 20:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-11 21:42 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-11 21:42 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-11 21:42 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-11 21:42 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-11 21:42 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 21:42 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-10 21:35 . 2012-09-10 21:35 -------- d-----w- c:\users\Owner\AppData\Roaming\Auslogics
2012-09-10 21:35 . 2012-09-10 21:35 -------- d-----w- c:\program files\Auslogics
2012-09-05 04:26 . 2012-09-06 15:53 -------- d-----w- c:\users\Owner\AppData\Roaming\AOL
2012-09-05 04:26 . 2012-09-05 04:26 -------- d-----w- c:\programdata\Viewpoint
2012-09-05 04:26 . 2012-09-05 04:26 -------- d-----w- c:\program files\Viewpoint
2012-09-05 04:26 . 2012-09-05 02:19 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
2012-09-05 04:25 . 2012-09-05 04:25 -------- d-----w- c:\programdata\AOL OCP
2012-09-05 04:25 . 2012-09-06 15:56 -------- d-----w- c:\users\Owner\AppData\Local\AOL
2012-09-05 04:25 . 2012-09-06 15:57 -------- d-----w- c:\program files\Common Files\AOL
2012-09-05 04:25 . 2012-09-06 15:55 -------- d-----w- c:\programdata\AOL
2012-09-05 02:17 . 2012-09-05 02:17 -------- d-----w- c:\programdata\AOL Downloads
2012-09-05 00:51 . 2012-09-05 00:54 -------- d-----w- C:\532f10a32217cd26ab28240f
2012-09-05 00:50 . 2012-09-05 00:50 -------- d-----w- c:\program files\Common Files\Microsoft
2012-09-05 00:50 . 2012-09-05 00:50 -------- d-----w- c:\program files\Windows Kits
2012-09-05 00:42 . 2012-09-05 00:49 -------- d-----w- c:\programdata\Package Cache
2012-09-04 16:36 . 2012-09-04 16:36 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-03 23:47 . 2012-09-03 23:47 115008 ----a-w- c:\windows\system32\drivers\efavdrv.sys
2012-09-03 00:38 . 2012-09-03 00:38 -------- d-----w- c:\program files\SumatraPDF
2012-09-03 00:31 . 2012-09-03 00:31 -------- d-----w- c:\users\Owner\AppData\Local\Secunia PSI
2012-09-03 00:28 . 2012-09-03 00:28 -------- d-----w- c:\program files\Secunia
2012-09-02 18:14 . 2012-09-02 18:15 -------- d-----w- c:\program files\GUM2146.tmp
2012-08-31 18:08 . 2012-09-22 22:51 260576 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-08-31 18:08 . 2012-09-22 22:51 96224 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2012-08-31 18:08 . 2012-09-22 22:51 157272 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2012-08-31 15:37 . 2012-08-31 15:37 -------- d-----w- c:\users\Owner\AppData\Roaming\PC Utility Kit
2012-08-31 15:36 . 2012-08-31 15:36 -------- d-----w- c:\program files\Common Files\PC Utility Kit
2012-08-31 15:36 . 2012-09-01 18:51 -------- d-----w- c:\programdata\PC Utility Kit
2012-08-31 15:36 . 2012-08-31 15:36 -------- d-----w- c:\program files\PC Utility Kit
2012-08-31 15:28 . 2012-08-31 15:28 -------- d-----w- c:\program files\CPUID
2012-08-30 23:12 . 2012-08-30 23:12 -------- d-----w- C:\Quarantine
2012-08-30 21:44 . 2012-08-30 21:47 -------- d-----w- C:\Modules
2012-08-30 21:06 . 2012-08-30 21:06 -------- d-----w- c:\users\Owner\AppData\Roaming\Avira
2012-08-30 20:55 . 2012-07-19 01:05 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-08-30 20:55 . 2012-07-19 01:05 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-08-30 20:55 . 2012-07-19 01:05 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-08-30 20:55 . 2012-08-30 20:55 -------- d-----w- c:\programdata\Avira
2012-08-30 20:55 . 2012-08-30 20:55 -------- d-----w- c:\program files\Avira
2012-08-30 20:10 . 2012-08-30 20:10 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-30 18:00 . 2012-08-30 18:00 1688 ----a-w- c:\users\Owner\08-30-2012.reg
2012-08-30 17:54 . 2012-08-30 17:55 -------- d-----w- c:\users\Owner\AppData\Roaming\FreeFixer
2012-08-30 17:54 . 2012-08-30 17:54 -------- d-----w- c:\users\Owner\AppData\Local\FreeFixer
2012-08-30 17:54 . 2012-08-31 00:51 -------- d-----w- c:\program files\FreeFixer
2012-08-30 17:47 . 2012-08-30 17:47 -------- d-----w- c:\program files\Uniblue
2012-08-30 17:45 . 2012-08-30 22:55 -------- d-----w- c:\program files\AVG Secure Search
2012-08-30 17:36 . 2012-08-30 17:40 -------- d-----w- c:\program files\Perfect Uninstaller
2012-08-30 16:00 . 2012-08-30 16:00 5602 ----a-w- c:\users\Owner\ESETexe-fix.bat
2012-08-30 13:23 . 2012-08-30 13:42 -------- d-----w- c:\users\Owner\AppData\Roaming\BACS.exe
2012-08-30 01:59 . 2012-08-30 01:59 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-30 01:10 . 2012-08-30 22:53 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-29 20:44 . 2012-08-29 20:44 -------- d-----w- c:\users\Owner\AppData\Local\WeatherBlink
2012-08-28 22:51 . 2012-08-30 13:42 -------- d-----w- c:\programdata\FLEXnet
2012-08-28 22:50 . 2012-08-28 22:50 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-08-28 16:22 . 2012-09-02 23:21 -------- d-----w- c:\users\Owner\AppData\Local\Spotify
2012-08-28 16:22 . 2012-09-02 23:21 -------- d-----w- c:\users\Owner\AppData\Roaming\Spotify
2012-08-27 22:08 . 2012-08-27 22:08 -------- d-----w- c:\program files\Belarc
2012-08-27 18:06 . 2012-08-27 18:06 -------- d-----w- c:\users\Owner\AppData\Local\PassMark
2012-08-27 18:06 . 2008-07-12 15:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-08-27 18:06 . 2008-07-12 15:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-08-27 18:06 . 2008-07-12 15:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-08-27 18:05 . 2012-08-27 18:05 -------- d-----w- c:\programdata\PassMark
2012-08-27 18:05 . 2012-08-27 18:25 -------- d-----w- c:\program files\PerformanceTest
2012-08-26 21:51 . 2012-08-26 21:51 -------- d-----w- c:\program files\Recuva
2012-08-26 20:33 . 2012-08-26 20:33 -------- d-----w- c:\program files\O2Micro OZ776 SCR Driver
2012-08-26 20:30 . 2012-08-26 20:30 -------- d-----w- c:\program files\My Company Name
2012-08-26 20:15 . 2001-09-05 11:18 77824 ------w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2012-08-26 20:15 . 2001-09-05 11:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\IScript.dll
2012-08-26 20:15 . 2001-09-05 11:14 176128 ------w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2012-08-26 20:15 . 2001-09-05 11:13 32768 ------w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2012-08-26 20:15 . 2000-01-04 13:39 212992 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2012-08-26 20:14 . 2001-09-06 01:24 610436 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe
2012-08-26 18:43 . 2012-08-26 18:43 -------- d-----w- c:\program files\Wise
2012-08-26 18:01 . 2012-08-26 18:01 -------- d-----w- c:\users\Owner\AppData\Roaming\iolo
2012-08-26 18:01 . 2012-08-26 18:01 -------- d-----w- c:\program files\iolo
2012-08-24 21:18 . 2012-08-24 21:21 -------- d-----w- c:\program files\Max Uninstaller
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 22:41 . 2012-08-20 00:48 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-09-18 21:55 . 2012-03-08 00:17 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-18 21:55 . 2012-03-02 17:33 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-08 00:04 . 2011-06-17 21:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-04 16:36 . 2011-12-13 17:32 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-04 16:36 . 2011-03-12 14:54 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-23 22:56 . 2012-08-23 22:51 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2012-08-21 20:01 . 2012-07-18 00:06 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-15 16:52 . 2012-08-15 16:52 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-07-18 21:24 . 2012-07-18 21:24 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-07-18 17:47 . 2012-08-15 13:42 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-16 15:17 . 2011-04-16 22:50 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-07-16 15:17 . 2011-03-12 15:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-07-16 15:17 . 2011-03-12 15:05 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-07-06 19:23 . 2012-08-15 18:11 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 21:14 . 2012-08-15 13:40 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14 . 2012-08-15 13:40 102912 ----a-w- c:\windows\system32\browser.dll
2012-06-29 00:16 . 2012-08-15 18:10 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09 . 2012-08-15 18:10 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08 . 2012-08-15 18:10 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 18:10 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 18:10 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-27 23:01 . 2012-08-23 22:48 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2012-06-27 04:36 . 2012-06-27 04:36 42208 ----a-w- c:\windows\system32\drivers\point32.sys
2012-06-27 04:36 . 2012-06-27 04:36 22112 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2012-06-25 23:04 . 2012-06-25 23:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-25 05:24 . 2012-06-25 05:24 46432 ----a-w- c:\windows\system32\drivers\dc3d.sys
2012-09-22 22:51 . 2012-08-31 18:08 260576 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-09-06 22:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-09-06 22:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-09-06 22:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-09-06 22:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-19 348664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
backup=c:\windows\pss\Run Google Web Accelerator.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CNET TechTracker.lnk]
backup=c:\windows\pss\CNET TechTracker.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
backup=c:\windows\pss\Facebook Messenger.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-28 04:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2012-07-19 01:04 348664 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-07-26 02:08 2569616 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2010-09-15 02:09 1213848 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DealRunner]
2011-10-13 22:24 790624 ----a-w- c:\program files\DealRunner\DealRunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
2012-09-06 22:51 15668432 ----a-w- c:\program files\Google\Drive\googledrivesync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 01:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-10-02 16:34 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-10-02 16:34 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2012-06-27 04:36 1629280 ----a-w- c:\program files\Microsoft Device Center\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliType Pro]
2012-06-27 04:36 1109072 ----a-w- c:\program files\Microsoft Device Center\itype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MotoCast]
2012-07-31 00:29 2009 ----a-w- c:\program files\Motorola Mobility\MotoCast\MotoLauncher.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-10-02 16:34 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 20:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-09-02 23:05 1193176 ----a-w- c:\users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 16:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-09-07 23:30 4780928 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-03-12 14:42 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
2012-07-13 01:30 384232 ------w- c:\program files\BillP Studios\WinPatrol\WinPatrol.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [x]
R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 Synth3dVsc;Synth3dVsc; [x]
R3 Te.Service;Te.Service;c:\program files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub; [x]
R3 VGPU;VGPU; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R4 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [x]
R4 BthFilterHelper;Bluetooth Feature Support;c:\program files\CSR\Vista Profile Pack\BthFilterHelper.exe [x]
R4 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [x]
R4 HawkesUpdater;Hawkes Unattended Updater;c:\program files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe [x]
R4 Motorola Device Manager;Motorola Device Manager Service;c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R4 PST Service;PST Service;c:\program files\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\DRIVERS\MxEFUF32.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\DRIVERS\BthFilt.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-08 21:55]
.
2012-09-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-03-12 14:24]
.
2012-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-12 14:43]
.
2012-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-12 14:43]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = https://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 216.228.160.7 216.228.160.8
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\3616D6075737F577962756C6563737: NameServer = 8.8.8.8,216.228.160.7
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\4656661657C647: NameServer = 205.171.3.25,216.228.160.7
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\F40756E60234F6D6D657E696479702E4564777F627B6: NameServer = 8.8.8.8,216.228.160.7
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\r18ei3ko.default-1343151942524\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110790&tt=120912_cpc_3712_8&babsrc=KW_ss&mntrId=101843ec000000000000001641b573ad&q=
FF - user.js: extentions.y2layers.installId - deb8e4ac-6d0e-41d7-baf5-bf341cb11960
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=101843ec000000000000001641b573ad&q=
FF - user.js: extensions.BabylonToolbar.id - 101843ec000000000000001641b573ad
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15598
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1216:10
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110790&tt=120912_cpc_3712_8
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Advanced SystemCare 5 - c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
MSConfigStartUp-ApplePhotoStreams - c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSConfigStartUp-Guard.Mail.ru - c:\program files\Guard-ICQ\GuardICQ.exe
MSConfigStartUp-iCloudServices - c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
MSConfigStartUp-IObit Malware Fighter - c:\program files\IObit\IObit Malware Fighter\IMF.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
AddRemove-CouponDropDown - c:\program files\CouponDropDown\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,
dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:6a,97,1c,dc,64,07,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e6,21,91,1f,54,0e,52,44,a9,c7,62,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e6,21,91,1f,54,0e,52,44,a9,c7,62,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1448)
c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
c:\windows\system32\locator.exe
c:\windows\System32\snmp.exe
c:\windows\System32\vds.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-09-22 16:17:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-22 23:17
.
Pre-Run: 33,917,415,424 bytes free
Post-Run: 34,009,346,048 bytes free
.
- - End Of File - - EBBA5B745DE0187AC126495C640F3C48
 
More files
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-22 17:00:53
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM080HI rev.AB100-12
Running: zd6suxuc.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kgloapow.sys


---- System - GMER 1.0.15 ----

SSDT 8E86062E ZwCreateSection
SSDT 8E860638 ZwRequestWaitReplyPort
SSDT 8E860633 ZwSetContextThread
SSDT 8E86063D ZwSetSecurityObject
SSDT 8E860642 ZwSystemDebugControl
SSDT 8E8605CF ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C5D3C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C96D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82C9DEAC 4 Bytes [2E, 06, 86, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82C9E208 4 Bytes JMP 86063882
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82C9E24C 4 Bytes [33, 06, 86, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82C9E2C8 4 Bytes [3D, 06, 86, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82C9E31C 4 Bytes [42, 06, 86, 8E]
.text ...
PAGE peauth.sys AC8BBBED 110 Bytes CALL 8AB4AB4D

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3564] ntdll.dll!LdrGetProcedureAddress + 26 773D2239 7 Bytes JMP 613CA440 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3564] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 775093D6 7 Bytes JMP 61606C07 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3564] kernel32.dll!QueryPerformanceCounter + 13 7750C435 7 Bytes JMP 61606C2A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3564] kernel32.dll!LoadAppInitDlls + 355 7750F4F6 7 Bytes JMP 613CE45B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3564] GDI32.dll!GetViewportOrgEx + 26C 759B884B 7 Bytes JMP 61606B88 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device \Driver\BTHUSB \Device\0000008f bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\BTHUSB \Device\00000091 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000005f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001641b573ad
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001641b573b5
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001641b87504
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001641b573ad (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001641b573b5 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001641b87504 (not active ControlSet)

---- EOF - GMER 1.0.15 ----
 
And more text
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.22.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

9/22/2012 4:32:53 PM
mbam-log-2012-09-22 (16-32-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196845
Time elapsed: 9 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
The last of the text!
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/22/2012 at 04:36 PM

Application Version : 5.5.1016

Core Rules Database Version : 9275
Trace Rules Database Version: 7087

Scan type : Quick Scan
Total Scan Time : 00:08:22

Operating System Information
Windows 7 Ultimate 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 232
Memory threats detected : 0
Registry items scanned : 27880
Registry threats detected : 8
File items scanned : 7323
File threats detected : 22

PUP.BabylonToolbar
HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}#AppID
HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\InprocServer32
HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\InprocServer32#ThreadingModel
HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\ProgID
HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\Programmable
HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\TypeLib
HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\VersionIndependentProgID

Adware.Tracking Cookie
.apmebf.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
track.prd1.netshelter.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
.cbs.112.2o7.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R18EI3KO.DEFAULT-1343151942524\COOKIES.SQLITE ]
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================

First of all you've been to this forum before so you should know that running Combofix on your own is not a good idea.

Secondly you didn't post all required logs.
Two DDS logs are missing.
 
I went out on a limb assuming you would like for me to post a combofix log. As already stated I've frequented this forum in the past. Regarding your suggestion that because I've been here before and 'should have known' I've never been advised or have I read that using Combofix was a risky exercise. My apologies for doing this and now that I know this program is a risky program I'll leave the software infection repairs to the pros. Thank you for your assistance! The following are the missing requested logs.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 3/12/2011 6:36:07 AM
System Uptime: 9/23/2012 7:10:58 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0FT292
Processor: Genuine Intel(R) CPU T2600 @ 2.16GHz | Microprocessor | 2167/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 32.343 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&13FD3FCA&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&13FD3FCA&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP459: 9/13/2012 11:58:17 AM - Before uninstalling Apple Application Support
RP460: 9/13/2012 11:58:36 AM - Removed Apple Application Support
RP462: 9/13/2012 12:04:40 PM - Before uninstalling Apple Mobile Device Support
RP463: 9/13/2012 12:04:49 PM - Removed Apple Mobile Device Support
RP464: 9/13/2012 12:05:52 PM - Removed Apple Mobile Device Support
RP465: 9/13/2012 12:07:03 PM - Removed Apple Software Update
RP466: 9/13/2012 12:07:52 PM - Removed Bonjour
RP467: 9/13/2012 12:08:46 PM - Removed iCloud
RP468: 9/13/2012 12:10:19 PM - Removed iTunes
RP469: 9/13/2012 12:17:59 PM - Installed iTunes
RP470: 9/13/2012 12:23:49 PM - Removed iTunes
RP471: 9/13/2012 12:25:41 PM - Removed QuickTime
RP472: 9/13/2012 12:27:01 PM - Removed Apple Software Update
RP473: 9/13/2012 12:27:36 PM - Removed Apple Mobile Device Support
RP474: 9/13/2012 12:28:16 PM - Removed Bonjour
RP475: 9/13/2012 12:29:05 PM - Removed Apple Application Support
RP476: 9/13/2012 12:38:59 PM - Installed iTunes
RP477: 9/13/2012 1:01:30 PM - Removed iTunes
RP478: 9/15/2012 3:10:06 PM - Installed Photobucket Desktop
RP480: 9/21/2012 3:41:43 PM - SlimDrivers Installing Drivers
RP481: 9/22/2012 4:19:19 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Adobe SVG Viewer 3.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Auslogics Disk Defrag
Avira Free Antivirus
BabylonObjectInstaller
Basic Mathematics (Fall 2011 Student)
Bonjour
Broadcom Gigabit Integrated Controller
Broadcom Management Programs
Broadcom TPM Driver Installer
Canon MP Navigator EX 4.1
Canon MX360 series MP Drivers
Canon MX360 series User Registration
Canon Solution Menu EX
Canon Speed Dial Utility
CCleaner
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
CPUID HWMonitor 1.20
DealRunner 1.27
Defraggler
Digital Line Detect
Dropbox
EVEREST Home Edition v2.20
FileHippo.com Update Checker
Google Apps
Google Chrome
Google Drive
Google Update Helper
Google Updater
Hawkes Learning Systems Font Installer
Hawkes Update Service Manager
HiJackThis
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
Introductory Algebra (Fall 2011 Student)
IObit Toolbar v6.1
Java 7 Update 7
Java Auto Updater
Jing
Kits Configuration Installer
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Click-to-Run 2010
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Business 2010 - English
Microsoft Office Home and Student 2010 - English
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MotoCast
MotoHelper MergeModules
Motorola Device Manager
Motorola Device Software Update
MOTOROLA MEDIA LINK
Motorola Mobile Drivers Installation 5.9.0
Mozilla Firefox 16.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
MyITLab ActiveX Installer 2, 9, 8, 65535
Office 2010 Trial Extender
OZ776 SCR Driver V1.1.4.202
Photobucket Desktop
Picasa 3
QuickSet
Recuva
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
SigmaTel Audio
SlimDrivers
Smart Defrag 2
Spotify
SumatraPDF
SUPERAntiSpyware
swMSM
System Requirements Lab for Intel
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Viewpoint Media Player
Vista Profile Pack
Windows Driver Kit
Windows Driver Package - Intel (NETwLv32) net (08/15/2010 13.3.0.137)
Windows Driver Package - Intel (NETwNs32) net (07/14/2010 13.3.0.24)
Windows iLivid Toolbar
Windows Media Center Add-in for Flash
Windows Media Player Firefox Plugin
WinPatrol
Your Uninstaller! 7
.
==== Event Viewer Messages From Past Week ========
.
9/23/2012 7:11:36 AM, Error: SNMP [1500] - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
9/23/2012 7:11:23 AM, Error: Service Control Manager [7003] - The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.
9/23/2012 7:11:23 AM, Error: Service Control Manager [7003] - The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.
9/23/2012 7:11:23 AM, Error: Service Control Manager [7003] - The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
9/23/2012 7:11:20 AM, Error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
9/22/2012 4:08:09 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/22/2012 4:02:25 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
.
==== End Of File ===========================
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Owner at 7:16:59 on 2012-09-23
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.1020 [GMT -7:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\svchost.exe -k PeerDist
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\locator.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\vds.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files\Common Files\microsoft shared\virtualization handler\VirtualSearchProtocolHost.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = https://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: DhcpNameServer = 216.228.160.7 216.228.160.8
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9} : DhcpNameServer = 216.228.160.7 216.228.160.8
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\3616D6075737F577962756C6563737 : NameServer = 8.8.8.8,216.228.160.7
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\3616D6075737F577962756C6563737 : DhcpNameServer = 172.16.44.186 172.16.44.185
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\4656661657C647 : NameServer = 205.171.3.25,216.228.160.7
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\4656661657C647 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\F40756E60234F6D6D657E696479702E4564777F627B6 : NameServer = 8.8.8.8,216.228.160.7
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\F40756E60234F6D6D657E696479702E4564777F627B6 : DhcpNameServer = 216.228.160.7 216.228.160.8 216.228.160.5
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\r18ei3ko.default-1343151942524\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110790&tt=120912_cpc_3712_8&babsrc=KW_ss&mntrId=101843ec000000000000001641b573ad&q=
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - deb8e4ac-6d0e-41d7-baf5-bf341cb11960
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=101843ec000000000000001641b573ad&q=
FF - user.js: extensions.BabylonToolbar.id - 101843ec000000000000001641b573ad
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15598
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1216:10:13
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110790&tt=120912_cpc_3712_8
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
.
============= SERVICES / DRIVERS ===============
.
R0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\drivers\MxEFUF32.sys [2012-8-9 102728]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-1-14 15672]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-8-30 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-8-30 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-8-30 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-8-30 83392]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-2-7 822624]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\drivers\BthFilt.sys [2011-12-17 13824]
R3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2012-8-19 6637056]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfswin7.sys [2011-10-1 581480]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaywin7.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirwin7.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolwin7.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-12 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2012-8-8 374648]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys [2012-9-3 115008]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-12 136176]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2012-6-11 20864]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2012-1-25 8448]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2012-6-8 23808]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2011-11-8 11008]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-5-28 4233728]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-11-5 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-30 15872]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2012-8-23 24416]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-8-19 13024]
S3 Te.Service;Te.Service;c:\program files\windows kits\8.0\testing\runtimes\taef\Wex.Services.exe [2012-7-25 94208]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-30 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-13 1343400]
S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
S4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-7 250288]
S4 atashost;WebEx Service Host for Support Center;"c:\windows\system32\atashost.exe" --> c:\windows\system32\atashost.exe [?]
S4 BthFilterHelper;Bluetooth Feature Support;c:\program files\csr\vista profile pack\BthFilterHelper.exe [2006-11-7 127488]
S4 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\lite\NServiceEntry.exe [2012-6-5 87400]
S4 HawkesUpdater;Hawkes Unattended Updater;c:\program files\hawkes learning systems\hawkes update service manager\srvany.exe [2011-8-30 8192]
S4 Motorola Device Manager;Motorola Device Manager Service;c:\program files\motorola mobility\motorola device manager\MotoHelperService.exe [2012-7-17 116632]
S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-3-18 114656]
S4 PST Service;PST Service;c:\program files\motorola\motforwarddaemon\ForwardDaemon.exe [2012-6-15 65657]
.
=============== Created Last 30 ================
.
2012-09-22 23:32:38 -------- d-----w- c:\users\owner\virus
2012-09-22 23:30:17 100864 ----a-w- C:\kgloapow.sys
2012-09-22 23:13:34 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-22 23:11:43 -------- d-----w- c:\users\owner\appdata\local\temp
2012-09-22 23:01:07 98816 ----a-w- c:\windows\sed.exe
2012-09-22 23:01:07 518144 ----a-w- c:\windows\SWREG.exe
2012-09-22 23:01:07 256000 ----a-w- c:\windows\PEV.exe
2012-09-22 23:01:07 208896 ----a-w- c:\windows\MBR.exe
2012-09-15 22:11:05 -------- d-----w- c:\users\owner\appdata\roaming\Photobucket
2012-09-15 22:10:35 -------- d-----w- c:\program files\Photobucket Desktop
2012-09-13 19:39:36 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-13 19:38:33 -------- d-----w- c:\program files\Bonjour
2012-09-13 18:57:32 -------- d-----w- c:\users\owner\appdata\roaming\URSoft
2012-09-13 18:57:26 -------- d-----w- c:\program files\Your Uninstaller! 7
2012-09-13 15:19:21 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-11 21:42:20 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-11 21:42:20 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-11 21:42:20 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-11 21:42:19 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-11 21:42:19 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 21:42:19 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-10 21:35:59 -------- d-----w- c:\users\owner\appdata\roaming\Auslogics
2012-09-10 21:35:54 -------- d-----w- c:\program files\Auslogics
2012-09-05 04:26:48 -------- d-----w- c:\users\owner\appdata\roaming\AOL
2012-09-05 04:26:35 -------- d-----w- c:\programdata\Viewpoint
2012-09-05 04:26:34 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
2012-09-05 04:26:34 -------- d-----w- c:\program files\Viewpoint
2012-09-05 04:25:47 -------- d-----w- c:\users\owner\appdata\local\AOL
2012-09-05 04:25:31 -------- d-----w- c:\program files\common files\AOL
2012-09-05 00:51:27 -------- d-----w- C:\532f10a32217cd26ab28240f
2012-09-05 00:50:43 -------- d-----w- c:\program files\common files\Microsoft
2012-09-05 00:50:08 -------- d-----w- c:\program files\Windows Kits
2012-09-05 00:42:25 -------- d-----w- c:\programdata\Package Cache
2012-09-04 16:36:24 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-03 23:47:18 115008 ----a-w- c:\windows\system32\drivers\efavdrv.sys
2012-09-03 00:38:16 -------- d-----w- c:\program files\SumatraPDF
2012-09-03 00:31:42 -------- d-----w- c:\users\owner\appdata\local\Secunia PSI
2012-09-03 00:28:04 -------- d-----w- c:\program files\Secunia
2012-09-02 18:14:46 -------- d-----w- c:\program files\GUM2146.tmp
2012-08-31 18:08:59 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2012-08-31 18:08:59 260576 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-08-31 18:08:59 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2012-08-31 15:37:09 -------- d-----w- c:\users\owner\appdata\roaming\PC Utility Kit
2012-08-31 15:36:55 -------- d-----w- c:\program files\common files\PC Utility Kit
2012-08-31 15:36:54 -------- d-----w- c:\programdata\PC Utility Kit
2012-08-31 15:36:54 -------- d-----w- c:\program files\PC Utility Kit
2012-08-31 15:28:34 -------- d-----w- c:\program files\CPUID
2012-08-30 23:12:35 -------- d-----w- C:\Quarantine
2012-08-30 21:44:08 -------- d-----w- C:\Modules
2012-08-30 21:06:50 -------- d-----w- c:\users\owner\appdata\roaming\Avira
2012-08-30 20:55:39 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-08-30 20:55:39 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-08-30 20:55:38 -------- d-----w- c:\programdata\Avira
2012-08-30 20:55:38 -------- d-----w- c:\program files\Avira
2012-08-30 20:10:53 388096 ----a-r- c:\users\owner\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-08-30 18:00:08 1688 ----a-w- c:\users\owner\08-30-2012.reg
2012-08-30 17:54:45 -------- d-----w- c:\users\owner\appdata\roaming\FreeFixer
2012-08-30 17:54:45 -------- d-----w- c:\users\owner\appdata\local\FreeFixer
2012-08-30 17:54:40 -------- d-----w- c:\program files\FreeFixer
2012-08-30 17:47:40 -------- d-----w- c:\program files\Uniblue
2012-08-30 17:45:27 -------- d-----w- c:\program files\AVG Secure Search
2012-08-30 17:36:45 -------- d-----w- c:\program files\Perfect Uninstaller
2012-08-30 16:00:09 5602 ----a-w- c:\users\owner\ESETexe-fix.bat
2012-08-30 13:23:37 -------- d-----w- c:\users\owner\appdata\roaming\BACS.exe
2012-08-30 01:59:18 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-30 01:10:20 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-29 20:44:35 -------- d-----w- c:\users\owner\appdata\local\WeatherBlink
2012-08-28 22:50:06 -------- d-----w- c:\program files\common files\Macrovision Shared
2012-08-28 16:22:49 -------- d-----w- c:\users\owner\appdata\local\Spotify
2012-08-28 16:22:34 -------- d-----w- c:\users\owner\appdata\roaming\Spotify
2012-08-27 22:08:08 -------- d-----w- c:\program files\Belarc
2012-08-27 18:06:34 -------- d-----w- c:\users\owner\appdata\local\PassMark
2012-08-27 18:06:17 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-08-27 18:06:17 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-08-27 18:06:15 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-08-27 18:05:53 -------- d-----w- c:\programdata\PassMark
2012-08-27 18:05:41 -------- d-----w- c:\program files\PerformanceTest
2012-08-26 20:33:32 -------- d-----w- c:\program files\O2Micro OZ776 SCR Driver
2012-08-26 20:30:23 -------- d-----w- c:\program files\My Company Name
2012-08-26 20:15:03 77824 ------w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2012-08-26 20:15:03 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2012-08-26 20:15:03 225280 ------w- c:\program files\common files\installshield\iscript\IScript.dll
2012-08-26 20:15:03 176128 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2012-08-26 20:15:02 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2012-08-26 20:14:58 610436 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2012-08-26 18:43:21 -------- d-----w- c:\program files\Wise
2012-08-26 18:01:55 -------- d-----w- c:\users\owner\appdata\roaming\iolo
2012-08-26 18:01:47 -------- d-----w- c:\program files\iolo
2012-08-24 21:18:44 -------- d-----w- c:\program files\Max Uninstaller
.
==================== Find3M ====================
.
2012-09-21 22:41:07 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-09-18 21:55:43 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-18 21:55:43 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-08 00:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-04 16:36:13 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-04 16:36:13 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-23 22:56:08 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2012-08-21 20:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-15 16:52:50 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-07-18 21:24:02 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 19:23:23 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 21:14:34 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14:34 102912 ----a-w- c:\windows\system32\browser.dll
2012-06-27 23:01:44 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2012-06-27 04:36:58 42208 ----a-w- c:\windows\system32\drivers\point32.sys
2012-06-27 04:36:58 22112 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2012-06-25 23:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: SAMSUNG_HM080HI rev.AB100-12 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x82C53000]<< >>UNKNOWN [0x891C0000]<< >>UNKNOWN [0x891AF000]<< >>UNKNOWN [0x88AB6000]<< >>UNKNOWN [0x82C1C000]<< >>UNKNOWN [0x88D1D000]<< >>UNKNOWN [0x88BC3000]<< >>UNKNOWN [0x88BCA000]<< >>UNKNOWN [0x88D14000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x82C8A55A] -> \Device\Harddisk0\DR0[0x85C52880]
\Driver\Disk[0x85C51CB8] -> IRP_MJ_CREATE -> 0x891C439F
3 [0x891C459E] -> ntkrnlpa!IofCallDriver[0x82C8A55A] -> [0x85773918]
\Driver\ACPI[0x84E45468] -> IRP_MJ_CREATE -> 0x88ABF4CC
5 [0x88ABF3D4] -> ntkrnlpa!IofCallDriver[0x82C8A55A] -> \Device\Ide\IdeDeviceP0T0L0-0[0x85785030]
\Driver\atapi[0x85784A78] -> IRP_MJ_CREATE -> 0x88D378CC
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 7:18:15.94 ===============
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
12:12:46.0792 3868 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
12:12:47.0242 3868 ============================================================
12:12:47.0242 3868 Current date / time: 2012/09/23 12:12:47.0242
12:12:47.0242 3868 SystemInfo:
12:12:47.0242 3868
12:12:47.0242 3868 OS Version: 6.1.7601 ServicePack: 1.0
12:12:47.0242 3868 Product type: Workstation
12:12:47.0242 3868 ComputerName: OWNER-PC
12:12:47.0242 3868 UserName: Owner
12:12:47.0242 3868 Windows directory: C:\Windows
12:12:47.0242 3868 System windows directory: C:\Windows
12:12:47.0242 3868 Processor architecture: Intel x86
12:12:47.0242 3868 Number of processors: 2
12:12:47.0242 3868 Page size: 0x1000
12:12:47.0242 3868 Boot type: Normal boot
12:12:47.0242 3868 ============================================================
12:12:48.0082 3868 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:12:48.0082 3868 ============================================================
12:12:48.0082 3868 \Device\Harddisk0\DR0:
12:12:48.0082 3868 MBR partitions:
12:12:48.0082 3868 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:12:48.0082 3868 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94DC800
12:12:48.0082 3868 ============================================================
12:12:48.0182 3868 C: <-> \Device\Harddisk0\DR0\Partition2
12:12:48.0182 3868 ============================================================
12:12:48.0182 3868 Initialize success
12:12:48.0182 3868 ============================================================
12:12:53.0002 3152 ============================================================
12:12:53.0002 3152 Scan started
12:12:53.0002 3152 Mode: Manual;
12:12:53.0002 3152 ============================================================
12:12:53.0332 3152 ================ Scan system memory ========================
12:12:53.0332 3152 System memory - ok
12:12:53.0342 3152 ================ Scan services =============================
12:12:53.0562 3152 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
12:12:53.0572 3152 !SASCORE - ok
12:12:54.0452 3152 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:12:54.0472 3152 1394ohci - ok
12:12:54.0612 3152 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:12:54.0612 3152 ACPI - ok
12:12:54.0802 3152 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:12:54.0802 3152 AcpiPmi - ok
12:12:55.0072 3152 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:12:55.0072 3152 AdobeARMservice - ok
12:12:55.0312 3152 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:12:55.0312 3152 AdobeFlashPlayerUpdateSvc - ok
12:12:55.0632 3152 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:12:55.0642 3152 adp94xx - ok
12:12:55.0772 3152 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:12:55.0772 3152 adpahci - ok
12:12:55.0952 3152 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:12:55.0952 3152 adpu320 - ok
12:12:56.0122 3152 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:12:56.0122 3152 AeLookupSvc - ok
12:12:56.0262 3152 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
12:12:56.0272 3152 AFD - ok
12:12:56.0352 3152 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
12:12:56.0352 3152 agp440 - ok
12:12:56.0382 3152 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
12:12:56.0382 3152 aic78xx - ok
12:12:56.0412 3152 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
12:12:56.0412 3152 ALG - ok
12:12:56.0472 3152 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
12:12:56.0472 3152 aliide - ok
12:12:56.0492 3152 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:12:56.0492 3152 amdagp - ok
12:12:56.0502 3152 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
12:12:56.0502 3152 amdide - ok
12:12:56.0582 3152 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:12:56.0582 3152 AmdK8 - ok
12:12:56.0612 3152 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:12:56.0612 3152 AmdPPM - ok
12:12:56.0652 3152 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:12:56.0652 3152 amdsata - ok
12:12:56.0682 3152 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:12:56.0692 3152 amdsbs - ok
12:12:56.0702 3152 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:12:56.0702 3152 amdxata - ok
12:12:56.0842 3152 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
12:12:56.0852 3152 AntiVirSchedulerService - ok
12:12:56.0902 3152 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
12:12:56.0912 3152 AntiVirService - ok
12:12:57.0162 3152 ApfiltrService - ok
12:12:57.0202 3152 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
12:12:57.0202 3152 AppID - ok
12:12:57.0392 3152 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:12:57.0392 3152 AppIDSvc - ok
12:12:57.0632 3152 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
12:12:57.0632 3152 Appinfo - ok
12:12:57.0962 3152 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
12:12:57.0972 3152 AppMgmt - ok
12:12:58.0022 3152 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
12:12:58.0032 3152 arc - ok
12:12:58.0192 3152 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:12:58.0202 3152 arcsas - ok
12:12:58.0502 3152 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:12:58.0502 3152 aspnet_state - ok
12:12:58.0532 3152 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:12:58.0532 3152 AsyncMac - ok
12:12:58.0582 3152 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
12:12:58.0582 3152 atapi - ok
12:12:58.0592 3152 atashost - ok
12:12:58.0662 3152 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:12:58.0672 3152 AudioEndpointBuilder - ok
12:12:58.0752 3152 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:12:58.0762 3152 Audiosrv - ok
12:12:58.0832 3152 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
12:12:58.0832 3152 avgntflt - ok
12:12:58.0862 3152 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
12:12:58.0862 3152 avipbb - ok
12:12:58.0892 3152 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
12:12:58.0892 3152 avkmgr - ok
12:12:58.0922 3152 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:12:58.0932 3152 AxInstSV - ok
12:12:58.0982 3152 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
12:12:58.0992 3152 b06bdrv - ok
12:12:59.0042 3152 [ FD49555C8235ABE2C6F22AF62EDB694E ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
12:12:59.0052 3152 b57nd60x - ok
12:12:59.0102 3152 [ C0ACD392ECE55784884CC208AAFA06CE ] b57w2k C:\Windows\system32\DRIVERS\b57xp32.sys
12:12:59.0102 3152 b57w2k - ok
12:12:59.0142 3152 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
12:12:59.0142 3152 BDESVC - ok
12:12:59.0182 3152 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
12:12:59.0182 3152 Beep - ok
12:12:59.0232 3152 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
12:12:59.0242 3152 BFE - ok
12:12:59.0292 3152 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
12:12:59.0292 3152 BITS - ok
12:12:59.0312 3152 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:12:59.0322 3152 blbdrive - ok
12:12:59.0422 3152 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:12:59.0432 3152 Bonjour Service - ok
12:12:59.0472 3152 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:12:59.0472 3152 bowser - ok
12:12:59.0492 3152 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:12:59.0492 3152 BrFiltLo - ok
12:12:59.0522 3152 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:12:59.0522 3152 BrFiltUp - ok
12:12:59.0542 3152 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
12:12:59.0542 3152 BridgeMP - ok
12:12:59.0572 3152 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
12:12:59.0572 3152 Browser - ok
12:12:59.0622 3152 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:12:59.0622 3152 Brserid - ok
12:12:59.0652 3152 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:12:59.0652 3152 BrSerWdm - ok
12:12:59.0662 3152 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:12:59.0662 3152 BrUsbMdm - ok
12:12:59.0692 3152 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:12:59.0692 3152 BrUsbSer - ok
12:12:59.0712 3152 [ 4813DF77EDE536A52E3737971F910BAA ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys
12:12:59.0712 3152 BTCFilterService - ok
12:12:59.0752 3152 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
12:12:59.0752 3152 BthEnum - ok
12:12:59.0782 3152 [ 43C96C1AC278BC22E7799C23405635A0 ] BTHFILT C:\Windows\system32\DRIVERS\BthFilt.sys
12:12:59.0782 3152 BTHFILT - ok
12:12:59.0812 3152 [ D8ABBCB42C550FD3A29DEC6DAABD0A87 ] BthFilterHelper C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe
12:12:59.0812 3152 BthFilterHelper - ok
12:12:59.0842 3152 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:12:59.0842 3152 BTHMODEM - ok
12:12:59.0872 3152 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
12:12:59.0872 3152 BthPan - ok
12:12:59.0952 3152 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
12:12:59.0962 3152 BTHPORT - ok
12:13:00.0002 3152 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
12:13:00.0002 3152 bthserv - ok
12:13:00.0062 3152 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
12:13:00.0062 3152 BTHUSB - ok
12:13:00.0202 3152 catchme - ok
12:13:00.0222 3152 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:13:00.0222 3152 cdfs - ok
12:13:00.0262 3152 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:13:00.0262 3152 cdrom - ok
12:13:00.0292 3152 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
12:13:00.0292 3152 CertPropSvc - ok
12:13:00.0332 3152 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:13:00.0332 3152 circlass - ok
12:13:00.0382 3152 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
12:13:00.0382 3152 CLFS - ok
12:13:00.0472 3152 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:13:00.0472 3152 clr_optimization_v2.0.50727_32 - ok
12:13:00.0512 3152 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:13:00.0512 3152 clr_optimization_v4.0.30319_32 - ok
12:13:00.0552 3152 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:13:00.0552 3152 CmBatt - ok
12:13:00.0572 3152 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:13:00.0572 3152 cmdide - ok
12:13:00.0612 3152 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
12:13:00.0622 3152 CNG - ok
12:13:00.0642 3152 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:13:00.0642 3152 Compbatt - ok
12:13:00.0682 3152 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:13:00.0682 3152 CompositeBus - ok
12:13:00.0692 3152 COMSysApp - ok
12:13:00.0762 3152 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
12:13:00.0762 3152 cpudrv - ok
12:13:00.0782 3152 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:13:00.0782 3152 crcdisk - ok
12:13:00.0822 3152 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:13:00.0822 3152 CryptSvc - ok
12:13:00.0872 3152 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
12:13:00.0882 3152 CSC - ok
12:13:00.0932 3152 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
12:13:00.0952 3152 CscService - ok
12:13:00.0982 3152 [ 8E1945984E147562F9F08E1D344A69CC ] CSRBC C:\Windows\system32\Drivers\csrbcxp.sys
12:13:00.0982 3152 CSRBC - ok
12:13:01.0082 3152 [ DDAC7684F4BC3F655ED31D8AA494E9AB ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
12:13:01.0082 3152 cvhsvc - ok
12:13:01.0132 3152 [ 0D11A47BD3380A5BD671DEA5C794F46C ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
12:13:01.0132 3152 dc3d - ok
12:13:01.0172 3152 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
12:13:01.0182 3152 DcomLaunch - ok
12:13:01.0232 3152 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
12:13:01.0242 3152 defragsvc - ok
12:13:01.0372 3152 [ 3430EAD65BBE8516572EB7C8B82ED8CD ] DeviceMonitorService C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
12:13:01.0452 3152 DeviceMonitorService - ok
12:13:01.0502 3152 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:13:01.0512 3152 DfsC - ok
12:13:01.0552 3152 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:13:01.0562 3152 Dhcp - ok
12:13:01.0592 3152 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
12:13:01.0592 3152 discache - ok
12:13:01.0642 3152 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:13:01.0642 3152 Disk - ok
12:13:01.0702 3152 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:13:01.0702 3152 Dnscache - ok
12:13:01.0752 3152 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
12:13:01.0762 3152 dot3svc - ok
12:13:01.0802 3152 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
12:13:01.0802 3152 DPS - ok
12:13:01.0832 3152 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:13:01.0832 3152 drmkaud - ok
12:13:01.0902 3152 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:13:01.0922 3152 DXGKrnl - ok
12:13:01.0952 3152 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
12:13:01.0962 3152 EapHost - ok
12:13:02.0102 3152 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
12:13:02.0162 3152 ebdrv - ok
12:13:02.0232 3152 [ 7D300A43A7BD8769E0F901BF9E1AE367 ] efavdrv C:\Windows\system32\drivers\efavdrv.sys
12:13:02.0232 3152 efavdrv - ok
12:13:02.0272 3152 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
12:13:02.0272 3152 EFS - ok
12:13:02.0312 3152 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:13:02.0322 3152 elxstor - ok
12:13:02.0352 3152 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:13:02.0352 3152 ErrDev - ok
12:13:02.0412 3152 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
12:13:02.0412 3152 EventSystem - ok
12:13:02.0502 3152 [ 791464A9E9ADE063327A29F1B3F1A86C ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
12:13:02.0512 3152 EvtEng - ok
12:13:02.0542 3152 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
12:13:02.0552 3152 exfat - ok
12:13:02.0572 3152 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:13:02.0572 3152 fastfat - ok
12:13:02.0622 3152 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
12:13:02.0622 3152 Fax - ok
12:13:02.0662 3152 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:13:02.0662 3152 fdc - ok
12:13:02.0672 3152 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
12:13:02.0682 3152 fdPHost - ok
12:13:02.0692 3152 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
12:13:02.0692 3152 FDResPub - ok
12:13:02.0712 3152 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:13:02.0712 3152 FileInfo - ok
12:13:02.0742 3152 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:13:02.0742 3152 Filetrace - ok
12:13:02.0772 3152 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:13:02.0772 3152 flpydisk - ok
12:13:02.0802 3152 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:13:02.0802 3152 FltMgr - ok
12:13:02.0852 3152 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
12:13:02.0872 3152 FontCache - ok
12:13:02.0922 3152 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:13:02.0922 3152 FontCache3.0.0.0 - ok
12:13:02.0952 3152 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:13:02.0952 3152 FsDepends - ok
12:13:02.0992 3152 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:13:02.0992 3152 Fs_Rec - ok
12:13:03.0072 3152 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:13:03.0092 3152 fvevol - ok
12:13:03.0142 3152 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:13:03.0142 3152 gagp30kx - ok
12:13:03.0212 3152 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:13:03.0212 3152 GEARAspiWDM - ok
12:13:03.0262 3152 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
12:13:03.0282 3152 gpsvc - ok
12:13:03.0332 3152 [ F058C5F64DFF28A2C8D7D1D04171E604 ] guardian2 C:\Windows\system32\Drivers\oz776.sys
12:13:03.0342 3152 guardian2 - ok
12:13:03.0452 3152 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:13:03.0452 3152 gupdate - ok
12:13:03.0472 3152 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:13:03.0472 3152 gupdatem - ok
12:13:03.0522 3152 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:13:03.0542 3152 gusvc - ok
12:13:03.0822 3152 [ 4635935FC972C582632BF45C26BFCB0E ] HawkesUpdater C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe
12:13:03.0822 3152 HawkesUpdater - ok
12:13:03.0902 3152 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:13:03.0912 3152 hcw85cir - ok
12:13:03.0972 3152 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:13:03.0972 3152 HdAudAddService - ok
12:13:04.0022 3152 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:13:04.0022 3152 HDAudBus - ok
12:13:04.0052 3152 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:13:04.0062 3152 HidBatt - ok
12:13:04.0132 3152 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:13:04.0142 3152 HidBth - ok
12:13:04.0172 3152 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:13:04.0182 3152 HidIr - ok
12:13:04.0232 3152 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
12:13:04.0242 3152 hidserv - ok
12:13:04.0332 3152 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:13:04.0332 3152 HidUsb - ok
12:13:04.0382 3152 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:13:04.0382 3152 hkmsvc - ok
12:13:04.0412 3152 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:13:04.0412 3152 HomeGroupListener - ok
12:13:04.0452 3152 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:13:04.0452 3152 HomeGroupProvider - ok
12:13:04.0512 3152 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:13:04.0512 3152 HpSAMD - ok
12:13:04.0592 3152 [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
12:13:04.0712 3152 HSF_DPV - ok
12:13:04.0752 3152 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
12:13:04.0762 3152 HSXHWAZL - ok
12:13:04.0812 3152 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:13:04.0822 3152 HTTP - ok
12:13:04.0862 3152 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:13:04.0862 3152 hwpolicy - ok
12:13:04.0882 3152 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:13:04.0882 3152 i8042prt - ok
12:13:04.0932 3152 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:13:04.0942 3152 iaStorV - ok
12:13:05.0022 3152 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:13:05.0032 3152 idsvc - ok
12:13:05.0252 3152 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
12:13:05.0342 3152 igfx - ok
12:13:05.0382 3152 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:13:05.0382 3152 iirsp - ok
12:13:05.0432 3152 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
12:13:05.0452 3152 IKEEXT - ok
12:13:05.0482 3152 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
12:13:05.0482 3152 intelide - ok
12:13:05.0512 3152 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:13:05.0512 3152 intelppm - ok
12:13:05.0542 3152 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:13:05.0542 3152 IPBusEnum - ok
12:13:05.0562 3152 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:13:05.0562 3152 IpFilterDriver - ok
12:13:05.0602 3152 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:13:05.0622 3152 iphlpsvc - ok
12:13:05.0652 3152 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:13:05.0662 3152 IPMIDRV - ok
12:13:05.0672 3152 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:13:05.0672 3152 IPNAT - ok
12:13:05.0702 3152 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:13:05.0702 3152 IRENUM - ok
12:13:05.0722 3152 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:13:05.0722 3152 isapnp - ok
12:13:05.0752 3152 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
12:13:05.0762 3152 iScsiPrt - ok
12:13:05.0772 3152 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:13:05.0772 3152 kbdclass - ok
12:13:05.0812 3152 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:13:05.0812 3152 kbdhid - ok
12:13:05.0842 3152 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
12:13:05.0842 3152 KeyIso - ok
12:13:05.0882 3152 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:13:05.0882 3152 KSecDD - ok
12:13:05.0922 3152 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:13:05.0922 3152 KSecPkg - ok
12:13:05.0962 3152 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
12:13:05.0962 3152 KtmRm - ok
12:13:06.0002 3152 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
12:13:06.0002 3152 LanmanServer - ok
12:13:06.0062 3152 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:13:06.0072 3152 LanmanWorkstation - ok
12:13:06.0122 3152 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:13:06.0122 3152 lltdio - ok
12:13:06.0162 3152 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:13:06.0162 3152 lltdsvc - ok
12:13:06.0192 3152 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
12:13:06.0192 3152 lmhosts - ok
12:13:06.0212 3152 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:13:06.0222 3152 LSI_FC - ok
12:13:06.0232 3152 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:13:06.0232 3152 LSI_SAS - ok
12:13:06.0262 3152 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:13:06.0262 3152 LSI_SAS2 - ok
12:13:06.0282 3152 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:13:06.0282 3152 LSI_SCSI - ok
12:13:06.0312 3152 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
12:13:06.0312 3152 luafv - ok
12:13:06.0342 3152 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
12:13:06.0342 3152 mdmxsdk - ok
12:13:06.0362 3152 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:13:06.0362 3152 megasas - ok
12:13:06.0402 3152 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:13:06.0402 3152 MegaSR - ok
12:13:06.0492 3152 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
12:13:06.0492 3152 Microsoft Office Groove Audit Service - ok
12:13:06.0522 3152 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
12:13:06.0532 3152 MMCSS - ok
12:13:06.0532 3152 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
12:13:06.0532 3152 Modem - ok
12:13:06.0562 3152 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:13:06.0562 3152 monitor - ok
12:13:06.0592 3152 [ F55572B150DB90CDBD95038ED287EB50 ] motccgp C:\Windows\system32\DRIVERS\motccgp.sys
12:13:06.0592 3152 motccgp - ok
12:13:06.0612 3152 [ 1B3720C4D16904756D49EF306706B978 ] motccgpfl C:\Windows\system32\DRIVERS\motccgpfl.sys
12:13:06.0612 3152 motccgpfl - ok
12:13:06.0632 3152 [ B5DF98B8FD04204F4571FE0161288B98 ] motmodem C:\Windows\system32\DRIVERS\motmodem.sys
12:13:06.0632 3152 motmodem - ok
12:13:06.0692 3152 [ A8FD4605AACF006BBA3B2B90AC9565B2 ] Motorola Device Manager C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
12:13:06.0702 3152 Motorola Device Manager - ok
12:13:06.0722 3152 [ 140176B235722B6B92B56910ACDF3CC0 ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
12:13:06.0722 3152 MotoSwitchService - ok
12:13:06.0782 3152 [ 28938D6403C55289B7670798C075EF02 ] Motousbnet C:\Windows\system32\DRIVERS\Motousbnet.sys
12:13:06.0782 3152 Motousbnet - ok
12:13:06.0812 3152 [ F780C53D98A0AAD28F5B7403B184AEA1 ] motusbdevice C:\Windows\system32\DRIVERS\motusbdevice.sys
12:13:06.0822 3152 motusbdevice - ok
12:13:06.0882 3152 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:13:06.0882 3152 mouclass - ok
12:13:06.0922 3152 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:13:06.0922 3152 mouhid - ok
12:13:06.0952 3152 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:13:06.0952 3152 mountmgr - ok
12:13:07.0002 3152 [ C41D993BF561B810E1567E9E88CF5904 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:13:07.0002 3152 MozillaMaintenance - ok
12:13:07.0042 3152 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
12:13:07.0042 3152 mpio - ok
12:13:07.0062 3152 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:13:07.0062 3152 mpsdrv - ok
12:13:07.0112 3152 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:13:07.0122 3152 MpsSvc - ok
12:13:07.0172 3152 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:13:07.0172 3152 MRxDAV - ok
12:13:07.0202 3152 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:13:07.0212 3152 mrxsmb - ok
12:13:07.0242 3152 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:13:07.0252 3152 mrxsmb10 - ok
12:13:07.0282 3152 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:13:07.0282 3152 mrxsmb20 - ok
12:13:07.0302 3152 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
12:13:07.0312 3152 msahci - ok
12:13:07.0322 3152 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:13:07.0332 3152 msdsm - ok
12:13:07.0362 3152 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
12:13:07.0362 3152 MSDTC - ok
12:13:07.0412 3152 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:13:07.0412 3152 Msfs - ok
12:13:07.0422 3152 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:13:07.0422 3152 mshidkmdf - ok
12:13:07.0462 3152 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:13:07.0462 3152 msisadrv - ok
12:13:07.0512 3152 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:13:07.0512 3152 MSiSCSI - ok
12:13:07.0522 3152 msiserver - ok
12:13:07.0552 3152 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:13:07.0552 3152 MSKSSRV - ok
12:13:07.0572 3152 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:13:07.0572 3152 MSPCLOCK - ok
12:13:07.0572 3152 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:13:07.0582 3152 MSPQM - ok
12:13:07.0632 3152 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:13:07.0642 3152 MsRPC - ok
12:13:07.0692 3152 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:13:07.0692 3152 mssmbios - ok
12:13:07.0722 3152 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:13:07.0722 3152 MSTEE - ok
12:13:07.0752 3152 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:13:07.0752 3152 MTConfig - ok
12:13:07.0752 3152 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
12:13:07.0762 3152 Mup - ok
12:13:07.0812 3152 [ 363B85773D001E35DC977058956A1486 ] MxEFUF C:\Windows\system32\DRIVERS\MxEFUF32.sys
12:13:07.0812 3152 MxEFUF - ok
12:13:07.0872 3152 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
12:13:07.0872 3152 napagent - ok
12:13:07.0942 3152 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:13:07.0952 3152 NativeWifiP - ok
12:13:08.0012 3152 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:13:08.0022 3152 NDIS - ok
12:13:08.0272 3152 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS
 
Last part of TDDS killer report:
\ndiscap.sys
12:13:08.0282 3152 NdisCap - ok
12:13:08.0312 3152 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:13:08.0312 3152 NdisTapi - ok
12:13:08.0352 3152 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:13:08.0352 3152 Ndisuio - ok
12:13:08.0402 3152 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:13:08.0402 3152 NdisWan - ok
12:13:08.0442 3152 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:13:08.0442 3152 NDProxy - ok
12:13:08.0502 3152 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:13:08.0502 3152 NetBIOS - ok
12:13:08.0532 3152 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:13:08.0532 3152 NetBT - ok
12:13:08.0582 3152 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
12:13:08.0582 3152 Netlogon - ok
12:13:08.0632 3152 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
12:13:08.0632 3152 Netman - ok
12:13:08.0742 3152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:13:08.0762 3152 NetMsmqActivator - ok
12:13:08.0792 3152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:13:08.0792 3152 NetPipeActivator - ok
12:13:08.0802 3152 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
12:13:08.0812 3152 netprofm - ok
12:13:08.0832 3152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:13:08.0832 3152 NetTcpActivator - ok
12:13:08.0862 3152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:13:08.0872 3152 NetTcpPortSharing - ok
12:13:09.0192 3152 [ F0C42E0CDCE558D658FA53A222B4CCB1 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
12:13:09.0342 3152 netw5v32 - ok
12:13:09.0962 3152 [ 3EC8DCCA3C67D3549AF4688DD9D303D1 ] NETwLv32 C:\Windows\system32\DRIVERS\NETwLv32.sys
12:13:10.0132 3152 NETwLv32 - ok
12:13:10.0192 3152 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:13:10.0202 3152 nfrd960 - ok
12:13:10.0302 3152 [ C0E6189B2EF4A5FDA8D7A9F919212BFD ] nicconfigsvc C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
12:13:10.0302 3152 nicconfigsvc - ok
12:13:10.0392 3152 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:13:10.0402 3152 NlaSvc - ok
12:13:10.0412 3152 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:13:10.0412 3152 Npfs - ok
12:13:10.0452 3152 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
12:13:10.0452 3152 nsi - ok
12:13:10.0482 3152 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:13:10.0482 3152 nsiproxy - ok
12:13:10.0622 3152 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:13:10.0632 3152 Ntfs - ok
12:13:10.0662 3152 [ F37F68FD35023004C60515DB9DC13072 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
12:13:10.0672 3152 NuidFltr - ok
12:13:10.0692 3152 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
12:13:10.0692 3152 Null - ok
12:13:10.0722 3152 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:13:10.0722 3152 nvraid - ok
12:13:10.0812 3152 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:13:10.0812 3152 nvstor - ok
12:13:10.0862 3152 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:13:10.0862 3152 nv_agp - ok
12:13:11.0082 3152 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:13:11.0092 3152 odserv - ok
12:13:11.0122 3152 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:13:11.0122 3152 ohci1394 - ok
12:13:11.0162 3152 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:13:11.0172 3152 ose - ok
12:13:11.0432 3152 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:13:11.0472 3152 osppsvc - ok
12:13:11.0522 3152 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:13:11.0532 3152 p2pimsvc - ok
12:13:11.0552 3152 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
12:13:11.0552 3152 p2psvc - ok
12:13:11.0622 3152 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:13:11.0622 3152 Parport - ok
12:13:11.0672 3152 Partizan - ok
12:13:11.0702 3152 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:13:11.0712 3152 partmgr - ok
12:13:11.0732 3152 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
12:13:11.0732 3152 Parvdm - ok
12:13:11.0752 3152 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:13:11.0762 3152 PcaSvc - ok
12:13:11.0822 3152 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
12:13:11.0822 3152 pci - ok
12:13:11.0882 3152 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
12:13:11.0882 3152 pciide - ok
12:13:11.0912 3152 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:13:11.0912 3152 pcmcia - ok
12:13:12.0002 3152 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
12:13:12.0012 3152 pcw - ok
12:13:12.0072 3152 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:13:12.0072 3152 PEAUTH - ok
12:13:12.0152 3152 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
12:13:12.0172 3152 PeerDistSvc - ok
12:13:12.0282 3152 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
12:13:12.0312 3152 pla - ok
12:13:12.0422 3152 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:13:12.0442 3152 PlugPlay - ok
12:13:12.0482 3152 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:13:12.0482 3152 PNRPAutoReg - ok
12:13:12.0532 3152 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:13:12.0532 3152 PNRPsvc - ok
12:13:12.0622 3152 [ 4B30EE7037EA1529F5FC80DE5DC42A30 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
12:13:12.0622 3152 Point32 - ok
12:13:12.0672 3152 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:13:12.0682 3152 PolicyAgent - ok
12:13:12.0762 3152 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
12:13:12.0782 3152 Power - ok
12:13:12.0812 3152 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:13:12.0812 3152 PptpMiniport - ok
12:13:12.0832 3152 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:13:12.0842 3152 Processor - ok
12:13:12.0882 3152 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
12:13:12.0882 3152 ProfSvc - ok
12:13:12.0902 3152 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:13:12.0912 3152 ProtectedStorage - ok
12:13:12.0942 3152 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:13:12.0942 3152 Psched - ok
12:13:13.0042 3152 [ EA735BF6DF13A857A83C99BF27A422AD ] PST Service C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
12:13:13.0052 3152 PST Service - ok
12:13:13.0382 3152 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:13:13.0402 3152 ql2300 - ok
12:13:13.0462 3152 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:13:13.0462 3152 ql40xx - ok
12:13:13.0502 3152 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
12:13:13.0502 3152 QWAVE - ok
12:13:13.0532 3152 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:13:13.0532 3152 QWAVEdrv - ok
12:13:13.0562 3152 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:13:13.0562 3152 RasAcd - ok
12:13:13.0612 3152 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:13:13.0612 3152 RasAgileVpn - ok
12:13:13.0622 3152 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
12:13:13.0642 3152 RasAuto - ok
12:13:13.0662 3152 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:13:13.0662 3152 Rasl2tp - ok
12:13:13.0762 3152 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
12:13:13.0772 3152 RasMan - ok
12:13:13.0802 3152 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:13:13.0802 3152 RasPppoe - ok
12:13:13.0822 3152 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:13:13.0822 3152 RasSstp - ok
12:13:13.0892 3152 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:13:13.0902 3152 rdbss - ok
12:13:13.0922 3152 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:13:13.0932 3152 rdpbus - ok
12:13:14.0012 3152 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:13:14.0012 3152 RDPCDD - ok
12:13:14.0092 3152 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
12:13:14.0092 3152 RDPDR - ok
12:13:14.0112 3152 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:13:14.0112 3152 RDPENCDD - ok
12:13:14.0162 3152 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:13:14.0162 3152 RDPREFMP - ok
12:13:14.0222 3152 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:13:14.0222 3152 RdpVideoMiniport - ok
12:13:14.0262 3152 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:13:14.0262 3152 RDPWD - ok
12:13:14.0302 3152 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:13:14.0312 3152 rdyboost - ok
12:13:14.0352 3152 [ 37ECEBDD930395A9C399FB18A3C236D3 ] RegGuard C:\Windows\system32\Drivers\regguard.sys
12:13:14.0362 3152 RegGuard - ok
12:13:14.0472 3152 [ 636AAFAD77BEABE192D01E7E74F4A45B ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
12:13:14.0482 3152 RegSrvc - ok
12:13:14.0562 3152 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
12:13:14.0562 3152 RemoteAccess - ok
12:13:14.0612 3152 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:13:14.0612 3152 RemoteRegistry - ok
12:13:14.0682 3152 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
12:13:14.0712 3152 RFCOMM - ok
12:13:14.0762 3152 [ 906DCFC5EBF4EC0433F8D4FFFB0BA334 ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
12:13:14.0772 3152 RMCAST - ok
12:13:14.0802 3152 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:13:14.0802 3152 RpcEptMapper - ok
12:13:14.0842 3152 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
12:13:14.0842 3152 RpcLocator - ok
12:13:14.0882 3152 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\System32\rpcss.dll
12:13:14.0892 3152 RpcSs - ok
12:13:14.0922 3152 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:13:14.0922 3152 rspndr - ok
12:13:14.0952 3152 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
12:13:14.0952 3152 s3cap - ok
12:13:14.0982 3152 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
12:13:14.0982 3152 SamSs - ok
12:13:15.0252 3152 [ 230FD3749904CA045EA5EC0AA14006E9 ] SANDRA C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x86\Sandra.sys
12:13:15.0262 3152 SANDRA - ok
12:13:15.0302 3152 [ 5FDF2605205C73E05316795DCC6663EC ] SandraAgentSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe
12:13:15.0302 3152 SandraAgentSrv - ok
12:13:15.0392 3152 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:13:15.0392 3152 SASDIFSV - ok
12:13:15.0412 3152 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:13:15.0432 3152 SASKUTIL - ok
12:13:15.0472 3152 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:13:15.0472 3152 sbp2port - ok
12:13:15.0542 3152 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:13:15.0552 3152 SCardSvr - ok
12:13:15.0602 3152 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:13:15.0602 3152 scfilter - ok
12:13:15.0662 3152 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
12:13:15.0682 3152 Schedule - ok
12:13:15.0722 3152 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:13:15.0722 3152 SCPolicySvc - ok
12:13:15.0782 3152 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:13:15.0802 3152 SDRSVC - ok
12:13:15.0872 3152 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:13:15.0872 3152 secdrv - ok
12:13:15.0912 3152 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
12:13:15.0912 3152 seclogon - ok
12:13:15.0942 3152 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
12:13:15.0942 3152 SENS - ok
12:13:15.0982 3152 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:13:15.0982 3152 SensrSvc - ok
12:13:16.0012 3152 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:13:16.0012 3152 Serenum - ok
12:13:16.0032 3152 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:13:16.0032 3152 Serial - ok
12:13:16.0062 3152 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:13:16.0062 3152 sermouse - ok
12:13:16.0152 3152 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
12:13:16.0162 3152 SessionEnv - ok
12:13:16.0232 3152 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:13:16.0242 3152 sffdisk - ok
12:13:16.0332 3152 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:13:16.0332 3152 sffp_mmc - ok
12:13:16.0342 3152 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:13:16.0342 3152 sffp_sd - ok
12:13:16.0362 3152 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:13:16.0362 3152 sfloppy - ok
12:13:16.0442 3152 [ 437B3AFBD82658CC615B7926D392B840 ] Sftfs C:\Windows\system32\DRIVERS\Sftfswin7.sys
12:13:16.0452 3152 Sftfs - ok
12:13:16.0562 3152 [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
12:13:16.0572 3152 sftlist - ok
12:13:16.0642 3152 [ F7489556C6E21C62EB2468F28BB68865 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaywin7.sys
12:13:16.0642 3152 Sftplay - ok
12:13:16.0662 3152 [ F91874D5C14184AC60B64F0234EA16D1 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirwin7.sys
12:13:16.0662 3152 Sftredir - ok
12:13:16.0682 3152 [ DABC26764F836651C232A4F9AA419CBB ] Sftvol C:\Windows\system32\DRIVERS\Sftvolwin7.sys
12:13:16.0682 3152 Sftvol - ok
12:13:16.0712 3152 [ A5812F0281CA5081BF696626F9BF324D ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
12:13:16.0722 3152 sftvsa - ok
12:13:16.0792 3152 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:13:16.0802 3152 SharedAccess - ok
12:13:16.0912 3152 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:13:16.0912 3152 ShellHWDetection - ok
12:13:16.0942 3152 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
12:13:16.0942 3152 sisagp - ok
12:13:17.0002 3152 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:13:17.0002 3152 SiSRaid2 - ok
12:13:17.0022 3152 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:13:17.0022 3152 SiSRaid4 - ok
12:13:17.0082 3152 [ BF302072DC8374CF4E118FD88AA817A2 ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
12:13:17.0082 3152 SmartDefragDriver - ok
12:13:17.0102 3152 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:13:17.0112 3152 Smb - ok
12:13:17.0192 3152 [ 8F5171C837E64FF0AC48F0A29DD9E180 ] SNMP C:\Windows\System32\snmp.exe
12:13:17.0202 3152 SNMP - ok
12:13:17.0272 3152 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:13:17.0272 3152 SNMPTRAP - ok
12:13:17.0322 3152 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
12:13:17.0322 3152 spldr - ok
12:13:17.0402 3152 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
12:13:17.0402 3152 Spooler - ok
12:13:17.0562 3152 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
12:13:17.0592 3152 sppsvc - ok
12:13:17.0652 3152 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:13:17.0652 3152 sppuinotify - ok
12:13:17.0702 3152 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:13:17.0702 3152 srv - ok
12:13:17.0732 3152 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:13:17.0742 3152 srv2 - ok
12:13:17.0782 3152 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
12:13:17.0792 3152 SrvHsfHDA - ok
12:13:17.0842 3152 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
12:13:17.0852 3152 SrvHsfV92 - ok
12:13:17.0962 3152 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
12:13:17.0972 3152 SrvHsfWinac - ok
12:13:18.0002 3152 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:13:18.0002 3152 srvnet - ok
12:13:18.0102 3152 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:13:18.0102 3152 SSDPSRV - ok
12:13:18.0152 3152 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
12:13:18.0152 3152 ssmdrv - ok
12:13:18.0172 3152 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:13:18.0172 3152 SstpSvc - ok
12:13:18.0202 3152 [ 7E6DD4B34ACD36AF6C711D2BDE91B040 ] STacSV C:\Windows\system32\STacSV.exe
12:13:18.0212 3152 STacSV - ok
12:13:18.0262 3152 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:13:18.0262 3152 stexstor - ok
12:13:18.0362 3152 [ 6A2A5E809C2C0178326D92B19EE4AAD3 ] STHDA C:\Windows\system32\drivers\stwrt.sys
12:13:18.0362 3152 STHDA - ok
12:13:18.0472 3152 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
12:13:18.0482 3152 StiSvc - ok
12:13:18.0552 3152 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
12:13:18.0552 3152 storflt - ok
12:13:18.0632 3152 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
12:13:18.0642 3152 storvsc - ok
12:13:18.0692 3152 [ 2AA2D356CB735CD3CCA9F671BD75C9B5 ] SWDUMon C:\Windows\system32\DRIVERS\SWDUMon.sys
12:13:18.0692 3152 SWDUMon - ok
12:13:18.0722 3152 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
12:13:18.0732 3152 swenum - ok
12:13:18.0792 3152 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
12:13:18.0802 3152 swprv - ok
12:13:18.0812 3152 Synth3dVsc - ok
12:13:19.0022 3152 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
12:13:19.0042 3152 SysMain - ok
12:13:19.0112 3152 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:13:19.0122 3152 TabletInputService - ok
12:13:19.0192 3152 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
12:13:19.0192 3152 TapiSrv - ok
12:13:19.0232 3152 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
12:13:19.0232 3152 TBS - ok
12:13:19.0352 3152 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:13:19.0362 3152 Tcpip - ok
12:13:19.0402 3152 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:13:19.0412 3152 TCPIP6 - ok
12:13:19.0452 3152 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:13:19.0462 3152 tcpipreg - ok
12:13:19.0492 3152 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:13:19.0492 3152 TDPIPE - ok
12:13:19.0532 3152 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:13:19.0542 3152 TDTCP - ok
12:13:19.0592 3152 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:13:19.0592 3152 tdx - ok
12:13:19.0752 3152 [ 42BA22394C499648C03079742BFA593B ] Te.Service C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe
12:13:19.0752 3152 Te.Service - ok
12:13:19.0792 3152 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:13:19.0792 3152 TermDD - ok
12:13:19.0882 3152 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
12:13:19.0892 3152 TermService - ok
12:13:19.0942 3152 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
12:13:19.0942 3152 Themes - ok
12:13:20.0032 3152 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
12:13:20.0032 3152 THREADORDER - ok
12:13:20.0102 3152 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
12:13:20.0112 3152 TrkWks - ok
12:13:20.0182 3152 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:13:20.0182 3152 TrustedInstaller - ok
12:13:20.0232 3152 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:13:20.0232 3152 tssecsrv - ok
12:13:20.0282 3152 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:13:20.0282 3152 TsUsbFlt - ok
12:13:20.0302 3152 tsusbhub - ok
12:13:20.0342 3152 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:13:20.0342 3152 tunnel - ok
12:13:20.0382 3152 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:13:20.0382 3152 uagp35 - ok
12:13:20.0452 3152 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:13:20.0452 3152 udfs - ok
12:13:20.0502 3152 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:13:20.0502 3152 UI0Detect - ok
12:13:20.0562 3152 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:13:20.0562 3152 uliagpkx - ok
12:13:20.0592 3152 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:13:20.0592 3152 umbus - ok
12:13:20.0632 3152 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:13:20.0632 3152 UmPass - ok
12:13:20.0672 3152 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
12:13:20.0682 3152 UmRdpService - ok
12:13:20.0712 3152 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
12:13:20.0712 3152 upnphost - ok
12:13:20.0762 3152 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
12:13:20.0762 3152 USBAAPL - ok
12:13:20.0792 3152 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:13:20.0792 3152 usbccgp - ok
12:13:20.0832 3152 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:13:20.0832 3152 usbcir - ok
12:13:20.0872 3152 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:13:20.0872 3152 usbehci - ok
12:13:20.0912 3152 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:13:20.0912 3152 usbhub - ok
12:13:21.0012 3152 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:13:21.0012 3152 usbohci - ok
12:13:21.0062 3152 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:13:21.0062 3152 usbprint - ok
12:13:21.0112 3152 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:13:21.0112 3152 usbscan - ok
12:13:21.0142 3152 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:13:21.0142 3152 USBSTOR - ok
12:13:21.0172 3152 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:13:21.0172 3152 usbuhci - ok
12:13:21.0222 3152 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
12:13:21.0242 3152 UxSms - ok
12:13:21.0272 3152 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
12:13:21.0272 3152 VaultSvc - ok
12:13:21.0342 3152 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:13:21.0342 3152 vdrvroot - ok
12:13:21.0472 3152 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
12:13:21.0482 3152 vds - ok
12:13:21.0552 3152 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:13:21.0602 3152 vga - ok
12:13:21.0632 3152 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:13:21.0632 3152 VgaSave - ok
12:13:21.0642 3152 VGPU - ok
12:13:21.0682 3152 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:13:21.0682 3152 vhdmp - ok
12:13:21.0712 3152 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:13:21.0712 3152 viaagp - ok
12:13:21.0742 3152 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
12:13:21.0742 3152 ViaC7 - ok
12:13:21.0772 3152 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
12:13:21.0772 3152 viaide - ok
12:13:21.0852 3152 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
12:13:21.0852 3152 vmbus - ok
12:13:21.0902 3152 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
12:13:21.0902 3152 VMBusHID - ok
12:13:21.0932 3152 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:13:21.0932 3152 volmgr - ok
12:13:22.0042 3152 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:13:22.0052 3152 volmgrx - ok
12:13:22.0092 3152 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:13:22.0102 3152 volsnap - ok
12:13:22.0132 3152 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:13:22.0132 3152 vsmraid - ok
12:13:22.0222 3152 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
12:13:22.0242 3152 VSS - ok
12:13:22.0262 3152 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
12:13:22.0272 3152 vwifibus - ok
12:13:22.0332 3152 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
12:13:22.0332 3152 W32Time - ok
12:13:22.0382 3152 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:13:22.0382 3152 WacomPen - ok
12:13:22.0422 3152 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:13:22.0432 3152 WANARP - ok
12:13:22.0452 3152 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:13:22.0452 3152 Wanarpv6 - ok
12:13:22.0482 3152 wanatw - ok
12:13:22.0602 3152 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:13:22.0942 3152 WatAdminSvc - ok
12:13:23.0172 3152 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
12:13:23.0182 3152 wbengine - ok
12:13:23.0222 3152 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:13:23.0232 3152 WbioSrvc - ok
12:13:23.0272 3152 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:13:23.0282 3152 wcncsvc - ok
12:13:23.0312 3152 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:13:23.0322 3152 WcsPlugInService - ok
12:13:23.0362 3152 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:13:23.0362 3152 Wd - ok
12:13:23.0402 3152 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:13:23.0402 3152 Wdf01000 - ok
12:13:23.0442 3152 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:13:23.0442 3152 WdiServiceHost - ok
12:13:23.0452 3152 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:13:23.0452 3152 WdiSystemHost - ok
12:13:23.0502 3152 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
12:13:23.0512 3152 WebClient - ok
12:13:23.0532 3152 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:13:23.0542 3152 Wecsvc - ok
12:13:23.0592 3152 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:13:23.0592 3152 wercplsupport - ok
12:13:23.0622 3152 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
12:13:23.0632 3152 WerSvc - ok
12:13:23.0662 3152 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:13:23.0662 3152 WfpLwf - ok
12:13:23.0692 3152 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:13:23.0692 3152 WIMMount - ok
12:13:23.0762 3152 [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
12:13:23.0772 3152 winachsf - ok
12:13:23.0842 3152 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:13:23.0862 3152 WinDefend - ok
12:13:23.0922 3152 WinHttpAutoProxySvc - ok
12:13:23.0992 3152 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:13:24.0002 3152 Winmgmt - ok
12:13:24.0082 3152 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
12:13:24.0092 3152 WinRM - ok
12:13:24.0152 3152 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:13:24.0162 3152 WinUsb - ok
12:13:24.0262 3152 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:13:24.0272 3152 Wlansvc - ok
12:13:24.0322 3152 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:13:24.0332 3152 WmiAcpi - ok
12:13:24.0382 3152 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:13:24.0392 3152 wmiApSrv - ok
12:13:24.0422 3152 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:13:24.0432 3152 WPCSvc - ok
12:13:24.0482 3152 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:13:24.0482 3152 WPDBusEnum - ok
12:13:24.0542 3152 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:13:24.0542 3152 ws2ifsl - ok
12:13:24.0582 3152 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
12:13:24.0582 3152 wscsvc - ok
12:13:24.0612 3152 WSearch - ok
12:13:24.0772 3152 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
12:13:24.0812 3152 wuauserv - ok
12:13:24.0842 3152 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:13:24.0842 3152 WudfPf - ok
12:13:24.0902 3152 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:13:24.0902 3152 WUDFRd - ok
12:13:24.0922 3152 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:13:24.0922 3152 wudfsvc - ok
12:13:24.0972 3152 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
12:13:24.0972 3152 WwanSvc - ok
12:13:25.0072 3152 ================ Scan global ===============================
12:13:25.0152 3152 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
12:13:25.0212 3152 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
12:13:25.0222 3152 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
12:13:25.0272 3152 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
12:13:25.0302 3152 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
12:13:25.0312 3152 [Global] - ok
12:13:25.0312 3152 ================ Scan MBR ==================================
12:13:25.0322 3152 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:13:25.0612 3152 \Device\Harddisk0\DR0 - ok
12:13:25.0622 3152 ================ Scan VBR ==================================
12:13:25.0622 3152 [ 39028AE90B84F3ECFBA4ACEA182E1923 ] \Device\Harddisk0\DR0\Partition1
12:13:25.0622 3152 \Device\Harddisk0\DR0\Partition1 - ok
12:13:25.0642 3152 [ 39C21B939549A8E329C1D1F080C65E66 ] \Device\Harddisk0\DR0\Partition2
12:13:25.0642 3152 \Device\Harddisk0\DR0\Partition2 - ok
12:13:25.0642 3152 ============================================================
12:13:25.0642 3152 Scan finished
12:13:25.0642 3152 ============================================================
12:13:25.0682 4680 Detected object count: 0
12:13:25.0682 4680 Actual detected object count: 0
 
  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

===============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
RogueKiller V8.0.5 [09/23/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com


Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 09/23/2012 14:21:21

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[84] : NtCreateSection @ 0x82E3504D -> HOOKED (Unknown @ 0x8C6535DE)
SSDT[299] : NtRequestWaitReplyPort @ 0x82E4FA43 -> HOOKED (Unknown @ 0x8C6535E8)
SSDT[316] : NtSetContextThread @ 0x82EEF755 -> HOOKED (Unknown @ 0x8C6535E3)
SSDT[347] : NtSetSecurityObject @ 0x82E1371E -> HOOKED (Unknown @ 0x8C6535ED)
SSDT[368] : NtSystemDebugControl @ 0x82E976BC -> HOOKED (Unknown @ 0x8C6535F2)
SSDT[370] : NtTerminateProcess @ 0x82E6CBCD -> HOOKED (Unknown @ 0x8C65357F)
S_SSDT[585] : Unknown -> HOOKED (Unknown @ 0x8C653606)
S_SSDT[588] : Unknown -> HOOKED (Unknown @ 0x8C65360B)

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM080HI ATA Device +++++
--- User ---
[MBR] 0c73aefa2c61e73e8d63966c70cbbc91
[BSP] b885cf893c28e2877b56a18dfe1cd75d : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 76217 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt


aswMBR to follow:
 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-23 14:23:09
-----------------------------
14:23:09.904 OS Version: Windows 6.1.7601 Service Pack 1
14:23:09.904 Number of processors: 2 586 0xE08
14:23:09.904 ComputerName: OWNER-PC UserName: Owner
14:23:10.714 Initialize success
14:25:19.673 AVAST engine defs: 12092301
14:25:38.225 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:25:38.225 Disk 0 Vendor: SAMSUNG_HM080HI AB100-12 Size: 76319MB BusType: 3
14:25:38.245 Disk 0 MBR read successfully
14:25:38.255 Disk 0 MBR scan
14:25:38.265 Disk 0 Windows 7 default MBR code
14:25:38.265 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:25:38.285 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 76217 MB offset 206848
14:25:38.295 Disk 0 scanning sectors +156299264
14:25:38.395 Disk 0 scanning C:\Windows\system32\drivers
14:25:50.645 Service scanning
14:26:17.605 Modules scanning
14:26:28.995 Disk 0 trace - called modules:
14:26:29.015 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
14:26:29.355 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c51118]
14:26:29.355 3 CLASSPNP.SYS[891cf59e] -> nt!IofCallDriver -> [0x85786898]
14:26:29.365 5 ACPI.sys[88aa93d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84ea5610]
14:26:29.940 AVAST engine scan C:\Windows
14:26:32.620 AVAST engine scan C:\Windows\system32
14:29:55.705 AVAST engine scan C:\Windows\system32\drivers
14:30:10.965 AVAST engine scan C:\Users\Owner
14:38:16.604 AVAST engine scan C:\ProgramData
14:41:38.542 Scan finished successfully
14:42:30.052 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
14:42:30.052 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"
 
Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If restarting doesn't help use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 12-09-23.02 - Owner 09/23/2012 15:04:47.17.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.1162 [GMT -7:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-23 to 2012-09-23 )))))))))))))))))))))))))))))))
.
.
2012-09-23 22:13 . 2012-09-23 22:15 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-09-23 22:13 . 2012-09-23 22:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-23 22:13 . 2012-09-23 22:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-23 17:26 . 2012-09-23 17:26 -------- d-----w- c:\program files\SiSoftware
2012-09-23 15:13 . 2012-09-23 15:13 -------- d-----w- c:\program files\ESET
2012-09-22 23:32 . 2012-09-23 00:02 -------- d-----w- c:\users\Owner\virus
2012-09-22 23:30 . 2012-09-22 23:30 100864 ----a-w- C:\kgloapow.sys
2012-09-18 14:41 . 2012-09-18 14:41 -------- d-----w- c:\users\Default\AppData\Local\Google
2012-09-15 22:11 . 2012-09-15 22:11 -------- d-----w- c:\users\Owner\AppData\Roaming\Photobucket
2012-09-15 22:10 . 2012-09-15 22:11 -------- d-----w- c:\program files\Photobucket Desktop
2012-09-13 19:39 . 2012-09-13 20:04 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-13 19:38 . 2012-09-13 19:38 -------- d-----w- c:\program files\Apple Software Update
2012-09-13 19:38 . 2012-09-13 19:38 -------- d-----w- c:\program files\Bonjour
2012-09-13 18:57 . 2012-09-13 18:57 -------- d-----w- c:\users\Owner\AppData\Roaming\URSoft
2012-09-13 18:57 . 2012-09-13 18:57 -------- d-----w- c:\program files\Your Uninstaller! 7
2012-09-13 15:19 . 2012-08-21 20:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-11 21:42 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-11 21:42 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-11 21:42 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-11 21:42 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-11 21:42 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 21:42 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-10 21:35 . 2012-09-10 21:35 -------- d-----w- c:\users\Owner\AppData\Roaming\Auslogics
2012-09-10 21:35 . 2012-09-10 21:35 -------- d-----w- c:\program files\Auslogics
2012-09-05 04:26 . 2012-09-06 15:53 -------- d-----w- c:\users\Owner\AppData\Roaming\AOL
2012-09-05 04:26 . 2012-09-05 04:26 -------- d-----w- c:\programdata\Viewpoint
2012-09-05 04:26 . 2012-09-05 04:26 -------- d-----w- c:\program files\Viewpoint
2012-09-05 04:26 . 2012-09-05 02:19 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
2012-09-05 04:25 . 2012-09-05 04:25 -------- d-----w- c:\programdata\AOL OCP
2012-09-05 04:25 . 2012-09-06 15:56 -------- d-----w- c:\users\Owner\AppData\Local\AOL
2012-09-05 04:25 . 2012-09-06 15:57 -------- d-----w- c:\program files\Common Files\AOL
2012-09-05 04:25 . 2012-09-06 15:55 -------- d-----w- c:\programdata\AOL
2012-09-05 02:17 . 2012-09-05 02:17 -------- d-----w- c:\programdata\AOL Downloads
2012-09-05 00:51 . 2012-09-05 00:54 -------- d-----w- C:\532f10a32217cd26ab28240f
2012-09-05 00:50 . 2012-09-05 00:50 -------- d-----w- c:\program files\Common Files\Microsoft
2012-09-05 00:50 . 2012-09-05 00:50 -------- d-----w- c:\program files\Windows Kits
2012-09-05 00:42 . 2012-09-05 00:49 -------- d-----w- c:\programdata\Package Cache
2012-09-04 16:36 . 2012-09-04 16:36 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-03 23:47 . 2012-09-03 23:47 115008 ----a-w- c:\windows\system32\drivers\efavdrv.sys
2012-09-03 00:38 . 2012-09-03 00:38 -------- d-----w- c:\program files\SumatraPDF
2012-09-03 00:31 . 2012-09-03 00:31 -------- d-----w- c:\users\Owner\AppData\Local\Secunia PSI
2012-09-03 00:28 . 2012-09-03 00:28 -------- d-----w- c:\program files\Secunia
2012-09-02 18:14 . 2012-09-02 18:15 -------- d-----w- c:\program files\GUM2146.tmp
2012-08-31 18:08 . 2012-09-22 22:51 260576 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-08-31 18:08 . 2012-09-22 22:51 96224 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2012-08-31 18:08 . 2012-09-22 22:51 157272 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2012-08-31 15:37 . 2012-08-31 15:37 -------- d-----w- c:\users\Owner\AppData\Roaming\PC Utility Kit
2012-08-31 15:36 . 2012-08-31 15:36 -------- d-----w- c:\program files\Common Files\PC Utility Kit
2012-08-31 15:36 . 2012-09-01 18:51 -------- d-----w- c:\programdata\PC Utility Kit
2012-08-31 15:36 . 2012-08-31 15:36 -------- d-----w- c:\program files\PC Utility Kit
2012-08-31 15:28 . 2012-08-31 15:28 -------- d-----w- c:\program files\CPUID
2012-08-30 23:12 . 2012-08-30 23:12 -------- d-----w- C:\Quarantine
2012-08-30 21:44 . 2012-08-30 21:47 -------- d-----w- C:\Modules
2012-08-30 21:06 . 2012-08-30 21:06 -------- d-----w- c:\users\Owner\AppData\Roaming\Avira
2012-08-30 20:55 . 2012-07-19 01:05 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-08-30 20:55 . 2012-07-19 01:05 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-08-30 20:55 . 2012-07-19 01:05 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-08-30 20:55 . 2012-08-30 20:55 -------- d-----w- c:\programdata\Avira
2012-08-30 20:55 . 2012-08-30 20:55 -------- d-----w- c:\program files\Avira
2012-08-30 20:10 . 2012-08-30 20:10 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-30 18:00 . 2012-08-30 18:00 1688 ----a-w- c:\users\Owner\08-30-2012.reg
2012-08-30 17:54 . 2012-08-30 17:55 -------- d-----w- c:\users\Owner\AppData\Roaming\FreeFixer
2012-08-30 17:54 . 2012-08-30 17:54 -------- d-----w- c:\users\Owner\AppData\Local\FreeFixer
2012-08-30 17:54 . 2012-08-31 00:51 -------- d-----w- c:\program files\FreeFixer
2012-08-30 17:47 . 2012-08-30 17:47 -------- d-----w- c:\program files\Uniblue
2012-08-30 17:45 . 2012-08-30 22:55 -------- d-----w- c:\program files\AVG Secure Search
2012-08-30 17:36 . 2012-08-30 17:40 -------- d-----w- c:\program files\Perfect Uninstaller
2012-08-30 16:00 . 2012-08-30 16:00 5602 ----a-w- c:\users\Owner\ESETexe-fix.bat
2012-08-30 13:23 . 2012-08-30 13:42 -------- d-----w- c:\users\Owner\AppData\Roaming\BACS.exe
2012-08-30 01:59 . 2012-09-23 14:41 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-30 01:10 . 2012-08-30 22:53 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-29 20:44 . 2012-08-29 20:44 -------- d-----w- c:\users\Owner\AppData\Local\WeatherBlink
2012-08-28 22:51 . 2012-08-30 13:42 -------- d-----w- c:\programdata\FLEXnet
2012-08-28 22:50 . 2012-08-28 22:50 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-08-28 16:22 . 2012-09-02 23:21 -------- d-----w- c:\users\Owner\AppData\Local\Spotify
2012-08-28 16:22 . 2012-09-02 23:21 -------- d-----w- c:\users\Owner\AppData\Roaming\Spotify
2012-08-27 22:08 . 2012-08-27 22:08 -------- d-----w- c:\program files\Belarc
2012-08-27 18:06 . 2012-08-27 18:06 -------- d-----w- c:\users\Owner\AppData\Local\PassMark
2012-08-27 18:06 . 2008-07-12 15:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-08-27 18:06 . 2008-07-12 15:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-08-27 18:06 . 2008-07-12 15:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-08-27 18:05 . 2012-08-27 18:05 -------- d-----w- c:\programdata\PassMark
2012-08-27 18:05 . 2012-08-27 18:25 -------- d-----w- c:\program files\PerformanceTest
2012-08-26 21:51 . 2012-08-26 21:51 -------- d-----w- c:\program files\Recuva
2012-08-26 20:33 . 2012-08-26 20:33 -------- d-----w- c:\program files\O2Micro OZ776 SCR Driver
2012-08-26 20:30 . 2012-08-26 20:30 -------- d-----w- c:\program files\My Company Name
2012-08-26 20:15 . 2001-09-05 11:18 77824 ------w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2012-08-26 20:15 . 2001-09-05 11:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\IScript.dll
2012-08-26 20:15 . 2001-09-05 11:14 176128 ------w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2012-08-26 20:15 . 2001-09-05 11:13 32768 ------w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2012-08-26 20:15 . 2000-01-04 13:39 212992 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2012-08-26 20:14 . 2001-09-06 01:24 610436 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe
2012-08-26 18:43 . 2012-08-26 18:43 -------- d-----w- c:\program files\Wise
2012-08-26 18:01 . 2012-08-26 18:01 -------- d-----w- c:\users\Owner\AppData\Roaming\iolo
2012-08-26 18:01 . 2012-08-26 18:01 -------- d-----w- c:\program files\iolo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 22:41 . 2012-08-20 00:48 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-09-18 21:55 . 2012-03-08 00:17 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-18 21:55 . 2012-03-02 17:33 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-08 00:04 . 2011-06-17 21:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-04 16:36 . 2011-12-13 17:32 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-04 16:36 . 2011-03-12 14:54 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-23 22:56 . 2012-08-23 22:51 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2012-08-21 20:01 . 2012-07-18 00:06 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-15 16:52 . 2012-08-15 16:52 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-07-18 21:24 . 2012-07-18 21:24 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-07-18 17:47 . 2012-08-15 13:42 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-16 15:17 . 2011-04-16 22:50 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-07-16 15:17 . 2011-03-12 15:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-07-16 15:17 . 2011-03-12 15:05 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-07-06 19:23 . 2012-08-15 18:11 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 21:14 . 2012-08-15 13:40 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14 . 2012-08-15 13:40 102912 ----a-w- c:\windows\system32\browser.dll
2012-06-27 23:01 . 2012-08-23 22:48 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2012-06-27 04:36 . 2012-06-27 04:36 42208 ----a-w- c:\windows\system32\drivers\point32.sys
2012-06-27 04:36 . 2012-06-27 04:36 22112 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2012-06-25 23:04 . 2012-06-25 23:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-09-22 22:51 . 2012-08-31 18:08 260576 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-09-06 22:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-09-06 22:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-09-06 22:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-09-06 22:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-19 348664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
backup=c:\windows\pss\Run Google Web Accelerator.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CNET TechTracker.lnk]
backup=c:\windows\pss\CNET TechTracker.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
backup=c:\windows\pss\Facebook Messenger.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-28 04:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2012-07-19 01:04 348664 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-07-26 02:08 2569616 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2010-09-15 02:09 1213848 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DealRunner]
2011-10-13 22:24 790624 ----a-w- c:\program files\DealRunner\DealRunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
2012-09-06 22:51 15668432 ----a-w- c:\program files\Google\Drive\googledrivesync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 01:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-10-02 16:34 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-10-02 16:34 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2012-06-27 04:36 1629280 ----a-w- c:\program files\Microsoft Device Center\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliType Pro]
2012-06-27 04:36 1109072 ----a-w- c:\program files\Microsoft Device Center\itype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MotoCast]
2012-07-31 00:29 2009 ----a-w- c:\program files\Motorola Mobility\MotoCast\MotoLauncher.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-10-02 16:34 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 20:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-09-02 23:05 1193176 ----a-w- c:\users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 16:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-09-07 23:30 4780928 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-03-12 14:42 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
2012-07-13 01:30 384232 ------w- c:\program files\BillP Studios\WinPatrol\WinPatrol.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [x]
R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 Synth3dVsc;Synth3dVsc; [x]
R3 Te.Service;Te.Service;c:\program files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub; [x]
R3 VGPU;VGPU; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R4 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [x]
R4 BthFilterHelper;Bluetooth Feature Support;c:\program files\CSR\Vista Profile Pack\BthFilterHelper.exe [x]
R4 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [x]
R4 HawkesUpdater;Hawkes Unattended Updater;c:\program files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe [x]
R4 Motorola Device Manager;Motorola Device Manager Service;c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R4 PST Service;PST Service;c:\program files\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\DRIVERS\MxEFUF32.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\DRIVERS\BthFilt.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-08 21:55]
.
2012-09-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-03-12 14:24]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-12 14:43]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-12 14:43]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = https://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 216.228.160.7 216.228.160.8
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\3616D6075737F577962756C6563737: NameServer = 8.8.8.8,216.228.160.7
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\4656661657C647: NameServer = 205.171.3.25,216.228.160.7
TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\F40756E60234F6D6D657E696479702E4564777F627B6: NameServer = 8.8.8.8,216.228.160.7
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\r18ei3ko.default-1343151942524\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110790&tt=120912_cpc_3712_8&babsrc=KW_ss&mntrId=101843ec000000000000001641b573ad&q=
FF - user.js: extentions.y2layers.installId - deb8e4ac-6d0e-41d7-baf5-bf341cb11960
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=101843ec000000000000001641b573ad&q=
FF - user.js: extensions.BabylonToolbar.id - 101843ec000000000000001641b573ad
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15598
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1216:10
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110790&tt=120912_cpc_3712_8
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-92057520.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,
dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:6a,97,1c,dc,64,07,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e6,21,91,1f,54,0e,52,44,a9,c7,62,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e6,21,91,1f,54,0e,52,44,a9,c7,62,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3092)
c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
c:\windows\system32\locator.exe
c:\windows\System32\snmp.exe
c:\windows\System32\vds.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-09-23 15:19:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-23 22:19
ComboFix2.txt 2012-09-22 23:17
.
Pre-Run: 35,474,034,688 bytes free
Post-Run: 35,280,420,864 bytes free
.
- - End Of File - - 84698ED56E6F81D329EA6D5B0C3EA92B
 
Looks good.

How is computer doing?

=======================

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOl, AIM, Compuserve, etc.

==========================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
After completing the last instruction you gave, I again ran my
Super Anti spyware scan and it STILL is giving the same feedback regarding registry infection and spyware infection. I'm currently running a Search and destroy spybot program to see if it will remove these obstinate characters. I will provide you further logs as soon as I get them. Thank you again for your fine assistance.
 
After running the Spy Bot S&D, I again ran the Super-Anti spyware scan. The scan reported no registry infection and no spyware infection.
Just for chuckles after this I ran a driver scan through a slimdriver downloaded program: website https://www.slimwareutilities.com/slimdrivers.php which downloads drivers to a users system for free, it is reporting that I have 11 drivers that require update. After going to this website I went to the Dell driver update and it confirmed the first websites conclusion. This is of concern to me as I updated my system not more than a week ago. Using this same listed program which at that time reported all drivers as being current. After doing this, I attempted to run the OTL scan which you requested and it stalled out at the area in which it scanned the Firefox settings. I waited it 10 minutes for it to continue with no joy. I'm concerned that in one way or another my system has been compromised and would appreciate your feedback regarding the latest complications. I believe the original concern is now resolved but am wondering how this latest situation may be related.
 
Unless you're having some particular problem(s) drivers should be left alone.
Also keep in mind one of my rules:
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Click to expand...

Please continue with my reply #15.
 
After doing this, I attempted to run the OTL scan which you requested and it stalled out at the area in which it scanned the Firefox settings. I waited it 10 minutes for it to continue with no joy.

That was done without completion
 
It didn't run in safe mode. Same reaction the OTL program locks up (message given stating that OTL is unresponsive.) once it gets to scanning for the Firefox browser.
 
1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
When attempting to run the TFC program this resulted in the system hanging in which I had to go to the task manager to restart. After the restart the TFC program successfully ran. I've now completed all direction with exception of the ESET online scan which I will do now. The requested text follow:
Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
WinPatrol
Spybot - Search & Destroy
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.65.0.1400
CCleaner
Java 7 Update 7
Adobe Flash Player 11.4.402.278
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0)
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe is disabled!
Spybot Teatimer.exe is disabled!
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````


Farbar Service Scanner Version: 19-09-2012
Ran by Owner (administrator) on 24-09-2012 at 10:27:51
Running from "C:\Users\Owner\Downloads"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-09-11 14:42] - [2012-08-22 10:16] - 1292144 ____A (Microsoft Corporation) A5EBB8F648000E88B7D9390B514976BF

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-23 14:23:09
-----------------------------
14:23:09.904 OS Version: Windows 6.1.7601 Service Pack 1
14:23:09.904 Number of processors: 2 586 0xE08
14:23:09.904 ComputerName: OWNER-PC UserName: Owner
14:23:10.714 Initialize success
14:25:19.673 AVAST engine defs: 12092301
14:25:38.225 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:25:38.225 Disk 0 Vendor: SAMSUNG_HM080HI AB100-12 Size: 76319MB BusType: 3
14:25:38.245 Disk 0 MBR read successfully
14:25:38.255 Disk 0 MBR scan
14:25:38.265 Disk 0 Windows 7 default MBR code
14:25:38.265 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:25:38.285 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 76217 MB offset 206848
14:25:38.295 Disk 0 scanning sectors +156299264
14:25:38.395 Disk 0 scanning C:\Windows\system32\drivers
14:25:50.645 Service scanning
14:26:17.605 Modules scanning
14:26:28.995 Disk 0 trace - called modules:
14:26:29.015 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
14:26:29.355 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c51118]
14:26:29.355 3 CLASSPNP.SYS[891cf59e] -> nt!IofCallDriver -> [0x85786898]
14:26:29.365 5 ACPI.sys[88aa93d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84ea5610]
14:26:29.940 AVAST engine scan C:\Windows
14:26:32.620 AVAST engine scan C:\Windows\system32
14:29:55.705 AVAST engine scan C:\Windows\system32\drivers
14:30:10.965 AVAST engine scan C:\Users\Owner
14:38:16.604 AVAST engine scan C:\ProgramData
14:41:38.542 Scan finished successfully
14:42:30.052 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
14:42:30.052 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"


# AdwCleaner v2.003 - Logfile created 09/24/2012 at 10:32:08
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\AVG Secure Search
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml
File Deleted : C:\user.js
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Giant Savings
Folder Deleted : C:\Program Files\Ilivid
Folder Deleted : C:\Program Files\Inbox Toolbar
Folder Deleted : C:\Program Files\Productivity_3.1
Folder Deleted : C:\Program Files\Windows iLivid Toolbar
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Users\Owner\AppData\Local\Conduit
Folder Deleted : C:\Users\Owner\AppData\Local\CouponAlert_2p
Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Folder Deleted : C:\Users\Owner\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Owner\AppData\LocalLow\CouponAlert_2p
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Productivity_3.1
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\r18ei3ko.default-1343151942524\FCTB

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\CouponAlert_2p
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Productivity_3.1
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2273BD45-9747-41D0-B552-6CE3A3ED94DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004352.BHO
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7E7FB02-C4FD-446E-8F5B-463A049935BF}
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24819A30-F728-4AC1-A3A9-BC5C31B7CCC2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF08E71-3657-462F-898C-F7E791948F94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225F6C9-CF64-4D6D-AE8A-169779FD7B4D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF0A74D9-F714-48BA-9CD1-2387518B6AD3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2273BD45-9747-41D0-B552-6CE3A3ED94DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
Key Deleted : HKLM\Software\Productivity_3.1
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v16.0 (en-US)

Profile name : default-1343151942524 [Profil par défaut]
File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\r18ei3ko.default-1343151942524\prefs.js

C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\r18ei3ko.default-1343151942524\user.js ... Deleted !

Deleted : user_pref("CT2260173.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT2260173.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT2260173.1000234.TWC_TMP_city", "BEND");
Deleted : user_pref("CT2260173.1000234.TWC_TMP_country", "US");
Deleted : user_pref("CT2260173.1000234.TWC_locId", "USOR0031");
Deleted : user_pref("CT2260173.1000234.TWC_location", "Bend, OR");
Deleted : user_pref("CT2260173.1000234.TWC_region", "US");
Deleted : user_pref("CT2260173.1000234.TWC_temp_dis", "f");
Deleted : user_pref("CT2260173.1000234.TWC_wind_dis", "mph");
Deleted : user_pref("CT2260173.1000234.weatherData", "{\"icon\":\"32.png\",\"temperature\":\"71°F\",\"temperat[...]
Deleted : user_pref("CT2260173.128958821111237507.APP_WIN_FEATURES", "savelocation=0,saveresizedsize=0,openpos[...]
Deleted : user_pref("CT2260173.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2260173.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT2260173.FirstTime", "true");
Deleted : user_pref("CT2260173.FirstTimeFF3", "true");
Deleted : user_pref("CT2260173.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB1[...]
Deleted : user_pref("CT2260173.UserID", "UN77938898788714354");
Deleted : user_pref("CT2260173.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT2260173.browser.search.defaultthis.engineName", true);
Deleted : user_pref("CT2260173.embeddedsData", "[{\"appId\":\"128848965243869715\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT2260173.enableAlerts", "always");
Deleted : user_pref("CT2260173.firstTimeDialogOpened", "true");
Deleted : user_pref("CT2260173.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT2260173.fixUrls", true);
Deleted : user_pref("CT2260173.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2260173.isNewTabEnabled", true);
Deleted : user_pref("CT2260173.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT2260173.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT2260173.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT2260173.keyword", true);
Deleted : user_pref("CT2260173.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Deleted : user_pref("CT2260173.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"EMAIL_NOTIFIER\\\",\\\[...]
Deleted : user_pref("CT2260173.search.searchAppId", "128848965243869715");
Deleted : user_pref("CT2260173.search.searchCount", "0");
Deleted : user_pref("CT2260173.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT2260173.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2260173.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT2260173.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT2260173.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT2260173.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1344899384658");
Deleted : user_pref("CT2260173.serviceLayer_services_appTracking_lastUpdate", "1344899386009");
Deleted : user_pref("CT2260173.serviceLayer_services_appsMetadata_lastUpdate", "1344899384667");
Deleted : user_pref("CT2260173.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1344899385332");
Deleted : user_pref("CT2260173.serviceLayer_services_login_10.10.24.2_lastUpdate", "1344960469670");
Deleted : user_pref("CT2260173.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1344899385459");
Deleted : user_pref("CT2260173.serviceLayer_services_searchAPI_lastUpdate", "1344899383669");
Deleted : user_pref("CT2260173.serviceLayer_services_serviceMap_lastUpdate", "1344899383205");
Deleted : user_pref("CT2260173.serviceLayer_services_toolbarContextMenu_lastUpdate", "1344899385412");
Deleted : user_pref("CT2260173.serviceLayer_services_toolbarSettings_lastUpdate", "1344960469260");
Deleted : user_pref("CT2260173.serviceLayer_services_translation_lastUpdate", "1344899384013");
Deleted : user_pref("CT2260173.settingsINI", true);
Deleted : user_pref("CT2260173.smartbar.CTID", "CT2260173");
Deleted : user_pref("CT2260173.smartbar.Uninstall", "0");
Deleted : user_pref("CT2260173.smartbar.isHidden", true);
Deleted : user_pref("CT2260173.smartbar.toolbarName", "Swag Bucks ");
Deleted : user_pref("CT2260173.toolbarBornServerTime", "14-8-2012");
Deleted : user_pref("CT2260173.toolbarCurrentServerTime", "14-8-2012");
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.freecause.com/search?fr=freecause&[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2260173");
Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110790&tt=120912_cpc_3712_8&babsrc[...]
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=110790&tt=120912_cpc_3712_8");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "21");
Deleted : user_pref("extensions.BabylonToolbar.cntry", "US");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.dp_alert", "0");
Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "1AEB7CE851ED30ADE05EB14851FBBCBA");
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "101843ec000000000000001641b573ad");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15598");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.isdcmntcmplt", true);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1216:10:13");
Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.sg", "azb");
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1216:10:13");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110790&tt=120912_cpc_3712_8");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109935&tt=01081[...]
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1216:10:13");
Deleted : user_pref("extensions.inboxcomtoolbar@inbox.com.install-event-fired", true);
Deleted : user_pref("extensions.sahtb.alerts.menu", "[{\"text\":\"Click here for Ssi Surveys Coupons[...]
Deleted : user_pref("extensions.sahtb.url.merchants.data", "<?xml version=\"1.0\" ?><MerchantSettings><v n=\"2[...]
Deleted : user_pref("extensions.sahtb.url.prefs.data", "<ToolbarPrefs>\r\n <XMLVersion Number=\"{bdd09e8b-8dee[...]
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.2806055.KeywordHistory", "survey%2520explosion%[...]
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.AutoSearchEventData", "auto%20search");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.ClearCacheDate", 17);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.DisplayEULA", false);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.DnsCatchEventData", "dns%20catch");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.FirstLaunchShown", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.LoadLayoutDate.62133", 17);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.NewTabSearchEventData", "tab%20search");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.RemoveAllData", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.ShowRecommendedOptions", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.StateReportDate", "1345242738573");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.TopRightSearchEventData", "top%20right%20search[...]
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.beforeInstallSaved", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.beforeinstall.homepage", "hxxp%3A//www.cocc.edu[...]
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.beforeinstall.search", "Google");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.comp.search.2806055.width", "287");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.customNewTab", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.helpUsImprove", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.hideOthers", false);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.processAddrBar", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.remove_search", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.restoreSearch", false);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.runcmd.", "358497052");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.searchHistory", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.session", "AF63896AE6DF7160BD298A43E9441E43917D[...]
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.showFirstLaunchOptions", false);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.tb_lang", "en");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.tool_id", "62133");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_id", "80244927");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_key", "bd14df63444b601d95470ef2f33fd18003a[...]
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_layouts", "62133");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_lnames", "InboxDollars");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.xml_service_url", "64e3a27980eeceb34248bc3e680b[...]
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.yahooSearch", true);
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=110790&tt=120912_cpc_3712_8&babsrc=KW_ss&[...]
Deleted : user_pref("tfp.abs.CT2260173", true);

-\\ Google Chrome v23.0.1271.1

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1153] : homepage = "hxxp://search.babylon.com/?affID=110790&tt=120912_cpc_3712_8&babsrc=HP_ss&mntrId=101843ec000000000000001641b573ad",

*************************

AdwCleaner[R1].txt - [23607 octets] - [24/09/2012 10:29:45]
AdwCleaner[R2].txt - [23668 octets] - [24/09/2012 10:30:51]
AdwCleaner[R3].txt - [23729 octets] - [24/09/2012 10:31:53]
AdwCleaner[S1].txt - [24049 octets] - [24/09/2012 10:32:08]

########## EOF - C:\AdwCleaner[S1].txt - [24110 octets] ##########
 
ESET ONLINE SCANNER : NO THREATS FOUND
I think unless I've made an error, this completes your directions in helping me to clear my infected system. From where I'm sitting everything seems to be back to normal. What do you think?
 
You must log in or register to reply here.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back